Print this page
onc plus-be-gone
@@ -22,11 +22,10 @@
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-/* ONC_PLUS EXTRACT START */
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
/*
* University Copyright- Copyright (c) 1982, 1986, 1988
@@ -39,12 +38,10 @@
*/
/* Copyright (c) 1987, 1988 Microsoft Corporation */
/* All Rights Reserved */
-/* ONC_PLUS EXTRACT END */
-
/*
* For a complete reference to login(1), see the manual page. However,
* login has accreted some intentionally undocumented options, which are
* explained here:
*
@@ -164,16 +161,14 @@
#define SUBLOGIN "<!sublogin>"
#define LASTLOG "/var/adm/lastlog"
#define PROG_NAME "login"
#define HUSHLOGIN ".hushlogin"
-/* ONC_PLUS EXTRACT START */
/*
* Array and Buffer sizes
*/
#define PBUFSIZE 8 /* max significant characters in a password */
-/* ONC_PLUS EXTRACT END */
#define MAXARGS 63 /* change value below if changing this */
#define MAXARGSWIDTH 2 /* log10(MAXARGS) */
#define MAXENV 1024
#define MAXLINE 2048
@@ -200,13 +195,11 @@
static int audit_error = 0;
/*
* Externs a plenty
*/
-/* ONC_PLUS EXTRACT START */
extern int getsecretkey();
-/* ONC_PLUS EXTRACT START */
/*
* The current user name
*/
static char user_name[NMAX];
@@ -262,11 +255,10 @@
*/
static char loginmsg[] = "login: ";
static char passwdmsg[] = "Password:";
static char incorrectmsg[] = "Login incorrect\n";
-/* ONC_PLUS EXTRACT START */
/*
* Password file support
*/
static struct passwd *pwd = NULL;
static char remote_host[HMAX];
@@ -274,11 +266,10 @@
/*
* Illegal passwd entries.
*/
static struct passwd nouser = { "", "no:password", (uid_t)-1 };
-/* ONC_PLUS EXTRACT END */
/*
* Log file support
*/
static char *log_entry[LOGTRYS];
@@ -341,11 +332,10 @@
* Remote login support
*/
static char rusername[NMAX+1], lusername[NMAX+1];
static char terminal[MAXPATHLEN];
-/* ONC_PLUS EXTRACT START */
/*
* Pre-authentication flag support
*/
static int fflag;
@@ -354,23 +344,20 @@
static int login_conv(int, struct pam_message **,
struct pam_response **, void *);
static struct pam_conv pam_conv = {login_conv, NULL};
static pam_handle_t *pamh; /* Authentication handle */
-/* ONC_PLUS EXTRACT END */
/*
* Function declarations
*/
static void turn_on_logging(void);
static void defaults(void);
static void usage(void);
static void process_rlogin(void);
-/* ONC_PLUS EXTRACT START */
static void login_authenticate();
static void setup_credentials(void);
-/* ONC_PLUS EXTRACT END */
static void adjust_nice(void);
static void update_utmpx_entry(int);
static void establish_user_environment(char **);
static void print_banner(void);
static void display_last_login_time(void);
@@ -390,11 +377,10 @@
static void login_exit(int)__NORETURN;
static int logins_disabled(char *);
static void log_bad_attempts(void);
static int is_number(char *);
-/* ONC_PLUS EXTRACT START */
/*
* *** main ***
*
* The primary flow of control is directed in this routine.
* Control moves in line from top to bottom calling subfunctions
@@ -405,11 +391,10 @@
*/
int
main(int argc, char *argv[], char **renvp)
{
-/* ONC_PLUS EXTRACT END */
int sublogin;
int pam_rc;
login_pid = getpid();
@@ -467,11 +452,10 @@
ttyn = ttyname(0);
if (ttyn == NULL)
ttyn = "/dev/???";
}
-/* ONC_PLUS EXTRACT START */
/*
* Call pam_start to initiate a PAM authentication operation
*/
if ((pam_rc = pam_start(progname, user_name, &pam_conv, &pamh))
@@ -506,11 +490,10 @@
pam_rep_data.scope_len = sizeof (krb5_data);
(void) pam_set_item(pamh, PAM_REPOSITORY,
(void *)&pam_rep_data);
}
-/* ONC_PLUS EXTRACT END */
/*
* Open the log file which contains a record of successful and failed
* login attempts
*/
@@ -525,33 +508,29 @@
* Do special processing for -r (rlogin) flag
*/
if (rflag)
process_rlogin();
-/* ONC_PLUS EXTRACT START */
/*
* validate user
*/
/* we are already authenticated. fill in what we must, then continue */
if (fflag) {
-/* ONC_PLUS EXTRACT END */
if ((pwd = getpwnam(user_name)) == NULL) {
audit_error = ADT_FAIL_VALUE_USERNAME;
log_bad_attempts();
(void) printf("Login failed: unknown user '%s'.\n",
user_name);
login_exit(1);
}
-/* ONC_PLUS EXTRACT START */
} else {
/*
* Perform the primary login authentication activity.
*/
login_authenticate();
}
-/* ONC_PLUS EXTRACT END */
/* change root login, then we exec another login and try again */
if (process_chroot_logins() != OK)
login_exit(1);
@@ -600,11 +579,10 @@
" see syslog for more details\n");
}
adjust_nice(); /* passwd file can specify nice value */
-/* ONC_PLUS EXTRACT START */
setup_credentials(); /* Set user credentials - exits on failure */
/*
* NOTE: telnetd and rlogind rely upon this updating of utmpx
* to indicate that the authentication completed successfully,
@@ -626,11 +604,10 @@
establish_user_environment(renvp);
(void) pam_end(pamh, PAM_SUCCESS); /* Done using PAM */
pamh = NULL;
-/* ONC_PLUS EXTRACT END */
if (pwd->pw_uid == 0) {
if (dosyslog) {
if (remote_host[0]) {
syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
@@ -680,11 +657,10 @@
* *** Utility functions ***
*/
-/* ONC_PLUS EXTRACT START */
/*
* donothing & catch - Signal catching functions
*/
/*ARGSUSED*/
@@ -692,11 +668,10 @@
donothing(int sig)
{
if (pamh)
(void) pam_end(pamh, PAM_ABORT);
}
-/* ONC_PLUS EXTRACT END */
#ifdef notdef
static int intrupt;
/*ARGSUSED*/
@@ -813,11 +788,10 @@
}
}
}
-/* ONC_PLUS EXTRACT START */
/*
* login_conv():
* This is the conv (conversation) function called from
* a PAM authentication module to print error messages
* or garner information from the user.
@@ -979,11 +953,10 @@
return (PAM_SYSTEM_ERR);
}
return (error);
}
-/* ONC_PLUS EXTRACT END */
/*
* quotec - Called by getargs
*/
@@ -1786,11 +1759,10 @@
}
}
}
-/* ONC_PLUS EXTRACT START */
/*
* login_authenticate - Performs the main authentication work
* 1. Prints the login prompt
* 2. Requests and verifys the password
* 3. Checks the port password
@@ -1965,11 +1937,10 @@
* loads key audit info into the cred, but before setuid() so audit
* system calls will work.
*/
audit_success(get_audit_id(), pwd, zone_name);
}
-/* ONC_PLUS EXTRACT END */
static uint_t
get_audit_id(void)
{
if (rflag)
@@ -2025,11 +1996,10 @@
(void) nice(pri);
}
}
-/* ONC_PLUS EXTRACT START */
/*
* update_utmpx_entry - Searchs for the correct utmpx entry, making an
* entry there if it finds one, otherwise exits.
*/
@@ -2062,11 +2032,10 @@
if ((err = pam_get_item(pamh, PAM_USER, (void **) &user)) !=
PAM_SUCCESS) {
audit_error = ADT_FAIL_PAM + err;
login_exit(1);
}
-/* ONC_PLUS EXTRACT END */
(void) memset((void *)&utmpx, 0, sizeof (utmpx));
(void) time(&utmpx.ut_tv.tv_sec);
utmpx.ut_pid = getpid();
@@ -2130,11 +2099,10 @@
/* Now attempt to write out this entry to the wtmp file if */
/* we were successful in getting it from the utmpx file and */
/* the wtmp file exists. */
updwtmpx(WTMPX_FILE, &utmpx);
}
-/* ONC_PLUS EXTRACT START */
}
/*
@@ -2164,11 +2132,10 @@
}
/*
* Set the environment flag <!sublogin> so that the next login
* knows that it is a sublogin.
*/
-/* ONC_PLUS EXTRACT END */
envinit[0] = SUBLOGIN;
envinit[1] = (char *)NULL;
(void) printf("Subsystem root: %s\n", pwd->pw_dir);
(void) execle("/usr/bin/login", "login", (char *)0,
&envinit[0]);
@@ -2178,11 +2145,10 @@
audit_error = ADT_FAIL_VALUE_PROGRAM;
login_exit(1);
}
return (OK);
-/* ONC_PLUS EXTRACT START */
}
/*
* establish_user_environment - Set up the new users enviornment
*/
@@ -2226,11 +2192,10 @@
}
idx++;
}
}
(void) memcpy(&envinit[basicenv], newenv, sizeof (newenv));
-/* ONC_PLUS EXTRACT END */
/* Set up environment */
if (rflag) {
ENVSTRNCAT(term, terminal);
} else if (hflag) {