midfavila/ubase
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Add shadow support to login(1)

Browse Source 
Also remember to really preserve the environment.
This commit is contained in:
sin 2014-06-03 10:55:12 +01:00
parent c4c1feac2a
commit bc709278b6
1 changed files with 43 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
login.c
View File

@ -3,6 +3,7 @@
#include <errno.h> #include <errno.h>
#include <grp.h> #include <grp.h>
#include <pwd.h> #include <pwd.h>
#include <shadow.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
@ -24,7 +25,10 @@ int
main(int argc, char *argv[]) main(int argc, char *argv[])
{ {
struct passwd *pw; struct passwd *pw;
struct spwd *spw;
char *pass, *cryptpass; char *pass, *cryptpass;
uid_t uid;
gid_t gid;
int pflag = 0; int pflag = 0;
ARGBEGIN { ARGBEGIN {
@ -54,8 +58,8 @@ main(int argc, char *argv[])
eprintf("denied\n"); eprintf("denied\n");
} }
if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') uid = pw->pw_uid;
eprintf("no shadow support\n"); gid = pw->pw_gid;
/* Empty password? Login now */ /* Empty password? Login now */
if (pw->pw_passwd[0] == '\0') if (pw->pw_passwd[0] == '\0')
@ -65,22 +69,44 @@ main(int argc, char *argv[])
ioctl(STDIN_FILENO, TCFLSH, (void *)0); ioctl(STDIN_FILENO, TCFLSH, (void *)0);
pass = getpass("Password: "); pass = getpass("Password: ");
putchar('\n');
if (!pass) if (!pass)
eprintf("getpass:"); eprintf("getpass:");
if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') {
errno = 0;
spw = getspnam(argv[0]);
if (errno)
eprintf("getspnam: %s:", argv[0]);
else if (!spw)
eprintf("who are you?\n");
switch (spw->sp_pwdp[0]) {
case '!':
case '*':
eprintf("denied\n");
}
cryptpass = crypt(pass, spw->sp_pwdp);
explicit_bzero(pass, strlen(pass));
if (!cryptpass)
eprintf("crypt:");
if (strcmp(cryptpass, spw->sp_pwdp) != 0)
eprintf("login failed\n");
explicit_bzero(cryptpass, strlen(cryptpass));
explicit_bzero(spw, sizeof *spw);
} else {
cryptpass = crypt(pass, pw->pw_passwd); cryptpass = crypt(pass, pw->pw_passwd);
explicit_bzero(pass, strlen(pass)); explicit_bzero(pass, strlen(pass));
if (!cryptpass) if (!cryptpass)
eprintf("crypt:"); eprintf("crypt:");
if (strcmp(cryptpass, pw->pw_passwd) != 0) if (strcmp(cryptpass, pw->pw_passwd) != 0)
eprintf("login failed\n"); eprintf("login failed\n");
}
login: login:
if (initgroups(argv[0], pw->pw_gid) < 0) if (initgroups(argv[0], gid) < 0)
eprintf("initgroups:"); eprintf("initgroups:");
if (setgid(pw->pw_gid) < 0) if (setgid(gid) < 0)
eprintf("setgid:"); eprintf("setgid:");
if (setuid(pw->pw_uid) < 0) if (setuid(uid) < 0)
eprintf("setuid:"); eprintf("setuid:");
return dologin(pw, pflag); return dologin(pw, pflag);
@ -91,12 +117,11 @@ dologin(struct passwd *pw, int preserve)
{ {
if (preserve == 0) if (preserve == 0)
clearenv(); clearenv();
setenv("HOME", pw->pw_dir, 1); setenv("HOME", pw->pw_dir, preserve);
setenv("SHELL", pw->pw_shell, 1); setenv("SHELL", pw->pw_shell, preserve);
setenv("USER", pw->pw_name, 1); setenv("USER", pw->pw_name, preserve);
setenv("LOGNAME", pw->pw_name, 1); setenv("LOGNAME", pw->pw_name, preserve);
setenv("PATH", strcmp(pw->pw_name, "root") == 0 ? setenv("PATH", ENV_PATH, preserve);
ENV_SUPATH : ENV_PATH, 1);
if (chdir(pw->pw_dir) < 0) if (chdir(pw->pw_dir) < 0)
eprintf("chdir %s:", pw->pw_dir); eprintf("chdir %s:", pw->pw_dir);
execlp(pw->pw_shell, pw->pw_shell, "-l", NULL); execlp(pw->pw_shell, pw->pw_shell, "-l", NULL);