Changeset 3621 in MondoRescue for branches/3.3/mindi-busybox/loginutils/login.c
- Timestamp:
- Dec 20, 2016, 4:07:32 PM (7 years ago)
- Location:
- branches/3.3
- Files:
-
- 1 edited
- 1 copied
Legend:
- Unmodified
- Added
- Removed
-
branches/3.3/mindi-busybox/loginutils/login.c
r3232 r3621 3 3 * Licensed under GPLv2 or later, see file LICENSE in this source tree. 4 4 */ 5 //config:config LOGIN 6 //config: bool "login" 7 //config: default y 8 //config: select FEATURE_SYSLOG 9 //config: help 10 //config: login is used when signing onto a system. 11 //config: 12 //config: Note that Busybox binary must be setuid root for this applet to 13 //config: work properly. 14 //config: 15 //config:config LOGIN_SESSION_AS_CHILD 16 //config: bool "Run logged in session in a child process" 17 //config: default y if PAM 18 //config: depends on LOGIN 19 //config: help 20 //config: Run the logged in session in a child process. This allows 21 //config: login to clean up things such as utmp entries or PAM sessions 22 //config: when the login session is complete. If you use PAM, you 23 //config: almost always would want this to be set to Y, else PAM session 24 //config: will not be cleaned up. 25 //config: 26 //config:config LOGIN_SCRIPTS 27 //config: bool "Support for login scripts" 28 //config: depends on LOGIN 29 //config: default y 30 //config: help 31 //config: Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT 32 //config: just prior to switching from root to logged-in user. 33 //config: 34 //config:config FEATURE_NOLOGIN 35 //config: bool "Support for /etc/nologin" 36 //config: default y 37 //config: depends on LOGIN 38 //config: help 39 //config: The file /etc/nologin is used by (some versions of) login(1). 40 //config: If it exists, non-root logins are prohibited. 41 //config: 42 //config:config FEATURE_SECURETTY 43 //config: bool "Support for /etc/securetty" 44 //config: default y 45 //config: depends on LOGIN 46 //config: help 47 //config: The file /etc/securetty is used by (some versions of) login(1). 48 //config: The file contains the device names of tty lines (one per line, 49 //config: without leading /dev/) on which root is allowed to login. 50 51 //applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */ 52 //applet:IF_LOGIN(APPLET(login, BB_DIR_BIN, BB_SUID_REQUIRE)) 53 54 //kbuild:lib-$(CONFIG_LOGIN) += login.o 5 55 6 56 //usage:#define login_trivial_usage … … 9 59 //usage: "Begin a new session on the system\n" 10 60 //usage: "\n -f Don't authenticate (user already authenticated)" 11 //usage: "\n -h Name of the remote host"61 //usage: "\n -h HOST Host user came from (for network logins)" 12 62 //usage: "\n -p Preserve environment" 13 63 14 64 #include "libbb.h" 65 #include "common_bufsiz.h" 15 66 #include <syslog.h> 16 67 #include <sys/resource.h> … … 29 80 # include <security/pam_appl.h> 30 81 # include <security/pam_misc.h> 82 83 # if 0 84 /* This supposedly can be used to avoid double password prompt, 85 * if used instead of standard misc_conv(): 86 * 87 * "When we want to authenticate first with local method and then with tacacs for example, 88 * the password is asked for local method and if not good is asked a second time for tacacs. 89 * So if we want to authenticate a user with tacacs, and the user exists localy, the password is 90 * asked two times before authentication is accepted." 91 * 92 * However, code looks shaky. For example, why misc_conv() return value is ignored? 93 * Are msg[i] and resp[i] indexes handled correctly? 94 */ 95 static char *passwd = NULL; 96 static int my_conv(int num_msg, const struct pam_message **msg, 97 struct pam_response **resp, void *data) 98 { 99 int i; 100 for (i = 0; i < num_msg; i++) { 101 switch (msg[i]->msg_style) { 102 case PAM_PROMPT_ECHO_OFF: 103 if (passwd == NULL) { 104 misc_conv(num_msg, msg, resp, data); 105 passwd = xstrdup(resp[i]->resp); 106 return PAM_SUCCESS; 107 } 108 109 resp[0] = xzalloc(sizeof(struct pam_response)); 110 resp[0]->resp = passwd; 111 passwd = NULL; 112 resp[0]->resp_retcode = PAM_SUCCESS; 113 resp[1] = NULL; 114 return PAM_SUCCESS; 115 116 default: 117 break; 118 } 119 } 120 121 return PAM_SUCCESS; 122 } 123 # endif 124 31 125 static const struct pam_conv conv = { 32 126 misc_conv, … … 46 140 struct termios tty_attrs; 47 141 } FIX_ALIASING; 48 #define G (*(struct globals*) &bb_common_bufsiz1)49 #define INIT_G() do { } while (0)142 #define G (*(struct globals*)bb_common_bufsiz1) 143 #define INIT_G() do { setup_common_bufsiz(); } while (0) 50 144 51 145 … … 421 515 * If we get interrupted by SIGALRM, we need to restore attrs. 422 516 */ 423 if ( correct_password(pw))517 if (ask_and_check_password(pw) > 0) 424 518 break; 425 519 #endif /* ENABLE_PAM */ … … 455 549 if (safe_waitpid(child_pid, NULL, 0) == -1) 456 550 bb_perror_msg("waitpid"); 457 update_utmp (child_pid, DEAD_PROCESS, NULL, NULL, NULL);551 update_utmp_DEAD_PROCESS(child_pid); 458 552 } 459 553 IF_PAM(login_pam_end(pamh);) … … 490 584 #endif 491 585 492 motd(); 586 if (access(".hushlogin", F_OK) != 0) 587 motd(); 493 588 494 589 if (pw->pw_uid == 0)
Note:
See TracChangeset
for help on using the changeset viewer.