ubase

suckless linux base utils
git clone git://git.2f30.org/ubase.git
Log | Files | Refs | README | LICENSE

commit bc709278b617d6c358897cad4fb68888f359bf1d
parent c4c1feac2a7cba8b2c5282810a30b192d0e30623
Author: sin <sin@2f30.org>
Date:   Tue Jun  3 10:55:12 +0100

Add shadow support to login(1)

Also remember to really preserve the environment.

Diffstat:
login.c | 61+++++++++++++++++++++++++++++++++++++++++++------------------
1 file changed, 43 insertions(+), 18 deletions(-)
diff --git a/login.c b/login.c @@ -3,6 +3,7 @@ #include <errno.h> #include <grp.h> #include <pwd.h> +#include <shadow.h> #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -24,7 +25,10 @@ int main(int argc, char *argv[]) { struct passwd *pw; + struct spwd *spw; char *pass, *cryptpass; + uid_t uid; + gid_t gid; int pflag = 0; ARGBEGIN { @@ -54,8 +58,8 @@ main(int argc, char *argv[]) eprintf("denied\n"); } - if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') - eprintf("no shadow support\n"); + uid = pw->pw_uid; + gid = pw->pw_gid; /* Empty password? Login now */ if (pw->pw_passwd[0] == '\0') @@ -65,22 +69,44 @@ main(int argc, char *argv[]) ioctl(STDIN_FILENO, TCFLSH, (void *)0); pass = getpass("Password: "); - putchar('\n'); if (!pass) eprintf("getpass:"); - cryptpass = crypt(pass, pw->pw_passwd); - explicit_bzero(pass, strlen(pass)); - if (!cryptpass) - eprintf("crypt:"); - if (strcmp(cryptpass, pw->pw_passwd) != 0) - eprintf("login failed\n"); + + if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') { + errno = 0; + spw = getspnam(argv[0]); + if (errno) + eprintf("getspnam: %s:", argv[0]); + else if (!spw) + eprintf("who are you?\n"); + switch (spw->sp_pwdp[0]) { + case '!': + case '*': + eprintf("denied\n"); + } + cryptpass = crypt(pass, spw->sp_pwdp); + explicit_bzero(pass, strlen(pass)); + if (!cryptpass) + eprintf("crypt:"); + if (strcmp(cryptpass, spw->sp_pwdp) != 0) + eprintf("login failed\n"); + explicit_bzero(cryptpass, strlen(cryptpass)); + explicit_bzero(spw, sizeof *spw); + } else { + cryptpass = crypt(pass, pw->pw_passwd); + explicit_bzero(pass, strlen(pass)); + if (!cryptpass) + eprintf("crypt:"); + if (strcmp(cryptpass, pw->pw_passwd) != 0) + eprintf("login failed\n"); + } login: - if (initgroups(argv[0], pw->pw_gid) < 0) + if (initgroups(argv[0], gid) < 0) eprintf("initgroups:"); - if (setgid(pw->pw_gid) < 0) + if (setgid(gid) < 0) eprintf("setgid:"); - if (setuid(pw->pw_uid) < 0) + if (setuid(uid) < 0) eprintf("setuid:"); return dologin(pw, pflag); @@ -91,12 +117,11 @@ dologin(struct passwd *pw, int preserve) { if (preserve == 0) clearenv(); - setenv("HOME", pw->pw_dir, 1); - setenv("SHELL", pw->pw_shell, 1); - setenv("USER", pw->pw_name, 1); - setenv("LOGNAME", pw->pw_name, 1); - setenv("PATH", strcmp(pw->pw_name, "root") == 0 ? - ENV_SUPATH : ENV_PATH, 1); + setenv("HOME", pw->pw_dir, preserve); + setenv("SHELL", pw->pw_shell, preserve); + setenv("USER", pw->pw_name, preserve); + setenv("LOGNAME", pw->pw_name, preserve); + setenv("PATH", ENV_PATH, preserve); if (chdir(pw->pw_dir) < 0) eprintf("chdir %s:", pw->pw_dir); execlp(pw->pw_shell, pw->pw_shell, "-l", NULL);