source: branches/stable/mindi-busybox/loginutils/login.c @ 1770

Last change on this file since 1770 was 1770, checked in by Bruno Cornec, 13 years ago
  • Better output for mindi-busybox revision
  • Remove dummy file created on NFS - report from Arnaud Tiger <arnaud.tiger_at_hp.com>
  • strace useful for debug
  • fix new versions for pb (2.0.0 for mindi and 1.7.2 for mindi-busybox)
  • fix build process for mindi-busybox + options used in that version (dd for label-partitions-as-necessary)
  • fix typo in label-partitions-as-necessary which doesn't seem to work
  • Update to busybox 1.7.2
  • perl is now required at restore time to support uuid swap partitions (and will be used for many other thigs

in the future for sure)

  • next mindi version will be 2.0.0 due to all the changes made in it (udev may break working distros)
  • small optimization in mindi on keyboard handling (one single find instead of multiple)
  • better interaction for USB device when launching mindi manually
  • attempt to automatically guess block disk size for ramdisk
  • fix typos in bkphw
  • Fix the remaining problem with UUID support for swap partitions
  • Updates mondoarchive man page for USB support
  • Adds preliminary Hardware support to mindi (Proliant SSSTK)
  • Tries to add udev support also for rhel4
  • Fix UUID support which was still broken.
  • Be conservative in test for the start-nfs script
  • Update config file for mindi-busybox for 1.7.2 migration
  • Try to run around a busybox bug (1.2.2 pb on inexistant links)
  • Add build content for mindi-busybox in pb
  • Remove distributions content for mindi-busybox
  • Fix a warning on inexistant raidtab
  • Solve problem on tmpfs in restore init (Problem of inexistant symlink and busybox)
  • Create MONDO_CACHE and use it everywhere + creation at start
  • Really never try to eject a USB device
  • Fix a issue with &> usage (replaced with 1> and 2>)
  • Adds magic file to depllist in order to have file working + ldd which helps for debugging issues
  • tty modes correct to avoid sh error messages
  • Use ext3 normally and not ext2 instead
  • USB device should be corrected after reading (take 1st part)
  • Adds a mount_USB_here function derived from mount_CDROM_here
  • usb detection place before /dev detection in device name at restore time
  • Fix when restoring from USB: media is asked in interactive mode
  • Adds USB support for mondorestore
  • mount_cdrom => mount_media
  • elilo.efi is now searched throughout /boot/efi and not in a fixed place as there is no standard
  • untar-and-softlink => untar (+ interface change)
  • suppress useless softlinks creation/removal in boot process
  • avoids udevd messages on groups
  • Increase # of disks to 99 as in mindi at restore time (should be a conf file parameter)
  • skip existing big file creation
  • seems to work correctly for USB mindi boot
  • Adds group and tty link to udev conf
  • Always load usb-torage (even 2.6) to initiate USB bus discovery
  • Better printing of messages
  • Attempt to fix a bug in supporting OpenSusE 10.3 kernel for initramfs (mindi may now use multiple regex for kernel initrd detection)
  • Links were not correctly done as non relative for modules in mindi
  • exclusion of modules denied now works
  • Also create modules in their ordinary place, so that classical modprobe works + copy modules.dep
  • Fix bugs for DENY_MODS handling
  • Add device /dev/console for udev
  • ide-generic should now really be excluded
  • Fix a bug in major number for tty
  • If udev then adds modprobe/insmod to rootfs
  • tty0 is also cretaed with udev
  • ide-generic put rather in DENY_MODS
  • udevd remove from deplist s handled in mindi directly
  • better default for mindi when using --usb
  • Handles dynamically linked busybox (in case we want to use it soon ;-)
  • Adds fixed devices to create for udev
  • ide-generic should not be part of the initrd when using libata v2
  • support a dynamically linked udev (case on Ubuntu 7.10 and Mandriva 2008.0 so should be quite generic) This will give incitation to move to dyn. linked binaries in the initrd which will help for other tasks (ia6 4)
  • Improvement in udev support (do not use cl options not available in busybox)
  • Udev in mindi
    • auto creation of the right links at boot time with udev-links.conf(from Mandriva 2008.0)
    • rework startup of udev as current makes kernel crash (from Mandriva 2008.0)
    • add support for 64 bits udev
  • Try to render MyInsmod? silent at boot time
  • Adds udev support (mandatory for newest distributions to avoid remapping of devices in a different way as on the original system)
  • We also need vaft format support for USB boot
  • Adds libusual support (Ubuntu 7.10 needs it for USB)
  • Improve Ubuntu/Debian? keyboard detection and support
  • pbinit adapted to new pb (0.8.10). Filtering of docs done in it
  • Suppress some mondo warnings and errors on USB again
  • Tries to fix lack of files in deb mindi package
  • Verify should now work for USB devices
  • More log/mesages improvement for USB support
  • - Supress g_erase_tmpdir_and_scratchdir
  • Improve some log messages for USB support
  • Try to improve install in mindi to avoid issues with isolinux.cfg not installed vene if in the pkg :-(
  • Improve mindi-busybox build
  • In conformity with pb 0.8.9
  • Add support for Ubuntu 7.10 in build process
  • Add USB Key button to Menu UI (CD streamer removed)
  • Attempt to fix error messages on tmp/scratch files at the end by removing those dir at the latest possible.
  • Fix a bug linked to the size of the -E param which could be used (Arnaud Tiger/René? Ribaud).
  • Integrate ~/.pbrc content into mondorescue.pb (required project-builder >= 0.8.7)
  • Put mondorescue in conformity with new pb filtering rules
  • Add USB support at restore time (no test done yet). New start-usb script PB varibale added where useful
  • Unmounting USB device before removal of temporary scratchdir
  • Stil refining USB copy back to mondo (one command was not executed)
  • No need to have the image subdor in the csratchdir when USB.
  • umount the USB partition before attempting to use it
  • Remove useless copy from mindi to mondo at end of USB handling

(risky merge, we are raising the limits of 2 diverging branches. The status of stable is not completely sure as such. Will need lots of tests, but it's not yet done :-()
(merge -r1692:1769 $SVN_M/branches/2.2.5)

File size: 12.2 KB
Line 
1/* vi: set sw=4 ts=4: */
2/*
3 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
4 */
5
6#include "libbb.h"
7#include <utmp.h>
8#include <sys/resource.h>
9#include <syslog.h>
10
11#if ENABLE_SELINUX
12#include <selinux/selinux.h>  /* for is_selinux_enabled()  */
13#include <selinux/get_context_list.h> /* for get_default_context() */
14#include <selinux/flask.h> /* for security class definitions  */
15#endif
16
17#if ENABLE_PAM
18/* PAM may include <locale.h>. We may need to undefine bbox's stub define: */
19#undef setlocale
20/* For some obscure reason, PAM is not in pam/xxx, but in security/xxx.
21 * Apparently they like to confuse people. */
22#include <security/pam_appl.h>
23#include <security/pam_misc.h>
24static const struct pam_conv conv = {
25    misc_conv,
26    NULL
27};
28#endif
29
30enum {
31    TIMEOUT = 60,
32    EMPTY_USERNAME_COUNT = 10,
33    USERNAME_SIZE = 32,
34    TTYNAME_SIZE = 32,
35};
36
37static char* short_tty;
38
39#if ENABLE_FEATURE_UTMP
40/* vv  Taken from tinylogin utmp.c  vv */
41/*
42 * read_or_build_utent - see if utmp file is correct for this process
43 *
44 *  System V is very picky about the contents of the utmp file
45 *  and requires that a slot for the current process exist.
46 *  The utmp file is scanned for an entry with the same process
47 *  ID.  If no entry exists the process exits with a message.
48 *
49 *  The "picky" flag is for network and other logins that may
50 *  use special flags.  It allows the pid checks to be overridden.
51 *  This means that getty should never invoke login with any
52 *  command line flags.
53 */
54
55static void read_or_build_utent(struct utmp *utptr, int picky)
56{
57    struct utmp *ut;
58    pid_t pid = getpid();
59
60    setutent();
61
62    /* First, try to find a valid utmp entry for this process.  */
63    while ((ut = getutent()))
64        if (ut->ut_pid == pid && ut->ut_line[0] && ut->ut_id[0] &&
65        (ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS))
66            break;
67
68    /* If there is one, just use it, otherwise create a new one.  */
69    if (ut) {
70        *utptr = *ut;
71    } else {
72        if (picky)
73            bb_error_msg_and_die("no utmp entry found");
74
75        memset(utptr, 0, sizeof(*utptr));
76        utptr->ut_type = LOGIN_PROCESS;
77        utptr->ut_pid = pid;
78        strncpy(utptr->ut_line, short_tty, sizeof(utptr->ut_line));
79        /* This one is only 4 chars wide. Try to fit something
80         * remotely meaningful by skipping "tty"... */
81        strncpy(utptr->ut_id, short_tty + 3, sizeof(utptr->ut_id));
82        strncpy(utptr->ut_user, "LOGIN", sizeof(utptr->ut_user));
83        utptr->ut_time = time(NULL);
84    }
85    if (!picky) /* root login */
86        memset(utptr->ut_host, 0, sizeof(utptr->ut_host));
87}
88
89/*
90 * write_utent - put a USER_PROCESS entry in the utmp file
91 *
92 *  write_utent changes the type of the current utmp entry to
93 *  USER_PROCESS.  the wtmp file will be updated as well.
94 */
95static void write_utent(struct utmp *utptr, const char *username)
96{
97    utptr->ut_type = USER_PROCESS;
98    strncpy(utptr->ut_user, username, sizeof(utptr->ut_user));
99    utptr->ut_time = time(NULL);
100    /* other fields already filled in by read_or_build_utent above */
101    setutent();
102    pututline(utptr);
103    endutent();
104#if ENABLE_FEATURE_WTMP
105    if (access(bb_path_wtmp_file, R_OK|W_OK) == -1) {
106        close(creat(bb_path_wtmp_file, 0664));
107    }
108    updwtmp(bb_path_wtmp_file, utptr);
109#endif
110}
111#else /* !ENABLE_FEATURE_UTMP */
112#define read_or_build_utent(utptr, picky) ((void)0)
113#define write_utent(utptr, username) ((void)0)
114#endif /* !ENABLE_FEATURE_UTMP */
115
116#if ENABLE_FEATURE_NOLOGIN
117static void die_if_nologin_and_non_root(int amroot)
118{
119    FILE *fp;
120    int c;
121
122    if (access("/etc/nologin", F_OK))
123        return;
124
125    fp = fopen("/etc/nologin", "r");
126    if (fp) {
127        while ((c = getc(fp)) != EOF)
128            putchar((c=='\n') ? '\r' : c);
129        fflush(stdout);
130        fclose(fp);
131    } else
132        puts("\r\nSystem closed for routine maintenance\r");
133    if (!amroot)
134        exit(1);
135    puts("\r\n[Disconnect bypassed -- root login allowed]\r");
136}
137#else
138static ALWAYS_INLINE void die_if_nologin_and_non_root(int amroot) {}
139#endif
140
141#if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
142static int check_securetty(void)
143{
144    FILE *fp;
145    int i;
146    char buf[256];
147
148    fp = fopen("/etc/securetty", "r");
149    if (!fp) {
150        /* A missing securetty file is not an error. */
151        return 1;
152    }
153    while (fgets(buf, sizeof(buf)-1, fp)) {
154        for (i = strlen(buf)-1; i >= 0; --i) {
155            if (!isspace(buf[i]))
156                break;
157        }
158        buf[++i] = '\0';
159        if (!buf[0] || (buf[0] == '#'))
160            continue;
161        if (strcmp(buf, short_tty) == 0) {
162            fclose(fp);
163            return 1;
164        }
165    }
166    fclose(fp);
167    return 0;
168}
169#else
170static ALWAYS_INLINE int check_securetty(void) { return 1; }
171#endif
172
173static void get_username_or_die(char *buf, int size_buf)
174{
175    int c, cntdown;
176
177    cntdown = EMPTY_USERNAME_COUNT;
178 prompt:
179    print_login_prompt();
180    /* skip whitespace */
181    do {
182        c = getchar();
183        if (c == EOF) exit(1);
184        if (c == '\n') {
185            if (!--cntdown) exit(1);
186            goto prompt;
187        }
188    } while (isspace(c));
189
190    *buf++ = c;
191    if (!fgets(buf, size_buf-2, stdin))
192        exit(1);
193    if (!strchr(buf, '\n'))
194        exit(1);
195    while (isgraph(*buf)) buf++;
196    *buf = '\0';
197}
198
199static void motd(void)
200{
201    int fd;
202
203    fd = open(bb_path_motd_file, O_RDONLY);
204    if (fd) {
205        fflush(stdout);
206        bb_copyfd_eof(fd, STDOUT_FILENO);
207        close(fd);
208    }
209}
210
211static void alarm_handler(int sig ATTRIBUTE_UNUSED)
212{
213    /* This is the escape hatch!  Poor serial line users and the like
214     * arrive here when their connection is broken.
215     * We don't want to block here */
216    ndelay_on(1);
217    ndelay_on(2);
218    printf("\r\nLogin timed out after %d seconds\r\n", TIMEOUT);
219    exit(EXIT_SUCCESS);
220}
221
222int login_main(int argc, char **argv);
223int login_main(int argc, char **argv)
224{
225    enum {
226        LOGIN_OPT_f = (1<<0),
227        LOGIN_OPT_h = (1<<1),
228        LOGIN_OPT_p = (1<<2),
229    };
230    char *fromhost;
231    char username[USERNAME_SIZE];
232    const char *tmp;
233    int amroot;
234    unsigned opt;
235    int count = 0;
236    struct passwd *pw;
237    char *opt_host = NULL;
238    char *opt_user = NULL;
239    char full_tty[TTYNAME_SIZE];
240    USE_SELINUX(security_context_t user_sid = NULL;)
241    USE_FEATURE_UTMP(struct utmp utent;)
242    USE_PAM(pam_handle_t *pamh;)
243    USE_PAM(int pamret;)
244    USE_PAM(const char *failed_msg;)
245
246    short_tty = full_tty;
247    username[0] = '\0';
248    amroot = (getuid() == 0);
249    signal(SIGALRM, alarm_handler);
250    alarm(TIMEOUT);
251
252    /* Mandatory paranoia for suid applet:
253     * ensure that fd# 0,1,2 are opened (at least to /dev/null)
254     * and any extra open fd's are closed.
255     * (The name of the function is misleading. Not daemonizing here.) */
256    bb_daemonize_or_rexec(DAEMON_ONLY_SANITIZE | DAEMON_CLOSE_EXTRA_FDS, NULL);
257
258    opt = getopt32(argv, "f:h:p", &opt_user, &opt_host);
259    if (opt & LOGIN_OPT_f) {
260        if (!amroot)
261            bb_error_msg_and_die("-f is for root only");
262        safe_strncpy(username, opt_user, sizeof(username));
263    }
264    if (optind < argc) /* user from command line (getty) */
265        safe_strncpy(username, argv[optind], sizeof(username));
266
267    /* Let's find out and memorize our tty */
268    if (!isatty(0) || !isatty(1) || !isatty(2))
269        return EXIT_FAILURE;        /* Must be a terminal */
270    safe_strncpy(full_tty, "UNKNOWN", sizeof(full_tty));
271    tmp = ttyname(0);
272    if (tmp) {
273        safe_strncpy(full_tty, tmp, sizeof(full_tty));
274        if (strncmp(full_tty, "/dev/", 5) == 0)
275            short_tty = full_tty + 5;
276    }
277
278    read_or_build_utent(&utent, !amroot);
279
280    if (opt_host) {
281        USE_FEATURE_UTMP(
282            safe_strncpy(utent.ut_host, opt_host, sizeof(utent.ut_host));
283        )
284        fromhost = xasprintf(" on '%s' from '%s'", short_tty, opt_host);
285    } else
286        fromhost = xasprintf(" on '%s'", short_tty);
287
288    /* Was breaking "login <username>" from shell command line: */
289    /*bb_setpgrp();*/
290
291    openlog(applet_name, LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
292
293    while (1) {
294        if (!username[0])
295            get_username_or_die(username, sizeof(username));
296
297#if ENABLE_PAM
298        pamret = pam_start("login", username, &conv, &pamh);
299        if (pamret != PAM_SUCCESS) {
300            failed_msg = "pam_start";
301            goto pam_auth_failed;
302        }
303        /* set TTY (so things like securetty work) */
304        pamret = pam_set_item(pamh, PAM_TTY, short_tty);
305        if (pamret != PAM_SUCCESS) {
306            failed_msg = "pam_set_item(TTY)";
307            goto pam_auth_failed;
308        }
309        pamret = pam_authenticate(pamh, 0);
310        if (pamret != PAM_SUCCESS) {
311            failed_msg = "pam_authenticate";
312            goto pam_auth_failed;
313            /* TODO: or just "goto auth_failed"
314             * since user seems to enter wrong password
315             * (in this case pamret == 7)
316             */
317        }
318        /* check that the account is healthy */
319        pamret = pam_acct_mgmt(pamh, 0);
320        if (pamret != PAM_SUCCESS) {
321            failed_msg = "account setup";
322            goto pam_auth_failed;
323        }
324        /* read user back */
325        {
326            const char *pamuser;
327            /* gcc: "dereferencing type-punned pointer breaks aliasing rules..."
328             * thus we cast to (void*) */
329            if (pam_get_item(pamh, PAM_USER, (void*)&pamuser) != PAM_SUCCESS) {
330                failed_msg = "pam_get_item(USER)";
331                goto pam_auth_failed;
332            }
333            safe_strncpy(username, pamuser, sizeof(username));
334        }
335        /* If we get here, the user was authenticated, and is
336         * granted access. */
337        pw = getpwnam(username);
338        if (pw)
339            break;
340        goto auth_failed;
341 pam_auth_failed:
342        bb_error_msg("%s failed: %s (%d)", failed_msg, pam_strerror(pamh, pamret), pamret);
343        safe_strncpy(username, "UNKNOWN", sizeof(username));
344#else /* not PAM */
345        pw = getpwnam(username);
346        if (!pw) {
347            strcpy(username, "UNKNOWN");
348            goto fake_it;
349        }
350
351        if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*')
352            goto auth_failed;
353
354        if (opt & LOGIN_OPT_f)
355            break; /* -f USER: success without asking passwd */
356
357        if (pw->pw_uid == 0 && !check_securetty())
358            goto auth_failed;
359
360        /* Don't check the password if password entry is empty (!) */
361        if (!pw->pw_passwd[0])
362            break;
363 fake_it:
364        /* authorization takes place here */
365        if (correct_password(pw))
366            break;
367#endif /* ENABLE_PAM */
368 auth_failed:
369        opt &= ~LOGIN_OPT_f;
370        bb_do_delay(FAIL_DELAY);
371        /* TODO: doesn't sound like correct English phrase to me */
372        puts("Login incorrect");
373        if (++count == 3) {
374            syslog(LOG_WARNING, "invalid password for '%s'%s",
375                        username, fromhost);
376            return EXIT_FAILURE;
377        }
378        username[0] = '\0';
379    }
380
381    alarm(0);
382    die_if_nologin_and_non_root(pw->pw_uid == 0);
383
384    write_utent(&utent, username);
385
386#if ENABLE_SELINUX
387    if (is_selinux_enabled()) {
388        security_context_t old_tty_sid, new_tty_sid;
389
390        if (get_default_context(username, NULL, &user_sid)) {
391            bb_error_msg_and_die("cannot get SID for %s",
392                    username);
393        }
394        if (getfilecon(full_tty, &old_tty_sid) < 0) {
395            bb_perror_msg_and_die("getfilecon(%s) failed",
396                    full_tty);
397        }
398        if (security_compute_relabel(user_sid, old_tty_sid,
399                    SECCLASS_CHR_FILE, &new_tty_sid) != 0) {
400            bb_perror_msg_and_die("security_change_sid(%s) failed",
401                    full_tty);
402        }
403        if (setfilecon(full_tty, new_tty_sid) != 0) {
404            bb_perror_msg_and_die("chsid(%s, %s) failed",
405                    full_tty, new_tty_sid);
406        }
407    }
408#endif
409    /* Try these, but don't complain if they fail.
410     * _f_chown is safe wrt race t=ttyname(0);...;chown(t); */
411    fchown(0, pw->pw_uid, pw->pw_gid);
412    fchmod(0, 0600);
413
414    if (ENABLE_LOGIN_SCRIPTS) {
415        char *t_argv[2];
416
417        t_argv[0] = getenv("LOGIN_PRE_SUID_SCRIPT");
418        if (t_argv[0]) {
419            t_argv[1] = NULL;
420            xsetenv("LOGIN_TTY", full_tty);
421            xsetenv("LOGIN_USER", pw->pw_name);
422            xsetenv("LOGIN_UID", utoa(pw->pw_uid));
423            xsetenv("LOGIN_GID", utoa(pw->pw_gid));
424            xsetenv("LOGIN_SHELL", pw->pw_shell);
425            xspawn(t_argv); /* NOMMU-friendly */
426            /* All variables are unset by setup_environment */
427            wait(NULL);
428        }
429    }
430
431    change_identity(pw);
432    tmp = pw->pw_shell;
433    if (!tmp || !*tmp)
434        tmp = DEFAULT_SHELL;
435    /* setup_environment params: shell, loginshell, changeenv, pw */
436    setup_environment(tmp, 1, !(opt & LOGIN_OPT_p), pw);
437    /* FIXME: login shell = 1 -> 3rd parameter is ignored! */
438
439    motd();
440
441    if (pw->pw_uid == 0)
442        syslog(LOG_INFO, "root login%s", fromhost);
443#if ENABLE_SELINUX
444    /* well, a simple setexeccon() here would do the job as well,
445     * but let's play the game for now */
446    set_current_security_context(user_sid);
447#endif
448
449    // util-linux login also does:
450    // /* start new session */
451    // setsid();
452    // /* TIOCSCTTY: steal tty from other process group */
453    // if (ioctl(0, TIOCSCTTY, 1)) error_msg...
454    // BBox login used to do this (see above):
455    // bb_setpgrp();
456    // If this stuff is really needed, add it and explain why!
457
458    /* set signals to defaults */
459    signal(SIGALRM, SIG_DFL);
460    /* Is this correct? This way user can ctrl-c out of /etc/profile,
461     * potentially creating security breach (tested with bash 3.0).
462     * But without this, bash 3.0 will not enable ctrl-c either.
463     * Maybe bash is buggy?
464     * Need to find out what standards say about /bin/login -
465     * should it leave SIGINT etc enabled or disabled? */
466    signal(SIGINT, SIG_DFL);
467
468    /* Exec login shell with no additional parameters */
469    run_shell(tmp, 1, NULL, NULL);
470
471    /* return EXIT_FAILURE; - not reached */
472}
Note: See TracBrowser for help on using the repository browser.