Print this page
onc plus-be-gone
*** 22,32 ****
/*
* Copyright 2009 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
- /* ONC_PLUS EXTRACT START */
/* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
/*
* University Copyright- Copyright (c) 1982, 1986, 1988
--- 22,31 ----
*** 39,50 ****
*/
/* Copyright (c) 1987, 1988 Microsoft Corporation */
/* All Rights Reserved */
- /* ONC_PLUS EXTRACT END */
-
/*
* For a complete reference to login(1), see the manual page. However,
* login has accreted some intentionally undocumented options, which are
* explained here:
*
--- 38,47 ----
*** 164,179 ****
#define SUBLOGIN "<!sublogin>"
#define LASTLOG "/var/adm/lastlog"
#define PROG_NAME "login"
#define HUSHLOGIN ".hushlogin"
- /* ONC_PLUS EXTRACT START */
/*
* Array and Buffer sizes
*/
#define PBUFSIZE 8 /* max significant characters in a password */
- /* ONC_PLUS EXTRACT END */
#define MAXARGS 63 /* change value below if changing this */
#define MAXARGSWIDTH 2 /* log10(MAXARGS) */
#define MAXENV 1024
#define MAXLINE 2048
--- 161,174 ----
*** 200,212 ****
static int audit_error = 0;
/*
* Externs a plenty
*/
- /* ONC_PLUS EXTRACT START */
extern int getsecretkey();
- /* ONC_PLUS EXTRACT START */
/*
* The current user name
*/
static char user_name[NMAX];
--- 195,205 ----
*** 262,272 ****
*/
static char loginmsg[] = "login: ";
static char passwdmsg[] = "Password:";
static char incorrectmsg[] = "Login incorrect\n";
- /* ONC_PLUS EXTRACT START */
/*
* Password file support
*/
static struct passwd *pwd = NULL;
static char remote_host[HMAX];
--- 255,264 ----
*** 274,284 ****
/*
* Illegal passwd entries.
*/
static struct passwd nouser = { "", "no:password", (uid_t)-1 };
- /* ONC_PLUS EXTRACT END */
/*
* Log file support
*/
static char *log_entry[LOGTRYS];
--- 266,275 ----
*** 341,351 ****
* Remote login support
*/
static char rusername[NMAX+1], lusername[NMAX+1];
static char terminal[MAXPATHLEN];
- /* ONC_PLUS EXTRACT START */
/*
* Pre-authentication flag support
*/
static int fflag;
--- 332,341 ----
*** 354,376 ****
static int login_conv(int, struct pam_message **,
struct pam_response **, void *);
static struct pam_conv pam_conv = {login_conv, NULL};
static pam_handle_t *pamh; /* Authentication handle */
- /* ONC_PLUS EXTRACT END */
/*
* Function declarations
*/
static void turn_on_logging(void);
static void defaults(void);
static void usage(void);
static void process_rlogin(void);
- /* ONC_PLUS EXTRACT START */
static void login_authenticate();
static void setup_credentials(void);
- /* ONC_PLUS EXTRACT END */
static void adjust_nice(void);
static void update_utmpx_entry(int);
static void establish_user_environment(char **);
static void print_banner(void);
static void display_last_login_time(void);
--- 344,363 ----
*** 390,400 ****
static void login_exit(int)__NORETURN;
static int logins_disabled(char *);
static void log_bad_attempts(void);
static int is_number(char *);
- /* ONC_PLUS EXTRACT START */
/*
* *** main ***
*
* The primary flow of control is directed in this routine.
* Control moves in line from top to bottom calling subfunctions
--- 377,386 ----
*** 405,415 ****
*/
int
main(int argc, char *argv[], char **renvp)
{
- /* ONC_PLUS EXTRACT END */
int sublogin;
int pam_rc;
login_pid = getpid();
--- 391,400 ----
*** 467,477 ****
ttyn = ttyname(0);
if (ttyn == NULL)
ttyn = "/dev/???";
}
- /* ONC_PLUS EXTRACT START */
/*
* Call pam_start to initiate a PAM authentication operation
*/
if ((pam_rc = pam_start(progname, user_name, &pam_conv, &pamh))
--- 452,461 ----
*** 506,516 ****
pam_rep_data.scope_len = sizeof (krb5_data);
(void) pam_set_item(pamh, PAM_REPOSITORY,
(void *)&pam_rep_data);
}
- /* ONC_PLUS EXTRACT END */
/*
* Open the log file which contains a record of successful and failed
* login attempts
*/
--- 490,499 ----
*** 525,557 ****
* Do special processing for -r (rlogin) flag
*/
if (rflag)
process_rlogin();
- /* ONC_PLUS EXTRACT START */
/*
* validate user
*/
/* we are already authenticated. fill in what we must, then continue */
if (fflag) {
- /* ONC_PLUS EXTRACT END */
if ((pwd = getpwnam(user_name)) == NULL) {
audit_error = ADT_FAIL_VALUE_USERNAME;
log_bad_attempts();
(void) printf("Login failed: unknown user '%s'.\n",
user_name);
login_exit(1);
}
- /* ONC_PLUS EXTRACT START */
} else {
/*
* Perform the primary login authentication activity.
*/
login_authenticate();
}
- /* ONC_PLUS EXTRACT END */
/* change root login, then we exec another login and try again */
if (process_chroot_logins() != OK)
login_exit(1);
--- 508,536 ----
*** 600,610 ****
" see syslog for more details\n");
}
adjust_nice(); /* passwd file can specify nice value */
- /* ONC_PLUS EXTRACT START */
setup_credentials(); /* Set user credentials - exits on failure */
/*
* NOTE: telnetd and rlogind rely upon this updating of utmpx
* to indicate that the authentication completed successfully,
--- 579,588 ----
*** 626,636 ****
establish_user_environment(renvp);
(void) pam_end(pamh, PAM_SUCCESS); /* Done using PAM */
pamh = NULL;
- /* ONC_PLUS EXTRACT END */
if (pwd->pw_uid == 0) {
if (dosyslog) {
if (remote_host[0]) {
syslog(LOG_NOTICE, "ROOT LOGIN %s FROM %.*s",
--- 604,613 ----
*** 680,690 ****
* *** Utility functions ***
*/
- /* ONC_PLUS EXTRACT START */
/*
* donothing & catch - Signal catching functions
*/
/*ARGSUSED*/
--- 657,666 ----
*** 692,702 ****
donothing(int sig)
{
if (pamh)
(void) pam_end(pamh, PAM_ABORT);
}
- /* ONC_PLUS EXTRACT END */
#ifdef notdef
static int intrupt;
/*ARGSUSED*/
--- 668,677 ----
*** 813,823 ****
}
}
}
- /* ONC_PLUS EXTRACT START */
/*
* login_conv():
* This is the conv (conversation) function called from
* a PAM authentication module to print error messages
* or garner information from the user.
--- 788,797 ----
*** 979,989 ****
return (PAM_SYSTEM_ERR);
}
return (error);
}
- /* ONC_PLUS EXTRACT END */
/*
* quotec - Called by getargs
*/
--- 953,962 ----
*** 1786,1796 ****
}
}
}
- /* ONC_PLUS EXTRACT START */
/*
* login_authenticate - Performs the main authentication work
* 1. Prints the login prompt
* 2. Requests and verifys the password
* 3. Checks the port password
--- 1759,1768 ----
*** 1965,1975 ****
* loads key audit info into the cred, but before setuid() so audit
* system calls will work.
*/
audit_success(get_audit_id(), pwd, zone_name);
}
- /* ONC_PLUS EXTRACT END */
static uint_t
get_audit_id(void)
{
if (rflag)
--- 1937,1946 ----
*** 2025,2035 ****
(void) nice(pri);
}
}
- /* ONC_PLUS EXTRACT START */
/*
* update_utmpx_entry - Searchs for the correct utmpx entry, making an
* entry there if it finds one, otherwise exits.
*/
--- 1996,2005 ----
*** 2062,2072 ****
if ((err = pam_get_item(pamh, PAM_USER, (void **) &user)) !=
PAM_SUCCESS) {
audit_error = ADT_FAIL_PAM + err;
login_exit(1);
}
- /* ONC_PLUS EXTRACT END */
(void) memset((void *)&utmpx, 0, sizeof (utmpx));
(void) time(&utmpx.ut_tv.tv_sec);
utmpx.ut_pid = getpid();
--- 2032,2041 ----
*** 2130,2140 ****
/* Now attempt to write out this entry to the wtmp file if */
/* we were successful in getting it from the utmpx file and */
/* the wtmp file exists. */
updwtmpx(WTMPX_FILE, &utmpx);
}
- /* ONC_PLUS EXTRACT START */
}
/*
--- 2099,2108 ----
*** 2164,2174 ****
}
/*
* Set the environment flag <!sublogin> so that the next login
* knows that it is a sublogin.
*/
- /* ONC_PLUS EXTRACT END */
envinit[0] = SUBLOGIN;
envinit[1] = (char *)NULL;
(void) printf("Subsystem root: %s\n", pwd->pw_dir);
(void) execle("/usr/bin/login", "login", (char *)0,
&envinit[0]);
--- 2132,2141 ----
*** 2178,2188 ****
audit_error = ADT_FAIL_VALUE_PROGRAM;
login_exit(1);
}
return (OK);
- /* ONC_PLUS EXTRACT START */
}
/*
* establish_user_environment - Set up the new users enviornment
*/
--- 2145,2154 ----
*** 2226,2236 ****
}
idx++;
}
}
(void) memcpy(&envinit[basicenv], newenv, sizeof (newenv));
- /* ONC_PLUS EXTRACT END */
/* Set up environment */
if (rflag) {
ENVSTRNCAT(term, terminal);
} else if (hflag) {
--- 2192,2201 ----