mischief/openbsd-src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2025-01-10 06:47:55 -08:00
Code

Add calls to setusercontext() and login_get*(). We basically call

Browse Source 
setusercontext() in most places where previously we did a setlogin().
Add default login.conf file and put root in the "daemon" login class.
This commit is contained in:
millert 2000-08-20 18:42:36 +00:00
parent 362f029c80
commit fed231abe2
30 changed files with 528 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
etc/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.114 2000/07/18 18:46:05 deraadt Exp $
# $OpenBSD: Makefile,v 1.115 2000/08/20 18:42:36 millert Exp $
TZDIR= /usr/share/zoneinfo
LOCALTIME= US/Pacific
@ -67,6 +67,7 @@ distribution-etc-root-var: distrib-dirs
${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 664 ${BIN2} ${DESTDIR}/etc
${INSTALL} -c -o root -g wheel -m 600 hosts.equiv ${DESTDIR}/etc
${INSTALL} -c -o root -g wheel -m 600 crontab ${DESTDIR}/var/cron/tabs/root
${INSTALL} -c -o root -g wheel -m 644 login.conf ${DESTDIR}/etc
${INSTALL} -c -o root -g wheel -m 600 master.passwd ${DESTDIR}/etc
pwd_mkdb -p -d ${DESTDIR}/etc /etc/master.passwd
${INSTALL} -c -o ${BINOWN} -g ${BINGRP} -m 555 \

43
etc/login.conf Normal file
View File

@ -0,0 +1,43 @@
# $OpenBSD: login.conf,v 1.1 2000/08/20 18:42:36 millert Exp $
#
# Sample login.conf file. See login.conf(5) for details.
#
#
# Standard default entry.
# Any value changed in the daemon class should be reset in default
# class.
#
default:\
:path=/usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin:\
:umask=022:\
:datasize-max=64M:\
:datasize-cur=16M:\
:maxproc-max=128:\
:maxproc-cur=64:\
:openfiles-cur=64:\
:stacksize-cur=2M:
#
# Settings used by /etc/rc and root
# This must be set properly for daemons started as root by inetd as well.
# Be sure reset these values back to system defaults in the default class!
#
daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:tc=default:
#
# Staff have fewer restrictions and can login even when nologins are set.
#
staff:\
:datasize-cur=64M:\
:datasize-max=infinity:\
:ignorenologin:\
:requirehome@:\
:tc=default:

2
etc/master.passwd
View File

@ -1,4 +1,4 @@
root::0:0::0:0:Charlie &:/root:/bin/csh
root:daemon:0:0::0:0:Charlie &:/root:/bin/csh
daemon:*:1:1::0:0:The devil himself:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/operator:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin

33
libexec/atrun/atrun.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: atrun.c,v 1.8 1999/08/06 20:41:05 deraadt Exp $ */
/* $OpenBSD: atrun.c,v 1.9 2000/08/20 18:42:37 millert Exp $ */
/*
* atrun.c - run jobs queued by at; run with root privileges.
@ -48,6 +48,7 @@
#include <utmp.h>
#include <paths.h>
#include <login_cap.h>
/* Local headers */
@ -67,7 +68,7 @@
/* File scope variables */
static char *namep;
static char rcsid[] = "$OpenBSD: atrun.c,v 1.8 1999/08/06 20:41:05 deraadt Exp $";
static char rcsid[] = "$OpenBSD: atrun.c,v 1.9 2000/08/20 18:42:37 millert Exp $";
static int debug = 0;
/* Local functions */
@ -295,22 +296,13 @@ run_file(filename, uid, gid)
if (queue > 'b')
nice(queue - 'b');
if (initgroups(pentry->pw_name, pentry->pw_gid) < 0)
perr("Cannot init group list");
if (setegid(pentry->pw_gid) < 0 || setgid(pentry->pw_gid) < 0)
perr("Cannot change primary group");
if (setlogin(pentry->pw_name) < 0)
perr("Cannot set login name");
if (seteuid(uid) < 0 || setuid(uid) < 0)
perr("Cannot set user id");
if (setusercontext(0, pentry, pentry->pw_uid, LOGIN_SETALL) < 0)
perr("Cannot set user context");
if (chdir(pentry->pw_dir) < 0)
chdir("/");
if (execle("/bin/sh", "sh", (char *)NULL, nenvp) != 0)
if (execle(_PATH_BSHELL, "sh", NULL, nenvp) != 0)
perr("Exec failed for /bin/sh");
PRIV_END
@ -340,17 +332,8 @@ run_file(filename, uid, gid)
PRIV_START
if (initgroups(pentry->pw_name, pentry->pw_gid))
perr("Cannot init group list");
if (setegid(gid) < 0 || setgid(gid) < 0)
perr("Cannot change primary group");
if (setlogin(pentry->pw_name) < 0)
perr("Cannot set login name");
if (seteuid(uid) < 0 || setuid(uid) < 0)
perr("Cannot set user id");
if (setusercontext(0, pentry, pentry->pw_uid, LOGIN_SETALL) < 0)
perr("Cannot set user context");
if (chdir(pentry->pw_dir))
chdir("/");

23
libexec/ftpd/ftpd.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ftpd.8,v 1.33 2000/08/17 17:08:02 brad Exp $
.\" $OpenBSD: ftpd.8,v 1.34 2000/08/20 18:42:37 millert Exp $
.\" $NetBSD: ftpd.8,v 1.8 1996/01/14 20:55:23 thorpej Exp $
.\"
.\" Copyright (c) 1985, 1988, 1991, 1993
@ -62,8 +62,12 @@ service specification; see
Available options:
.Bl -tag -width Ds
.It Fl A
Permit only anonymous ftp connections or accounts listed in
.Pa /etc/ftpchroot .
Permit only anonymous ftp connections, accounts listed in
.Pa /etc/ftpchroot
or users in a login class with the
.Dq ftp-chroot
variable set (see
.Xr login.conf 5 ) .
Other connection attempts are refused.
.It Fl d
Debugging information is written to the syslog using LOG_FTP.
@ -416,6 +420,19 @@ only used for anonymous downloads. Unused fields exist only for compatility
with other
.Nm ftpd
implementations.
.Sh LOGIN.CONF VARIABLES
The
.Nm
daemon uses the following ftp specific parameters:
.Bl -tag -width ftp-chroot
.It Pa ftp-chroot
A boolean value.
If set, users in this class will be automatically chrooted to login
directory for the user.
.It Pa ftp-dir
A path to a directory.
This value overrides the login directory for the users of this class.
.El
.Sh FILES
.Bl -tag -width /var/run/ftpd.pid -compact
.It Pa /etc/ftpusers

37
libexec/ftpd/ftpd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ftpd.c,v 1.77 2000/07/05 22:15:10 deraadt Exp $ */
/* $OpenBSD: ftpd.c,v 1.78 2000/08/20 18:42:37 millert Exp $ */
/* $NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $ */
/*
@ -104,6 +104,7 @@ static char rcsid[] = "$NetBSD: ftpd.c,v 1.15 1995/06/03 22:46:47 mycroft Exp $"
#include <fcntl.h>
#include <glob.h>
#include <limits.h>
#include <login_cap.h>
#include <netdb.h>
#include <pwd.h>
#include <setjmp.h>
@ -189,6 +190,7 @@ char *guestpw;
static char ttyline[20];
char *tty = ttyline; /* for klogin */
static struct utmp utmp; /* for utmp */
static login_cap_t *lc;
#if defined(TCPWRAPPERS)
int allow_severity = LOG_INFO;
@ -673,6 +675,7 @@ sgetpwnam(name)
free(save.pw_name);
memset(save.pw_passwd, 0, strlen(save.pw_passwd));
free(save.pw_passwd);
free(save.pw_class);
free(save.pw_gecos);
free(save.pw_dir);
free(save.pw_shell);
@ -680,6 +683,7 @@ sgetpwnam(name)
save = *p;
save.pw_name = sgetsave(p->pw_name);
save.pw_passwd = sgetsave(p->pw_passwd);
save.pw_class = sgetsave(p->pw_class);
save.pw_gecos = sgetsave(p->pw_gecos);
save.pw_dir = sgetsave(p->pw_dir);
save.pw_shell = sgetsave(p->pw_shell);
@ -707,6 +711,11 @@ user(name)
{
char *cp, *shell;
if (lc) {
login_close(lc);
lc = NULL;
}
if (logged_in) {
if (guest) {
reply(530, "Can't change user from guest login.");
@ -726,6 +735,7 @@ user(name)
else if ((pw = sgetpwnam("ftp")) != NULL) {
guest = 1;
askpasswd = 1;
lc = login_getclass(pw->pw_class);
reply(331,
"Guest login ok, type your name as password.");
} else
@ -757,6 +767,7 @@ user(name)
pw = (struct passwd *) NULL;
return;
}
lc = login_getclass(pw->pw_class);
}
if (logging) {
strncpy(curname, name, sizeof(curname)-1);
@ -827,6 +838,8 @@ end_login()
logout(utmp.ut_line);
}
pw = NULL;
setusercontext(NULL, getpwuid(0), (uid_t)0,
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
logged_in = 0;
guest = 0;
dochroot = 0;
@ -839,7 +852,7 @@ pass(passwd)
int rval;
FILE *fp;
static char homedir[MAXPATHLEN];
char rootdir[MAXPATHLEN];
char *dir, rootdir[MAXPATHLEN];
sigset_t allsigs;
if (logged_in || askpasswd == 0) {
@ -909,7 +922,9 @@ skip:
reply(550, "Can't set gid.");
return;
}
(void) initgroups(pw->pw_name, pw->pw_gid);
(void) umask(defumask); /* may be overridden by login.conf */
setusercontext(lc, pw, (uid_t)0,
LOGIN_SETGROUP|LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
/* open wtmp before chroot */
ftpdlogwtmp(ttyline, pw->pw_name, remotehost);
@ -931,7 +946,12 @@ skip:
logged_in = 1;
dochroot = checkuser(_PATH_FTPCHROOT, pw->pw_name);
dochroot = login_getcapbool(lc, "ftp-chroot", 0) ||
checkuser(_PATH_FTPCHROOT, pw->pw_name);
if ((dir = login_getcapstr(lc, "ftp-dir", NULL, NULL))) {
free(pw->pw_dir);
pw->pw_dir = sgetsave(dir);
}
if (guest || dochroot) {
if (multihome && guest) {
struct stat ts;
@ -978,7 +998,7 @@ skip:
goto bad;
}
sigfillset(&allsigs);
sigprocmask(SIG_UNBLOCK,&allsigs,NULL);
sigprocmask(SIG_UNBLOCK, &allsigs, NULL);
/*
* Set home directory so that use of ~ (tilde) works correctly.
@ -1005,7 +1025,7 @@ skip:
if (ident != NULL)
free(ident);
ident = strdup(passwd);
if (ident == (char *)NULL)
if (ident == NULL)
fatal("Ran out of memory.");
reply(230, "Guest login ok, access restrictions apply.");
#ifdef HASSETPROCTITLE
@ -1029,10 +1049,13 @@ skip:
syslog(LOG_INFO, "FTP LOGIN FROM %s as %s",
remotehost, pw->pw_name);
}
(void) umask(defumask);
login_close(lc);
lc = NULL;
return;
bad:
/* Forget all about it... */
login_close(lc);
lc = NULL;
end_login();
}

11
libexec/getty/getty.8
View File

@ -30,7 +30,7 @@
.\" SUCH DAMAGE.
.\"
.\" from: @(#)getty.8 8.1 (Berkeley) 6/4/93
.\" $Id: getty.8,v 1.5 1999/07/09 13:35:50 aaron Exp $
.\" $Id: getty.8,v 1.6 2000/08/20 18:42:38 millert Exp $
.\"
.Dd June 4, 1993
.Dt GETTY 8
@ -96,6 +96,14 @@ program
can be set to timeout after some interval,
which will cause dial up lines to hang up
if the login name is not entered reasonably quickly.
.Sh RESOURCES
.Nm
is started by
.Xr init 8 ,
with a process priority, umask, and resource limits based on the
.Dq default
entry in
.Pa /etc/login.conf .
.Sh DIAGNOSTICS
.Bl -diag
.It "ttyxx: No such device or address."
@ -119,6 +127,7 @@ does not exist.
.Xr ioctl 2 ,
.Xr tty 4 ,
.Xr gettytab 5 ,
.Xr login.conf 5 ,
.Xr ttys 5 ,
.Xr init 8
.Sh HISTORY

39
libexec/rexecd/rexecd.c
View File

@ -39,7 +39,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)rexecd.c 5.12 (Berkeley) 2/25/91";*/
static char rcsid[] = "$Id: rexecd.c,v 1.12 1999/08/17 09:13:13 millert Exp $";
static char rcsid[] = "$Id: rexecd.c,v 1.13 2000/08/20 18:42:38 millert Exp $";
#endif /* not lint */
#include <sys/param.h>
@ -57,6 +57,7 @@ static char rcsid[] = "$Id: rexecd.c,v 1.12 1999/08/17 09:13:13 millert Exp $";
#include <string.h>
#include <syslog.h>
#include <paths.h>
#include <login_cap.h>
#include <netinet/in.h>
#include <arpa/inet.h>
@ -64,13 +65,10 @@ static char rcsid[] = "$Id: rexecd.c,v 1.12 1999/08/17 09:13:13 millert Exp $";
/*VARARGS1*/
void error __P(());
char username[20] = "USER=";
char homedir[sizeof("HOME=")+MAXPATHLEN] = "HOME=";
char shell[sizeof("SHELL=")+MAXPATHLEN] = "SHELL=";
char path[sizeof("PATH=") + sizeof(_PATH_DEFPATH)] = "PATH=";
char *envinit[] = { homedir, shell, path, username, NULL };
char **environ;
char *remote;
char *envinit[1];
extern char **environ;
login_cap_t *lc;
struct sockaddr_in asin = { AF_INET };
@ -160,6 +158,11 @@ doit(f, fromp)
error("Permission denied.\n");
exit(1);
}
lc = login_getclass(pwd->pw_class);
if (lc == NULL) {
error("Login class incorrect.\n");
exit(1);
}
endpwent();
if (*pwd->pw_passwd != '\0') {
namep = crypt(pass, pwd->pw_passwd);
@ -255,21 +258,15 @@ doit(f, fromp)
pwd->pw_shell = _PATH_BSHELL;
if (f > 2)
(void) close(f);
if (setlogin(pwd->pw_name) == -1 ||
setegid((gid_t)pwd->pw_gid) == -1 ||
setgid((gid_t)pwd->pw_gid) == -1 ||
initgroups(pwd->pw_name, pwd->pw_gid) == -1 ||
seteuid((uid_t)pwd->pw_uid) == -1 ||
setuid((uid_t)pwd->pw_uid) == -1) {
error("failed to setup.\n");
exit(1);
}
(void)strcat(path, _PATH_DEFPATH);
environ = envinit;
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
strncat(shell, pwd->pw_shell, sizeof(shell)-7);
strncat(username, pwd->pw_name, sizeof(username)-6);
setenv("HOME", pwd->pw_dir, 1);
setenv("SHELL", pwd->pw_shell, 1);
setenv("LOGNAME", pwd->pw_name, 1);
setenv("USER", pwd->pw_name, 1);
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL))
err(1, "unable to set user context");
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;

51
libexec/rshd/rshd.c
View File

@ -39,7 +39,7 @@ static char copyright[] =
#ifndef lint
/* from: static char sccsid[] = "@(#)rshd.c 8.2 (Berkeley) 4/6/94"; */
static char *rcsid = "$Id: rshd.c,v 1.31 2000/03/09 14:59:12 deraadt Exp $";
static char *rcsid = "$Id: rshd.c,v 1.32 2000/08/20 18:42:38 millert Exp $";
#endif /* not lint */
/*
@ -62,6 +62,7 @@ static char *rcsid = "$Id: rshd.c,v 1.31 2000/03/09 14:59:12 deraadt Exp $";
#include <arpa/inet.h>
#include <netdb.h>
#include <err.h>
#include <errno.h>
#include <fcntl.h>
#include <paths.h>
@ -72,11 +73,13 @@ static char *rcsid = "$Id: rshd.c,v 1.31 2000/03/09 14:59:12 deraadt Exp $";
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include <login_cap.h>
int keepalive = 1;
int check_all;
int log_success; /* If TRUE, log all successful accesses */
int sent_null;
login_cap_t *lc;
void doit __P((struct sockaddr *));
void error __P((const char *, ...));
@ -194,14 +197,8 @@ main(argc, argv)
return 0;
}
char username[20] = "USER=";
char logname[23] = "LOGNAME=";
char homedir[64] = "HOME=";
char shell[64] = "SHELL=";
char path[100] = "PATH=";
char *envinit[] =
{homedir, shell, path, logname, username, 0};
char **environ;
char *envinit[1] = { 0 };
extern char **environ;
void
doit(fromp)
@ -485,6 +482,15 @@ doit(fromp)
errorstr = "Permission denied.\n";
goto fail;
}
lc = login_getclass(pwd->pw_class);
if (lc == NULL) {
syslog(LOG_INFO|LOG_AUTH,
"%s@%s as %s: unknown class. cmd='%.80s'",
remuser, hostname, locuser, cmdbuf);
if (errorstr == NULL)
errorstr = "Login incorrect.\n";
goto fail;
}
setegid(pwd->pw_gid);
seteuid(pwd->pw_uid);
@ -693,7 +699,7 @@ fail:
FD_ISSET(pv[0], &readfrom));
exit(0);
}
setpgrp(0, getpid());
setsid();
(void) close(s);
(void) close(pv[0]);
#ifdef CRYPT
@ -709,24 +715,19 @@ fail:
#endif
dup2(pv[1], 2);
close(pv[1]);
}
} else
setsid();
if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
#if BSD > 43
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failed: %m");
#endif
(void) setegid((gid_t)pwd->pw_gid);
(void) setgid((gid_t)pwd->pw_gid);
initgroups(pwd->pw_name, pwd->pw_gid);
(void) seteuid((uid_t)pwd->pw_uid);
(void) setuid((uid_t)pwd->pw_uid);
environ = envinit;
strncat(homedir, pwd->pw_dir, sizeof(homedir)-6);
strcat(path, _PATH_DEFPATH);
strncat(shell, pwd->pw_shell, sizeof(shell)-7);
strncat(logname, pwd->pw_name, sizeof(logname)-9);
strncat(username, pwd->pw_name, sizeof(username)-6);
setenv("HOME", pwd->pw_dir, 1);
setenv("SHELL", pwd->pw_shell, 1);
setenv("USER", pwd->pw_name, 1);
setenv("LOGNAME", pwd->pw_name, 1);
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL))
errx(1, "cannot set user context");
cp = strrchr(pwd->pw_shell, '/');
if (cp)
cp++;

13
libexec/uucpd/uucpd.c
View File

@ -42,7 +42,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)uucpd.c 5.10 (Berkeley) 2/26/91";*/
static char rcsid[] = "$Id: uucpd.c,v 1.15 2000/02/01 03:23:23 deraadt Exp $";
static char rcsid[] = "$Id: uucpd.c,v 1.16 2000/08/20 18:42:38 millert Exp $";
#endif /* not lint */
/*
@ -66,6 +66,7 @@ static char rcsid[] = "$Id: uucpd.c,v 1.15 2000/02/01 03:23:23 deraadt Exp $";
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <login_cap.h>
#include "pathnames.h"
void doit __P((struct sockaddr_in *));
@ -210,12 +211,10 @@ struct sockaddr_in *sinp;
(void) snprintf(Username, sizeof(Username), "USER=%s", user);
(void) snprintf(Loginname, sizeof(Loginname), "LOGNAME=%s", user);
dologin(pw, sinp);
setlogin(user);
setegid(pw->pw_gid);
setgid(pw->pw_gid);
initgroups(pw->pw_name, pw->pw_gid);
seteuid(pw->pw_uid);
setuid(pw->pw_uid);
if (setusercontext(0, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
perror("unable to set user context");
return;
}
chdir(pw->pw_dir);
execl(_PATH_UUCICO, "uucico", (char *)0);
perror("uucico server: execl");

4
sbin/init/Makefile
View File

@ -1,4 +1,4 @@
# $OpenBSD: Makefile,v 1.5 1997/02/22 08:38:09 millert Exp $
# $OpenBSD: Makefile,v 1.6 2000/08/20 18:42:39 millert Exp $
STATIC= -static
@ -8,6 +8,6 @@ DPADD= ${LIBUTIL}
LDADD= -lutil
BINMODE=500
INSTALLFLAGS=-fschg
CFLAGS+=-DDEBUGSHELL -DSECURE
CFLAGS+=-DDEBUGSHELL -DSECURE -DLOGIN_CAP
.include <bsd.prog.mk>

18
sbin/init/init.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: init.8,v 1.27 2000/04/15 11:45:57 aaron Exp $
.\" $OpenBSD: init.8,v 1.28 2000/08/20 18:42:39 millert Exp $
.\" $NetBSD: init.8,v 1.6 1995/03/18 14:56:31 cgd Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
@ -221,6 +221,21 @@ If, at bootstrap time, the
.Nm
process cannot be located, the system will panic with the message
.Dq panic: "init died (signal %d, exit %d) .
.Sh RESOURCES
When
.Nm
spawns a process it sets the process priority, umask, and resource
limits based on
.Pa /etc/login.conf .
When starting the
.Xr rc 8
files, the login class
.Dq daemon
is used. When starting a window system or
.Xr getty 8 ,
the login class
.Dq default
is used. No resource changes are made when entering single user mode.
.Sh DIAGNOSTICS
.Bl -diag
.It "getty repeating too quickly on port %s, sleeping"
@ -262,6 +277,7 @@ script run at shutdown time
.Xr login 1 ,
.Xr sh 1 ,
.Xr fbtab 5 ,
.Xr login.conf 5 ,
.Xr ttys 5 ,
.Xr securelevel 7 ,
.Xr crash 8 ,

42
sbin/init/init.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: init.c,v 1.19 2000/08/06 00:19:31 millert Exp $ */
/* $OpenBSD: init.c,v 1.20 2000/08/20 18:42:39 millert Exp $ */
/* $NetBSD: init.c,v 1.22 1996/05/15 23:29:33 jtc Exp $ */
/*-
@ -47,7 +47,7 @@ static char copyright[] =
#if 0
static char sccsid[] = "@(#)init.c 8.2 (Berkeley) 4/28/95";
#else
static char rcsid[] = "$OpenBSD: init.c,v 1.19 2000/08/06 00:19:31 millert Exp $";
static char rcsid[] = "$OpenBSD: init.c,v 1.20 2000/08/20 18:42:39 millert Exp $";
#endif
#endif /* not lint */
@ -79,6 +79,10 @@ static char rcsid[] = "$OpenBSD: init.c,v 1.19 2000/08/06 00:19:31 millert Exp $
#include <pwd.h>
#endif
#ifdef LOGIN_CAP
#include <login_cap.h>
#endif
#include "pathnames.h"
/*
@ -90,6 +94,13 @@ static char rcsid[] = "$OpenBSD: init.c,v 1.19 2000/08/06 00:19:31 millert Exp $
#define STALL_TIMEOUT 30 /* wait N secs after warning */
#define DEATH_WATCH 10 /* wait N secs for procs to die */
/*
* User-based resource limits.
*/
#define RESOURCE_RC "daemon"
#define RESOURCE_WINDOW "default"
#define RESOURCE_GETTY "default"
#ifndef DEFAULT_STATE
#define DEFAULT_STATE runcom
#endif
@ -159,6 +170,12 @@ int getsecuritylevel __P((void));
int setupargv __P((session_t *, struct ttyent *));
int clang;
#ifdef LOGIN_CAP
void setprocresources __P((char *));
#else
#define setprocresources(p)
#endif
void clear_session_logs __P((session_t *));
int start_session_db __P((void));
@ -743,6 +760,8 @@ runcom()
sigprocmask(SIG_SETMASK, &sa.sa_mask, NULL);
setprocresources(RESOURCE_RC);
execv(_PATH_BSHELL, argv);
stall("can't exec %s for %s: %m", _PATH_BSHELL, _PATH_RUNCOM);
_exit(1); /* force single user mode */
@ -1060,6 +1079,8 @@ start_window_system(sp)
if (setsid() < 0)
emergency("setsid failed (window) %m");
setprocresources(RESOURCE_WINDOW);
execv(sp->se_window_argv[0], sp->se_window_argv);
stall("can't exec window system '%s' for port %s: %m",
sp->se_window_argv[0], sp->se_device);
@ -1146,6 +1167,8 @@ start_getty(sp)
sigemptyset(&mask);
sigprocmask(SIG_SETMASK, &mask, NULL);
setprocresources(RESOURCE_GETTY);
execv(sp->se_getty_argv[0], sp->se_getty_argv);
stall("can't exec getty '%s' for port %s: %m",
sp->se_getty_argv[0], sp->se_device);
@ -1464,3 +1487,18 @@ death()
return (state_func_t) single_user;
}
#ifdef LOGIN_CAP
void
setprocresources(class)
char *class;
{
login_cap_t *lc;
if ((lc = login_getclass(class)) != NULL) {
setusercontext(lc, NULL, 0,
LOGIN_SETPRIORITY|LOGIN_SETRESOURCES|LOGIN_SETUMASK);
login_close(lc);
}
}
#endif

12
share/man/man8/rc.8
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: rc.8,v 1.11 2000/06/18 17:04:52 aaron Exp $
.\" $OpenBSD: rc.8,v 1.12 2000/08/20 18:42:39 millert Exp $
.\"
.\" Copyright (c) 1980, 1991, 1993
.\" The Regents of the University of California. All rights reserved.
@ -172,7 +172,17 @@ is started with the specified flags if the specification is modified to be
sendmail_flags="-bd -q30m" # for 'normal' use: sendmail_flags="-bd -q30m"
.Ed
.Pp
.Sh EXTERNAL INFLUENCES
Before
.Xr init 8
starts
.Nm rc ,
it sets the process priority, umask, and resource limits according to the
.Dq daemon
login class as described in
.Pa /etc/login.conf .
.Sh SEE ALSO
.Xr login.conf 5 ,
.Xr sysctl.conf 5 ,
.Xr init 8 ,
.Xr reboot 8 ,

110
usr.bin/login/login.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: login.c,v 1.29 2000/07/17 16:43:14 millert Exp $ */
/* $OpenBSD: login.c,v 1.30 2000/08/20 18:42:39 millert Exp $ */
/* $NetBSD: login.c,v 1.13 1996/05/15 23:50:16 jtc Exp $ */
/*-
@ -44,7 +44,7 @@ static char copyright[] =
#if 0
static char sccsid[] = "@(#)login.c 8.4 (Berkeley) 4/2/94";
#endif
static char rcsid[] = "$OpenBSD: login.c,v 1.29 2000/07/17 16:43:14 millert Exp $";
static char rcsid[] = "$OpenBSD: login.c,v 1.30 2000/08/20 18:42:39 millert Exp $";
#endif /* not lint */
/*
@ -63,6 +63,7 @@ static char rcsid[] = "$OpenBSD: login.c,v 1.29 2000/07/17 16:43:14 millert Exp
#include <errno.h>
#include <fcntl.h>
#include <grp.h>
#include <login_cap.h>
#include <pwd.h>
#include <setjmp.h>
#include <signal.h>
@ -106,20 +107,22 @@ extern void log_failedlogin __P((uid_t, char *, char *, char *));
/*
* This bounds the time given to login. Not a define so it can
* be patched on machines where it's too small.
* XXX - should be a login.conf variable!
*/
u_int timeout = 300;
u_int timeout = 300;
#if defined(KERBEROS) || defined(KERBEROS5)
int notickets = 1;
char *instance;
char *krbtkfile_env;
int authok;
int notickets = 1;
char *instance;
char *krbtkfile_env;
int authok;
#endif
struct passwd *pwd;
int failures;
char term[64], *hostname, *tty;
char *username = NULL, *rusername = NULL;
struct passwd *pwd;
login_cap_t *lc = NULL;
int failures;
char term[64], *hostname, *tty;
char *username = NULL, *rusername = NULL;
int
main(argc, argv)
@ -133,7 +136,7 @@ main(argc, argv)
struct utmp utmp;
int ask, ch, cnt, fflag, hflag, pflag, uflag, quietlog, rootlogin, rval;
uid_t uid;
char *domain, *p, *salt, *ttyn;
char *domain, *p, *salt, *ttyn, *shell;
char tbuf[MAXPATHLEN + 2], tname[sizeof(_PATH_TTY) + 10];
char localhost[MAXHOSTNAMELEN];
@ -270,6 +273,9 @@ main(argc, argv)
salt = pwd->pw_passwd;
else
salt = "xx";
lc = login_getclass(pwd ? pwd->pw_class : LOGIN_DEFCLASS);
if (!lc)
err(1, "unable to get login class");
/*
* If we have a valid account name, and it doesn't have a
@ -394,14 +400,26 @@ main(argc, argv)
if (chdir(pwd->pw_dir) < 0) {
(void)printf("No home directory %s!\n", pwd->pw_dir);
if (login_getcapbool(lc, "requirehome", 0))
exit(1);
if (chdir("/"))
exit(0);
pwd->pw_dir = "/";
(void)printf("Logging in with home = \"/\".\n");
}
shell = login_getcapstr(lc, "shell", pwd->pw_shell, pwd->pw_shell);
if (*shell == '\0')
shell = _PATH_BSHELL;
else if (strlen(shell) >= MAXPATHLEN) {
syslog(LOG_ERR, "shell path too long: %s", shell);
warnx("invalid shell");
sleepexit(1);
}
quietlog = ((strcmp(pwd->pw_shell, "/sbin/nologin") == 0) ||
(access(_PATH_HUSHLOGIN, F_OK) == 0));
login_getcapbool(lc, "hushlogin", 0) ||
(access(_PATH_HUSHLOGIN, F_OK) == 0));
seteuid(0);
setegid(0); /* XXX use a saved gid instead? */
@ -412,8 +430,9 @@ main(argc, argv)
if (tp.tv_sec >= pwd->pw_change) {
(void)printf("Sorry -- your password has expired.\n");
sleepexit(1);
} else if (pwd->pw_change - tp.tv_sec <
2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
} else if (!quietlog && pwd->pw_change - tp.tv_sec <
login_getcaptime(lc, "password-warn",
2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY))
(void)printf("Warning: your password expires on %s",
ctime(&pwd->pw_change));
}
@ -421,8 +440,9 @@ main(argc, argv)
if (tp.tv_sec >= pwd->pw_expire) {
(void)printf("Sorry -- your account has expired.\n");
sleepexit(1);
} else if (pwd->pw_expire - tp.tv_sec <
2 * DAYSPERWEEK * SECSPERDAY && !quietlog)
} else if (!quietlog &&pwd->pw_expire - tp.tv_sec <
login_getcaptime(lc, "expire-warn",
2 * DAYSPERWEEK * SECSPERDAY, 2 * DAYSPERWEEK * SECSPERDAY))
(void)printf("Warning: your account expires on %s",
ctime(&pwd->pw_expire));
}
@ -450,13 +470,6 @@ main(argc, argv)
if (krbtkfile_env)
dofork();
#endif
(void)setegid(pwd->pw_gid);
(void)setgid(pwd->pw_gid);
initgroups(username, pwd->pw_gid);
if (*pwd->pw_shell == '\0')
pwd->pw_shell = _PATH_BSHELL;
/* Destroy environment unless user has requested its preservation. */
if (!pflag) {
@ -474,14 +487,14 @@ main(argc, argv)
}
*cpp2 = 0;
}
/* Note: setusercontext(3) will set PATH */
(void)setenv("HOME", pwd->pw_dir, 1);
(void)setenv("SHELL", pwd->pw_shell, 1);
(void)setenv("SHELL", shell, 1);
if (term[0] == '\0')
(void)strlcpy(term, stypeof(tty), sizeof(term));
(void)setenv("TERM", term, 0);
(void)setenv("LOGNAME", pwd->pw_name, 1);
(void)setenv("USER", pwd->pw_name, 1);
(void)setenv("PATH", _PATH_DEFPATH, 0);
if (hostname)
(void)setenv("REMOTEHOST", hostname, 1);
if (rusername)
@ -494,7 +507,6 @@ main(argc, argv)
if (krbtkfile_env)
(void)setenv("KRB5CCNAME", krbtkfile_env, 1);
#endif
/* If fflag is on, assume caller/authenticator has logged root login. */
if (rootlogin && fflag == 0) {
if (hostname)
@ -531,25 +543,21 @@ main(argc, argv)
(void)signal(SIGTSTP, SIG_IGN);
tbuf[0] = '-';
(void)strlcpy(tbuf + 1, (p = strrchr(pwd->pw_shell, '/')) ?
p + 1 : pwd->pw_shell, sizeof tbuf - 1);
if (setlogin(pwd->pw_name) < 0)
syslog(LOG_ERR, "setlogin() failure: %m");
(void)strlcpy(tbuf + 1, (p = strrchr(shell, '/')) ?
p + 1 : shell, sizeof tbuf - 1);
/* Discard permissions last so can't get killed and drop core. */
if (rootlogin)
(void) setuid(0);
else {
(void) seteuid(pwd->pw_uid);
(void) setuid(pwd->pw_uid);
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETALL)) {
warn("unable to set user context");
exit(1);
}
#ifdef KERBEROS
kgettokens(pwd->pw_dir);
#endif
execlp(pwd->pw_shell, tbuf, 0);
err(1, "%s", pwd->pw_shell);
execlp(shell, tbuf, 0);
err(1, "%s", shell);
}
int
@ -646,8 +654,11 @@ motd()
int fd, nchars;
sig_t oldint;
char tbuf[8192];
char *motd;
if ((fd = open(_PATH_MOTDFILE, O_RDONLY, 0)) < 0)
motd = login_getcapstr(lc, "welcome", _PATH_MOTDFILE, _PATH_MOTDFILE);
if ((fd = open(motd, O_RDONLY, 0)) < 0)
return;
oldint = signal(SIGINT, sigint);
if (setjmp(motdinterrupt) == 0)
@ -678,12 +689,17 @@ void
checknologin()
{
int fd, nchars;
char *nologin;
char tbuf[8192];
if ((fd = open(_PATH_NOLOGIN, O_RDONLY, 0)) >= 0) {
while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
(void)write(fileno(stdout), tbuf, nchars);
sleepexit(0);
if (!login_getcapbool(lc, "ignorenologin", 0)) {
nologin = login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
_PATH_NOLOGIN);
if ((fd = open(nologin, O_RDONLY, 0)) >= 0) {
while ((nchars = read(fd, tbuf, sizeof(tbuf))) > 0)
(void)write(fileno(stdout), tbuf, nchars);
sleepexit(0);
}
}
}
@ -756,7 +772,8 @@ stypeof(ttyid)
{
struct ttyent *t;
return (ttyid && (t = getttynam(ttyid)) ? t->ty_type : UNKNOWN);
return (ttyid && (t = getttynam(ttyid)) ? t->ty_type :
login_getcapstr(lc, "term", UNKNOWN, UNKNOWN));
}
void
@ -773,6 +790,5 @@ sighup(signum)
{
if (username)
badlogin(username);
exit(W_EXITCODE(0, signum));
exit(0);
}

48
usr.bin/skeyaudit/skeyaudit.c
View File

@ -1,7 +1,7 @@
/* $OpenBSD: skeyaudit.c,v 1.8 1998/06/21 22:14:02 millert Exp $ */
/* $OpenBSD: skeyaudit.c,v 1.9 2000/08/20 18:42:40 millert Exp $ */
/*
* Copyright (c) 1997 Todd C. Miller <Todd.Miller@courtesan.com>
* Copyright (c) 1997, 2000 Todd C. Miller <Todd.Miller@courtesan.com>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@ -27,9 +27,13 @@
* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include <sys/param.h>
#include <sys/wait.h>
#include <err.h>
#include <errno.h>
#include <limits.h>
#include <login_cap.h>
#include <paths.h>
#include <pwd.h>
#include <stdio.h>
@ -38,14 +42,10 @@
#include <unistd.h>
#include <skey.h>
#include <sys/types.h>
#include <sys/param.h>
#include <sys/wait.h>
extern char *__progname;
void notify __P((char *, uid_t, gid_t, int, int));
FILE *runsendmail __P((char *, uid_t, gid_t, int *));
void notify __P((struct passwd *, int, int));
FILE *runsendmail __P((struct passwd *, int *));
void usage __P((void));
int
@ -97,7 +97,7 @@ main(argc, argv)
continue;
if (left >= limit)
continue;
notify(key.logname, pw->pw_uid, pw->pw_gid, left, iflag);
notify(pw, left, iflag);
}
if (ch == -1)
errx(-1, "cannot open %s", _PATH_SKEYKEYS);
@ -125,17 +125,15 @@ main(argc, argv)
(void)fclose(key.keyfile);
if (!errs && left < limit)
notify(name, pw->pw_uid, pw->pw_gid, left, iflag);
notify(pw, left, iflag);
}
exit(errs);
}
void
notify(user, uid, gid, seq, interactive)
char *user;
uid_t uid;
gid_t gid;
notify(pw, seq, interactive)
struct passwd *pw;
int seq;
int interactive;
{
@ -150,11 +148,11 @@ notify(user, uid, gid, seq, interactive)
if (interactive)
out = stdout;
else
out = runsendmail(user, uid, gid, &pid);
out = runsendmail(pw, &pid);
if (!interactive)
(void)fprintf(out,
"To: %s\nSubject: IMPORTANT action required\n", user);
"To: %s\nSubject: IMPORTANT action required\n", pw->pw_name);
(void)fprintf(out,
"\nYou are nearing the end of your current S/Key sequence for account\n\
@ -162,7 +160,7 @@ notify(user, uid, gid, seq, interactive)
Your S/key sequence number is now %d. When it reaches zero\n\
you will no longer be able to use S/Key to login into the system.\n\n\
Type \"skeyinit -s\" to reinitialize your sequence number.\n\n",
user, hostname, seq);
pw->pw_name, hostname, seq);
(void)fclose(out);
if (!interactive)
@ -170,10 +168,8 @@ user, hostname, seq);
}
FILE *
runsendmail(user, uid, gid, pidp)
char *user;
uid_t uid;
gid_t gid;
runsendmail(pw, pidp)
struct passwd *pw;
int *pidp;
{
FILE *fp;
@ -193,12 +189,10 @@ runsendmail(user, uid, gid, pidp)
(void)close(pfd[0]);
/* Run sendmail as target user not root */
initgroups(user, gid);
setegid(gid);
setgid(gid);
setlogin(user);
seteuid(uid);
setuid(uid);
if (setusercontext(NULL, pw, pw->pw_uid, LOGIN_SETALL) != 0) {
warn("cannot set user context");
_exit(127);
}
execl(_PATH_SENDMAIL, "sendmail", "-t", NULL);
warn("cannot run \"%s -t\"", _PATH_SENDMAIL);

3
usr.bin/ssh/auth1.c
View File

@ -4,7 +4,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: auth1.c,v 1.2 2000/04/29 18:11:52 markus Exp $");
RCSID("$OpenBSD: auth1.c,v 1.3 2000/08/20 18:42:40 millert Exp $");
#include "xmalloc.h"
#include "rsa.h"
@ -429,6 +429,7 @@ do_authentication()
pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
pwcopy.pw_uid = pw->pw_uid;
pwcopy.pw_gid = pw->pw_gid;
pwcopy.pw_class = xstrdup(pw->pw_class);
pwcopy.pw_dir = xstrdup(pw->pw_dir);
pwcopy.pw_shell = xstrdup(pw->pw_shell);
pw = &pwcopy;

3
usr.bin/ssh/auth2.c
View File

@ -27,7 +27,7 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
#include "includes.h"
RCSID("$OpenBSD: auth2.c,v 1.12 2000/07/07 03:55:03 todd Exp $");
RCSID("$OpenBSD: auth2.c,v 1.13 2000/08/20 18:42:40 millert Exp $");
#include <openssl/dsa.h>
#include <openssl/rsa.h>
@ -360,6 +360,7 @@ auth_set_user(char *u, char *s)
copy->pw_passwd = xstrdup(pw->pw_passwd);
copy->pw_uid = pw->pw_uid;
copy->pw_gid = pw->pw_gid;
copy->pw_class = xstrdup(pw->pw_class);
copy->pw_dir = xstrdup(pw->pw_dir);
copy->pw_shell = xstrdup(pw->pw_shell);
authctxt->valid = 1;

76
usr.bin/ssh/session.c
View File

@ -8,7 +8,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: session.c,v 1.27 2000/08/20 18:30:59 millert Exp $");
RCSID("$OpenBSD: session.c,v 1.28 2000/08/20 18:42:40 millert Exp $");
#include "xmalloc.h"
#include "ssh.h"
@ -28,6 +28,10 @@ RCSID("$OpenBSD: session.c,v 1.27 2000/08/20 18:30:59 millert Exp $");
#include "auth.h"
#include "auth-options.h"
#ifdef HAVE_LOGIN_CAP
#include <login_cap.h>
#endif
/* types */
#define TTYSZ 64
@ -84,6 +88,10 @@ static char *xauthfile;
#define MAX_SESSIONS 10
Session sessions[MAX_SESSIONS];
#ifdef HAVE_LOGIN_CAP
static login_cap_t *lc;
#endif
/*
* Remove local Xauthority file.
*/
@ -167,6 +175,13 @@ do_authenticated(struct passwd * pw)
s = session_new();
s->pw = pw;
#ifdef HAVE_LOGIN_CAP
if ((lc = login_getclass(pw->pw_class)) == NULL) {
error("unable to get login class");
return;
}
#endif
/*
* We stay in this loop until the client requests to execute a shell
* or a command.
@ -608,7 +623,11 @@ do_login(Session *s)
/* Done if .hushlogin exists. */
snprintf(buf, sizeof(buf), "%.200s/.hushlogin", pw->pw_dir);
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "hushlogin", 0) || stat(buf, &st) >= 0)
#else
if (stat(buf, &st) >= 0)
#endif
return;
/*
* Get the time when the user last logged in. 'buf' will be set
@ -626,7 +645,12 @@ do_login(Session *s)
printf("Last login: %s from %s\r\n", time_string, buf);
}
if (options.print_motd) {
#ifdef HAVE_LOGIN_CAP
f = fopen(login_getcapstr(lc, "welcome", "/etc/motd",
"/etc/motd"), "r");
#else
f = fopen("/etc/motd", "r");
#endif
if (f) {
while (fgets(buf, sizeof(buf), f))
fputs(buf, stdout);
@ -740,8 +764,14 @@ do_child(const char *command, struct passwd * pw, const char *term,
options.use_login = 0;
if (!options.use_login) {
#ifdef HAVE_LOGIN_CAP
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
_PATH_NOLOGIN), "r");
#else
if (pw->pw_uid)
f = fopen(_PATH_NOLOGIN, "r");
#endif
if (f) {
/* /etc/nologin exists. Print its contents and exit. */
while (fgets(buf, sizeof(buf), f))
@ -750,15 +780,21 @@ do_child(const char *command, struct passwd * pw, const char *term,
exit(254);
}
}
/* Set login name in the kernel. */
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
/* Set uid, gid, and groups. */
/* Set login name, uid, gid, and groups. */
/* Login(1) does this as well, and it needs uid 0 for the "-h"
switch, so we let login(1) to this for us. */
if (!options.use_login) {
if (getuid() == 0 || geteuid() == 0) {
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
perror("unable to set user context");
exit(1);
}
#else
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
if (setgid(pw->pw_gid) < 0) {
perror("setgid");
exit(1);
@ -772,6 +808,7 @@ do_child(const char *command, struct passwd * pw, const char *term,
/* Permanently switch to the desired uid. */
permanently_set_uid(pw->pw_uid);
#endif
}
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %d.", (int) pw->pw_uid);
@ -781,6 +818,9 @@ do_child(const char *command, struct passwd * pw, const char *term,
* legal, and means /bin/sh.
*/
shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
#endif
#ifdef AFS
/* Try to get AFS tokens for the local cell. */
@ -804,7 +844,13 @@ do_child(const char *command, struct passwd * pw, const char *term,
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
child_set_env(&env, &envsize, "HOME", pw->pw_dir);
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
#ifdef HAVE_LOGIN_CAP
cp = login_getcapstr(lc, "path", _PATH_STDPATH, _PATH_STDPATH);
#else
cp = _PATH_STDPATH;
#endif
child_set_env(&env, &envsize, "PATH", cp);
cp = NULL;
snprintf(buf, sizeof buf, "%.200s/%.50s",
_PATH_MAILDIR, pw->pw_name);
@ -908,9 +954,14 @@ do_child(const char *command, struct passwd * pw, const char *term,
close(i);
/* Change current directory to the user\'s home directory. */
if (chdir(pw->pw_dir) < 0)
if (chdir(pw->pw_dir) < 0) {
fprintf(stderr, "Could not chdir to home directory %s: %s\n",
pw->pw_dir, strerror(errno));
#ifdef HAVE_LOGIN_CAP
if (login_getcapbool(lc, "requirehome", 0))
exit(1);
#endif
}
/*
* Must take new environment into use so that .ssh/rc, /etc/sshrc and
@ -1559,6 +1610,8 @@ session_proctitle(Session *s)
void
do_authenticated2(void)
{
struct passwd *pw;
/*
* Cancel the alarm we set to limit the time taken for
* authentication.
@ -1568,6 +1621,13 @@ do_authenticated2(void)
close(startup_pipe);
startup_pipe = -1;
}
#ifdef HAVE_LOGIN_CAP
pw = auth_get_user();
if ((lc = login_getclass(pw->pw_class)) == NULL) {
error("unable to get login class");
return;
}
#endif
server_loop2();
if (xauthfile)
xauthfile_cleanup_proc(NULL);

3
usr.bin/ssh/ssh.c
View File

@ -11,7 +11,7 @@
*/
#include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.60 2000/08/19 18:48:11 markus Exp $");
RCSID("$OpenBSD: ssh.c,v 1.61 2000/08/20 18:42:40 millert Exp $");
#include <openssl/evp.h>
#include <openssl/dsa.h>
@ -480,6 +480,7 @@ main(int ac, char **av)
pwcopy.pw_passwd = xstrdup(pw->pw_passwd);
pwcopy.pw_uid = pw->pw_uid;
pwcopy.pw_gid = pw->pw_gid;
pwcopy.pw_class = xstrdup(pw->pw_class);
pwcopy.pw_dir = xstrdup(pw->pw_dir);
pwcopy.pw_shell = xstrdup(pw->pw_shell);
pw = &pwcopy;

1
usr.bin/ssh/sshd/Makefile
View File

@ -5,6 +5,7 @@ BINOWN= root
BINMODE=555
BINDIR= /usr/sbin
MAN= sshd.8
CFLAGS+=-DHAVE_LOGIN_CAP
SRCS= sshd.c auth-rhosts.c auth-passwd.c auth-rsa.c auth-rh-rsa.c \
pty.c log-server.c login.c servconf.c serverloop.c \

8
usr.bin/su/su.1
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: su.1,v 1.9 2000/03/11 21:40:03 aaron Exp $
.\" $OpenBSD: su.1,v 1.10 2000/08/20 18:42:41 millert Exp $
.\"
.\" Copyright (c) 1988, 1990 The Regents of the University of California.
.\" All rights reserved.
@ -42,6 +42,7 @@
.Sh SYNOPSIS
.Nm su
.Op Fl Kflm
.Op Fl c Ar login-class
.Op Ar login Op Ar "shell arguments"
.Sh DESCRIPTION
.Nm
@ -93,6 +94,9 @@ The options are as follows:
.Bl -tag -width Ds
.It Fl K
Do not attempt to use Kerberos to authenticate the user.
.It Fl c
Specify a login class.
You may only override the default class if you're already root.
.It Fl f
If the invoked shell is
.Xr csh 1 ,
@ -223,7 +227,9 @@ Same as
.Xr login 1 ,
.Xr sh 1 ,
.Xr skey 1 ,
.Xr setusercontext 3 ,
.Xr group 5 ,
.Xr login.conf 5 ,
.Xr passwd 5 ,
.Xr environ 7
.Sh HISTORY

54
usr.bin/su/su.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: su.c,v 1.32 2000/06/30 16:00:21 millert Exp $ */
/* $OpenBSD: su.c,v 1.33 2000/08/20 18:42:41 millert Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@ -41,7 +41,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
static char rcsid[] = "$OpenBSD: su.c,v 1.32 2000/06/30 16:00:21 millert Exp $";
static char rcsid[] = "$OpenBSD: su.c,v 1.33 2000/08/20 18:42:41 millert Exp $";
#endif /* not lint */
#include <sys/param.h>
@ -51,6 +51,7 @@ static char rcsid[] = "$OpenBSD: su.c,v 1.32 2000/06/30 16:00:21 millert Exp $";
#include <err.h>
#include <errno.h>
#include <grp.h>
#include <login_cap.h>
#include <paths.h>
#include <pwd.h>
#include <stdio.h>
@ -70,14 +71,14 @@ static char rcsid[] = "$OpenBSD: su.c,v 1.32 2000/06/30 16:00:21 millert Exp $";
int kerberos __P((char *username, char *user, int uid));
#define ARGSTR "-Kflm"
#define ARGSTR "-Kc:flm"
int use_kerberos = 1;
char krbtkfile[MAXPATHLEN];
char lrealm[REALM_SZ];
int ksettkfile(char *);
#else
#define ARGSTR "-flm"
#define ARGSTR "-c:flm"
#endif
char *ontty __P((void));
@ -93,11 +94,14 @@ main(argc, argv)
register char *p, **g;
struct group *gr;
uid_t ruid;
login_cap_t *lc;
int asme, ch, asthem, fastlogin, prio;
enum { UNSET, YES, NO } iscsh = UNSET;
char *user, *shell = NULL, *avshell, *username, **np;
enum { UNSET, YES, NO } iscsh;
char *user, *shell, *avshell, *username, *class, **np;
char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
iscsh = UNSET;
shell = class = NULL;
asme = asthem = fastlogin = 0;
while ((ch = getopt(argc, argv, ARGSTR)) != -1)
switch((char)ch) {
@ -106,6 +110,9 @@ main(argc, argv)
use_kerberos = 0;
break;
#endif
case 'c':
class = optarg;
break;
case 'f':
fastlogin = 1;
break;
@ -163,6 +170,15 @@ main(argc, argv)
if ((user = strdup(pwd->pw_name)) == NULL)
err(1, "can't allocate memory");
/* If the user specified a login class and we are root, use it */
if (ruid && class)
errx(1, "only the superuser may specify a login class");
if (class)
pwd->pw_class = class;
if ((lc = login_getclass(pwd->pw_class)) == NULL)
errx(1, "no such login class: %s",
class ? class : LOGIN_DEFCLASS);
#if KERBEROS
if (ksettkfile(user))
use_kerberos = 0;
@ -230,33 +246,27 @@ badlogin:
if (iscsh == UNSET)
iscsh = strcmp(avshell, "csh") ? NO : YES;
/* set permissions */
if (setegid(pwd->pw_gid) < 0)
err(1, "setegid");
if (setgid(pwd->pw_gid) < 0)
err(1, "setgid");
if (initgroups(user, pwd->pw_gid))
err(1, "initgroups failed");
if (seteuid(pwd->pw_uid) < 0)
err(1, "seteuid");
if (setuid(pwd->pw_uid) < 0)
err(1, "setuid");
if (!asme) {
if (asthem) {
p = getenv("TERM");
if ((environ = calloc(1, sizeof (char *))) == NULL)
errx(1, "calloc");
(void)setenv("PATH", _PATH_DEFPATH, 1);
if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH))
err(1, "unable to set user context");
if (p)
(void)setenv("TERM", p, 1);
seteuid(pwd->pw_uid);
setegid(pwd->pw_gid);
if (chdir(pwd->pw_dir) < 0)
errx(1, "no directory");
err(1, "%s", pwd->pw_dir);
seteuid(0);
setegid(0); /* XXX use a saved gid instead? */
} else if (pwd->pw_uid == 0) {
/* XXX - this seems questionable to me */
if (setusercontext(lc,
pwd, pwd->pw_uid, LOGIN_SETPATH|LOGIN_SETUMASK))
err(1, "unable to set user context");
}
if (asthem || pwd->pw_uid) {
(void)setenv("LOGNAME", pwd->pw_name, 1);
@ -298,6 +308,10 @@ badlogin:
username, user, ontty());
(void)setpriority(PRIO_PROCESS, 0, prio);
if (setusercontext(lc, pwd, pwd->pw_uid,
(asthem ? (LOGIN_SETPRIORITY | LOGIN_SETUMASK) : 0) |
LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETUSER))
err(1, "unable to set user context");
execv(shell, np);
err(1, "%s", shell);

4
usr.bin/sudo/Makefile.bsd-wrapper
View File

@ -1,8 +1,8 @@
# $OpenBSD: Makefile.bsd-wrapper,v 1.7 2000/04/05 14:14:34 millert Exp $
# $OpenBSD: Makefile.bsd-wrapper,v 1.8 2000/08/20 18:42:41 millert Exp $
MAN= sudo.8 sudoers.5 visudo.8
XCFLAGS= CC="${CC}" CFLAGS="${CFLAGS} ${COPTS}" LDFLAGS="${LDFLAGS}"
CONFIGURE_OPTS= --prefix=/usr --with-devel --with-insults \
CONFIGURE_OPTS= --prefix=/usr --with-devel --with-insults --with-logincap \
--with-env-editor --disable-path-info --with-logfac=authpriv
.include <bsd.own.mk>

5
usr.bin/sup/Makefile.inc
View File

@ -1,4 +1,5 @@
# $OpenBSD: Makefile.inc,v 1.2 1996/06/26 05:39:36 deraadt Exp $
# $OpenBSD: Makefile.inc,v 1.3 2000/08/20 18:42:41 millert Exp $
CFLAGS+=-UCMUCS -UCMU -UMACH -DVAR_TMP -DHAS_DAEMON -DHAS_POSIX_DIR
CFLAGS+=-UCMUCS -UCMU -UMACH -DVAR_TMP -DHAS_DAEMON -DHAS_POSIX_DIR \
-DHAS_LOGIN_CAP

11
usr.bin/sup/src/supfilesrv.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: supfilesrv.c,v 1.17 2000/02/01 03:23:40 deraadt Exp $ */
/* $OpenBSD: supfilesrv.c,v 1.18 2000/08/20 18:42:42 millert Exp $ */
/*
* Copyright (c) 1992 Carnegie Mellon University
@ -186,6 +186,10 @@
# include <sys/statvfs.h>
#endif
#ifdef HAS_LOGIN_CAP
# include <login_cap.h>
#endif
#include "supcdefs.h"
#include "supextern.h"
#define MSGFILE
@ -1641,6 +1645,10 @@ int fileuid,filegid;
if (setuid ((uid_t)pwd->pw_uid) < 0)
logerr ("setuid: %%m");
#else /* CMUCS */
#ifdef HAS_LOGIN_CAP
if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0)
return("Error setting user context");
#else
if (initgroups (pwd->pw_name,pwd->pw_gid) < 0)
return("Error setting group list");
if (setegid (pwd->pw_gid) < 0)
@ -1655,6 +1663,7 @@ int fileuid,filegid;
logerr ("seteuid: %%m");
if (setuid (pwd->pw_uid) < 0)
logerr ("setuid: %%m");
#endif /* HAS_LOGIN_CAP */
#endif /* CMUCS */
return (NULL);
}

5
usr.sbin/cron/config.h
View File

@ -17,7 +17,7 @@
/* config.h - configurables for Vixie Cron
*
* $Id: config.h,v 1.4 1999/08/29 08:51:55 millert Exp $
* $Id: config.h,v 1.5 2000/08/20 18:42:42 millert Exp $
*/
#if !defined(_PATH_SENDMAIL)
@ -87,3 +87,6 @@
* places.
*/
#define SYSLOG /*-*/
/* if your OS supports a BSD-style login.conf file */
#define LOGIN_CAP /*-*/

41
usr.sbin/cron/do_command.c
View File

@ -16,7 +16,7 @@
*/
#if !defined(lint) && !defined(LINT)
static char rcsid[] = "$Id: do_command.c,v 1.7 2000/06/03 15:36:38 millert Exp $";
static char rcsid[] = "$Id: do_command.c,v 1.8 2000/08/20 18:42:42 millert Exp $";
#endif
@ -28,6 +28,9 @@ static char rcsid[] = "$Id: do_command.c,v 1.7 2000/06/03 15:36:38 millert Exp $
#if defined(SYSLOG)
# include <syslog.h>
#endif
#if defined(LOGIN_CAP)
# include <login_cap.h>
#endif
static void child_process __P((entry *, user *)),
@ -221,12 +224,44 @@ child_process(e, u)
/* set our directory, uid and gid. Set gid first, since once
* we set uid, we've lost root privledges.
*/
# ifdef LOGIN_CAP
{
struct passwd *pwd;
char *ep, *np;
/* XXX - should just pass in a login_cap_t * */
pwd = getpwuid(e->uid);
if (pwd == NULL) {
fprintf(stderr, "getpwuid: couldn't get entry for %d\n", e->uid);
_exit(ERROR_EXIT);
}
if (setusercontext(0, pwd, e->uid, LOGIN_SETALL) < 0) {
fprintf(stderr, "setusercontext failed for %d\n", e->uid);
_exit(ERROR_EXIT);
}
/* If no PATH specified in crontab file but
* we just added on via login.conf, add it to
* the crontab environment.
*/
if (env_get("PATH", e->envp) == NULL &&
(ep = getenv("PATH"))) {
np = malloc(strlen(ep) + 6);
if (np) {
strcpy(np, "PATH=");
strcat(np, ep);
e->envp = env_set(e->envp, np);
}
}
}
# else
setgid(e->gid);
# if defined(BSD)
# if defined(BSD)
initgroups(env_get("LOGNAME", e->envp), e->gid);
# endif
# endif
setlogin(usernm);
setuid(e->uid); /* we aren't root after this... */
# endif
chdir(env_get("HOME", e->envp));
/* exec the command.

23
usr.sbin/cron/popen.c
View File

@ -24,12 +24,15 @@
*/
#ifndef lint
static char rcsid[] = "$Id: popen.c,v 1.5 1999/08/30 10:45:37 millert Exp $";
static char rcsid[] = "$Id: popen.c,v 1.6 2000/08/20 18:42:42 millert Exp $";
static char sccsid[] = "@(#)popen.c 5.7 (Berkeley) 2/14/89";
#endif /* not lint */
#include "cron.h"
#include <signal.h>
#if defined(LOGIN_CAP)
# include <login_cap.h>
#endif
#define MAX_ARGS 100
@ -122,13 +125,27 @@ cron_popen(program, type, e)
(void)close(pdes[1]);
}
if (e) {
#if defined(LOGIN_CAP)
struct passwd *pwd;
pwd = getpwuid(e->uid);
if (pwd == NULL) {
fprintf(stderr, "getpwuid: couldn't get entry for %d\n", e->uid);
_exit(ERROR_EXIT);
}
if (setusercontext(0, pwd, e->uid, LOGIN_SETALL) < 0) {
fprintf(stderr, "setusercontext failed for %d\n", e->uid);
_exit(ERROR_EXIT);
}
#else
setgid(e->gid);
#if defined(BSD)
# if defined(BSD)
initgroups(env_get("LOGNAME", e->envp), e->gid);
#endif
# endif
setlogin(env_get("LOGNAME", e->envp));
setuid(e->uid);
chdir(env_get("HOME", e->envp));
#endif
}
#if WANT_GLOBBING
execvp(gargv[0], gargv);

38
usr.sbin/inetd/inetd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: inetd.c,v 1.67 2000/08/03 11:33:37 itojun Exp $ */
/* $OpenBSD: inetd.c,v 1.68 2000/08/20 18:42:42 millert Exp $ */
/* $NetBSD: inetd.c,v 1.11 1996/02/22 11:14:41 mycroft Exp $ */
/*
* Copyright (c) 1983,1991 The Regents of the University of California.
@ -41,7 +41,7 @@ char copyright[] =
#ifndef lint
/*static char sccsid[] = "from: @(#)inetd.c 5.30 (Berkeley) 6/3/91";*/
static char rcsid[] = "$OpenBSD: inetd.c,v 1.67 2000/08/03 11:33:37 itojun Exp $";
static char rcsid[] = "$OpenBSD: inetd.c,v 1.68 2000/08/20 18:42:42 millert Exp $";
#endif /* not lint */
/*
@ -163,6 +163,7 @@ static char rcsid[] = "$OpenBSD: inetd.c,v 1.67 2000/08/03 11:33:37 itojun Exp $
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
#include <login_cap.h>
#include <rpc/rpc.h>
#include <rpc/pmap_clnt.h>
#include <rpcsvc/nfs_prot.h>
@ -560,19 +561,21 @@ main(argc, argv, envp)
/* a user running private inetd */
if (uid != pwd->pw_uid)
_exit(1);
} else if (pwd->pw_uid) {
if (setlogin(sep->se_user) < 0)
syslog(LOG_ERR,
"%s: setlogin: %m",
sep->se_service);
if (sep->se_group)
} else {
tmpint = LOGIN_SETALL &
~(LOGIN_SETGROUP|LOGIN_SETLOGIN);
if (sep->se_group) {
pwd->pw_gid = grp->gr_gid;
(void) setgid((gid_t)pwd->pw_gid);
initgroups(pwd->pw_name, pwd->pw_gid);
(void) setuid((uid_t)pwd->pw_uid);
} else if (sep->se_group) {
(void) setgid(grp->gr_gid);
(void) setgroups(1, &grp->gr_gid);
tmpint |= LOGIN_SETGROUP;
}
if (pwd->pw_uid)
tmpint |= LOGIN_SETLOGIN;
if (setusercontext(0, pwd, pwd->pw_uid,
tmpint) < 0)
syslog(LOG_ERR,
"%s/%s: setusercontext: %m",
sep->se_service,
sep->se_proto);
}
if (debug)
fprintf(stderr, "%d execl %s\n",
@ -585,13 +588,6 @@ main(argc, argv, envp)
close(ctrl);
dup2(0, 1);
dup2(0, 2);
#ifdef RLIMIT_NOFILE
if (rlim_ofile.rlim_cur != rlim_ofile_cur) {
if (setrlimit(RLIMIT_NOFILE,
&rlim_ofile) < 0)
syslog(LOG_ERR,"setrlimit: %m");
}
#endif
closelog();
for (tmpint = rlim_ofile_cur-1; --tmpint > 2; )
(void)close(tmpint);