1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
/* diet login without all the bloat but with checkpassword for pluggable
* authentication support. */
/* algorithm:
1. argv[1] is the user name
(optional: argv[2-argc] are environment variables)
2. print "user's password: " to stdout
3. set terminal to "don't echo"
4. read password
5. set terminal to "echo"
6. fork and run checkpassword login2
7. wait() for checkpassword
8. if checkpassword returns 1, the password was wrong. sleep(1) and ++counter
9. if counter reaches 5, sleep(5) and exit
login2 is expected to:
1. kill ppid (i.e. this process) if it is run.
2. print motd unless (-f .hushlogin)
3. check for mail (maybe)
4. set TERM according to /etc/ttytypes
5. edit utmp and wtmp (uh-oh, how should we do this? We are not root any more!)
6. exec $SHELL
*/
#define CHECKPASSWORD "/bin/checkpassword.login"
#define FALLBACKCHECKPASSWORD "/bin/checkpassword"
#define LOGIN2 "/bin/login2"
#include <string.h>
#include <unistd.h>
#include <termios.h>
#include <stdlib.h>
#include <errno.h>
#include <utmp.h>
#include <fcntl.h>
#include <signal.h>
#include <write12.h>
void die(const char *message) {
__write2(message); __write2("\n");
exit(1);
}
struct termios oldtermios;
static void echo_off() {
struct termios foo;
if (tcgetattr(0,&oldtermios))
die("tcgetattr failed");
foo=oldtermios;
foo.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
tcsetattr(0, TCSANOW, &foo);
}
static void echo_on() {
oldtermios.c_lflag |= ECHO | ECHOE | ECHOK;
tcsetattr(0, TCSANOW, &oldtermios);
}
main(int argc,char *argv[]) {
int filedes[2];
char *username=argv[1];
char *buf;
char __username[100];
char password[100];
int pwlen;
char *Argv[]={"checkpassword",LOGIN2,0};
pid_t child;
int utmpfd,wtmpfd;
{
int i=1;
while (username && username[0]=='-')
username=argv[++i];
}
if (!username) {
char *host=getenv("HOST");
if (host) {
int len=strlen(host);
host[len]=' ';
write(0,host,len+1);
host[len]=0;
}
__write1("login: ");
pwlen=read(0,__username,9);
if (pwlen<0) die("read failed");
__username[pwlen-1]=0; /* skip newline */
username=__username;
}
{
buf=alloca(strlen(username)+20);
strcpy(buf,username);
strcat(buf,"'s password: ");
__write1(buf);
}
echo_off();
pwlen=read(0,password,99);
if (pwlen<0) die("read failed");
password[pwlen-1]=0;
echo_on();
__write1("\n");
if (pipe(filedes))
die("pipe failed");
if (filedes[0]!=3)
die("pipe did not return fd 3");
switch (child=fork()) {
case -1:
die("login: could not fork");
case 0:
/* child */
close(3);
{
char buf[512];
int len;
len=strlen(username)+1;
strcpy(buf,username);
strlcpy(buf+len,password,512-len);
len+=strlen(password)+1;
/* buf[len++]='Y'; */
len+=__ltostr(buf+len,512-len,time(0),10,0);
buf[len]=0;
if (len<400) {
strcpy(buf+len+1,"nosetuid");
len+=9;
}
write(4,buf,len+1);
close(4);
}
break;
default:
close(4);
utmpfd=open(_PATH_UTMP,O_RDWR);
if (utmpfd==-1) utmpfd=open("/dev/null",O_RDWR);
if (utmpfd>0 && utmpfd!=4) { dup2(utmpfd,4); close(utmpfd); utmpfd=4; };
wtmpfd=open(_PATH_WTMP,O_APPEND|O_WRONLY);
if (wtmpfd==-1) wtmpfd=open("/dev/null",O_WRONLY);
if (wtmpfd>0 && wtmpfd!=5) { dup2(wtmpfd,5); close(wtmpfd); wtmpfd=5; };
if (utmpfd!=4 || wtmpfd!=5) {
close(utmpfd); close(wtmpfd);
__write2("utmpfd!=4 || wtmpfd!=5\n");
}
execve(CHECKPASSWORD,Argv,environ);
if (errno==ENOENT)
execve(FALLBACKCHECKPASSWORD,Argv,environ);
die("login: could not exec checkpassword");
}
}
|
