Shadow login: patch #7
John F. Haugh II
jfh at rpp386.Dallas.TX.US
Mon Mar 27 14:30:52 AEST 1989
This is a shar file ...
Unwrap and apply the file `patches' to your patch level 6 source
code. Sorry this is so large. There are several new ideas on
the burner, the next bug fix will be a complete reposting ...
When you are done, you will be at patchlevel 7. Read the file
'patches' for a list of what it fixes.
- John.
--
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create:
# patches
# faillog.c
# faillog.h
# failure.c
# This archive created: Sun Mar 26 21:23:02 1989
# By: John F. Haugh II (River Parishes Programming, Dallas TX)
export PATH; PATH=/bin:/usr/bin:$PATH
if test -f 'patches'
then
echo shar: "will not over-write existing file 'patches'"
else
cat << \SHAR_EOF > 'patches'
Oh? Another week gone by? Must be time for patch #7 ...
New features [ freeping creaturism alert ... ]
- Timezone file may be specified instead of value only
- Comments now allowed in dialup device file
- Added tags rule to Makefile
- Added libsec.a [ shadow library ] rule to Makefile
- Login failure tracking [ tnx to Chip Rosenthal & Jim O'Connor ]
- Login failure control utility
Bugs fixed
- Dialup password file works correctly
- putspent() works on 16 bit machines
- removed unneeded lastlog.h references
- su(1) handles LOGNAME correctly
The manual page for faillog(1L) hasn't been written yet. Read the
source code, and if you figure it out, write one and send it to me ...
--
*** Makefile
--- new/Makefile
**************
*** 1,5
#
! # @(#)Makefile 1.5 - System V shadow password system
#
# @(#)Makefile 1.5 15:59:30 3/4/89
#
--- 1,5 -----
#
! # @(#)Makefile 1.6 - System V shadow password system
#
# @(#)Makefile 1.6 21:15:26 3/26/89
#
**************
*** 1,7
#
# @(#)Makefile 1.5 - System V shadow password system
#
! # @(#)Makefile 1.5 15:59:30 3/4/89
#
SHELL = /bin/sh
# Uncomment the next line if you need fgetpwent()
--- 1,7 -----
#
# @(#)Makefile 1.6 - System V shadow password system
#
! # @(#)Makefile 1.6 21:15:26 3/26/89
#
SHELL = /bin/sh
# Uncomment the next line if you need fgetpwent()
**************
*** 9,14
# Uncomment the next line if you need a64l() and l64a().
AL64DEF = -DNEED_AL64
# Flags for SCO Xenix/386
CFLAGS = -O -M3 -g $(PWDEF) $(AL64DEF)
LIBS = -lcrypt
--- 9,26 -----
# Uncomment the next line if you need a64l() and l64a().
AL64DEF = -DNEED_AL64
+ # Define the directory login is copied to. BE VERY CAREFUL!!!
+ # LOGINDIR = /bin
+ LOGINDIR = /etc
+
+ # Pick your favorite C compiler and tags command
+ CC = cc
+ TAGS = ctags
+
+ # Do you have to do ranlib? Sorry to hear that ...
+ RANLIB = ranlib
+ # RANLIB = echo
+
# Flags for SCO Xenix/386
CFLAGS = -O -M3 -g $(PWDEF) $(AL64DEF)
LIBS = -lcrypt
**************
*** 14,19
LIBS = -lcrypt
LDFLAGS = -M3 -g
LTFLAGS =
# Flags for normal machines
# CFLAGS = -O -g $(PWDEF) $(AL64DEF)
--- 26,34 -----
LIBS = -lcrypt
LDFLAGS = -M3 -g
LTFLAGS =
+ # This should be Slibsec.a for small model, or Llibsec.a for
+ # large model or whatever. MUST AGREE WITH CFLAGS!!!
+ LIBSEC = Slibsec.a
# Flags for normal machines
# CFLAGS = -O -g $(PWDEF) $(AL64DEF)
**************
*** 19,24
# CFLAGS = -O -g $(PWDEF) $(AL64DEF)
# LIBS =
# LDFLAGS = -g
LOBJS = lmain.o login.o env.o password.o entry.o valid.o setup.o shell.o age.o \
pwent.o utmp.o sub.o mail.o motd.o log.o shadow.o dialup.o dialchk.o \
--- 34,40 -----
# CFLAGS = -O -g $(PWDEF) $(AL64DEF)
# LIBS =
# LDFLAGS = -g
+ # LIBSEC = libsec.a
LOBJS = lmain.o login.o env.o password.o entry.o valid.o setup.o shell.o age.o \
pwent.o utmp.o sub.o mail.o motd.o log.o shadow.o dialup.o dialchk.o \
**************
*** 22,28
LOBJS = lmain.o login.o env.o password.o entry.o valid.o setup.o shell.o age.o \
pwent.o utmp.o sub.o mail.o motd.o log.o shadow.o dialup.o dialchk.o \
! ttytype.o
LSRCS = lmain.c login.c env.c password.c entry.c valid.c setup.c shell.c age.c \
pwent.c utmp.c sub.c mail.c motd.c log.c shadow.c dialup.c dialchk.c \
--- 38,44 -----
LOBJS = lmain.o login.o env.o password.o entry.o valid.o setup.o shell.o age.o \
pwent.o utmp.o sub.o mail.o motd.o log.o shadow.o dialup.o dialchk.o \
! ttytype.o failure.o
LSRCS = lmain.c login.c env.c password.c entry.c valid.c setup.c shell.c age.c \
pwent.c utmp.c sub.c mail.c motd.c log.c shadow.c dialup.c dialchk.c \
**************
*** 26,32
LSRCS = lmain.c login.c env.c password.c entry.c valid.c setup.c shell.c age.c \
pwent.c utmp.c sub.c mail.c motd.c log.c shadow.c dialup.c dialchk.c \
! ttytype.c
SOBJS = smain.o env.o password.o entry.o valid.o susetup.o sushell.o \
pwent.o susub.o mail.o motd.o sulog.o shadow.o age.o
--- 42,48 -----
LSRCS = lmain.c login.c env.c password.c entry.c valid.c setup.c shell.c age.c \
pwent.c utmp.c sub.c mail.c motd.c log.c shadow.c dialup.c dialchk.c \
! ttytype.c failure.c
SOBJS = smain.o env.o password.o entry.o valid.o susetup.o sushell.o \
pwent.o susub.o mail.o motd.o sulog.o shadow.o age.o
**************
*** 52,57
SULOGSRCS = sulogin.c entry.c env.c password.c age.c pwent.c setup.c \
shadow.c shell.c valid.c
FILES1 = README log.c mail.c shadow.h sulog.c Makefile entry.c obscure.c \
setup.c sub.c config.h pmain.c sulogin.c dialup.h ttytype.c
--- 68,78 -----
SULOGSRCS = sulogin.c entry.c env.c password.c age.c pwent.c setup.c \
shadow.c shell.c valid.c
+ ALLSRCS = age.c dialchk.c dialup.c entry.c env.c lmain.c log.c login.c mail.c \
+ motd.c obscure.c password.c pmain.c pwconv.c pwent.c pwunconv.c \
+ setup.c shadow.c shell.c smain.c sub.c sulog.c sulogin.c ttytype.c \
+ utmp.c valid.c
+
FILES1 = README log.c mail.c shadow.h sulog.c Makefile entry.c obscure.c \
setup.c sub.c config.h pmain.c sulogin.c dialup.h ttytype.c
**************
*** 57,63
FILES2 = lastlog.h login.c motd.c password.c shell.c utmp.c age.c env.c \
pwent.c shadow.c valid.c lmain.c smain.c pwconv.c dialup.c dialchk.c \
! pwunconv.c
DOCS = login.1 passwd.1 passwd.4 shadow.3 shadow.4 su.1 sulogin.8 pwconv.8 \
pwunconv.8
--- 78,84 -----
FILES2 = lastlog.h login.c motd.c password.c shell.c utmp.c age.c env.c \
pwent.c shadow.c valid.c lmain.c smain.c pwconv.c dialup.c dialchk.c \
! pwunconv.c failure.c faillog.h faillog.c
DOCS = login.1 passwd.1 passwd.4 shadow.3 shadow.4 su.1 sulogin.8 pwconv.8 \
pwunconv.8
**************
*** 62,68
DOCS = login.1 passwd.1 passwd.4 shadow.3 shadow.4 su.1 sulogin.8 pwconv.8 \
pwunconv.8
! all: su login pwconv pwunconv passwd sulogin
lint: su.L login.L pwconv.L pwunconv.L passwd.L sulogin.L
--- 83,89 -----
DOCS = login.1 passwd.1 passwd.4 shadow.3 shadow.4 su.1 sulogin.8 pwconv.8 \
pwunconv.8
! all: su login pwconv pwunconv passwd sulogin faillog
libsec: shadow.o
ar rv $(LIBSEC) shadow.o
**************
*** 64,70
all: su login pwconv pwunconv passwd sulogin
! lint: su.L login.L pwconv.L pwunconv.L passwd.L sulogin.L
login: $(LOBJS)
cc -o login $(LDFLAGS) $(LOBJS) $(LIBS)
--- 85,93 -----
all: su login pwconv pwunconv passwd sulogin faillog
! libsec: shadow.o
! ar rv $(LIBSEC) shadow.o
! $(RANLIB) $(LIBSEC)
install: all
cp login $(LOGINDIR)/login
**************
*** 66,73
lint: su.L login.L pwconv.L pwunconv.L passwd.L sulogin.L
! login: $(LOBJS)
! cc -o login $(LDFLAGS) $(LOBJS) $(LIBS)
login.L: $(LSRCS)
lint $(LSRCS) > login.L
--- 89,107 -----
ar rv $(LIBSEC) shadow.o
$(RANLIB) $(LIBSEC)
! install: all
! cp login $(LOGINDIR)/login
! cp pwconv pwunconv sulogin /etc
! cp su passwd faillog /bin
! chown root $(LOGINDIR)/login /etc/pwconv /etc/pwunconv /etc/sulogin \
! /bin/su /bin/passwd
! chgrp root $(LOGINDIR)/login /etc/pwconv /etc/pwunconv /etc/sulogin \
! /bin/su /bin/passwd
! chown bin /bin/faillog
! chgrp bin /bin/faillog
! chmod 700 /etc/pwconv /etc/pwunconv /etc/sulogin
! chmod 4711 $(LOGINDIR)/login /bin/su /bin/passwd
! chmod 711 /bin/faillog
lint: su.L login.L pwconv.L pwunconv.L passwd.L sulogin.L faillog.L
**************
*** 69,74
login: $(LOBJS)
cc -o login $(LDFLAGS) $(LOBJS) $(LIBS)
login.L: $(LSRCS)
lint $(LSRCS) > login.L
--- 103,116 -----
chmod 4711 $(LOGINDIR)/login /bin/su /bin/passwd
chmod 711 /bin/faillog
+ lint: su.L login.L pwconv.L pwunconv.L passwd.L sulogin.L faillog.L
+
+ tags: $(ALLSRCS)
+ $(TAGS) $(ALLSRCS)
+
+ login: $(LOBJS)
+ $(CC) -o login $(LDFLAGS) $(LOBJS) $(LIBS)
+
login.L: $(LSRCS)
lint $(LSRCS) > login.L
**************
*** 73,79
lint $(LSRCS) > login.L
su: $(SOBJS)
! cc -o su $(LDFLAGS) $(SOBJS) $(LIBS)
su.L: $(SSRCS)
lint -DSU $(SSRCS) > su.L
--- 115,121 -----
lint $(LSRCS) > login.L
su: $(SOBJS)
! $(CC) -o su $(LDFLAGS) $(SOBJS) $(LIBS)
su.L: $(SSRCS)
lint -DSU $(SSRCS) > su.L
**************
*** 79,85
lint -DSU $(SSRCS) > su.L
passwd: $(POBJS)
! cc -o passwd $(LDFLAGS) $(POBJS) $(LIBS)
passwd.L: $(PSRCS)
lint -DPASSWD $(PSRCS) > passwd.L
--- 121,127 -----
lint -DSU $(SSRCS) > su.L
passwd: $(POBJS)
! $(CC) -o passwd $(LDFLAGS) $(POBJS) $(LIBS)
passwd.L: $(PSRCS)
lint -DPASSWD $(PSRCS) > passwd.L
**************
*** 85,91
lint -DPASSWD $(PSRCS) > passwd.L
pwconv: $(PWOBJS)
! cc -o pwconv $(LDFLAGS) $(PWOBJS) $(LIBS)
pwconv.L: $(PWSRCS)
lint -DPASSWD $(PWSRCS) > pwconv.L
--- 127,133 -----
lint -DPASSWD $(PSRCS) > passwd.L
pwconv: $(PWOBJS)
! $(CC) -o pwconv $(LDFLAGS) $(PWOBJS) $(LIBS)
pwconv.L: $(PWSRCS)
lint -DPASSWD $(PWSRCS) > pwconv.L
**************
*** 91,97
lint -DPASSWD $(PWSRCS) > pwconv.L
pwunconv: $(PWUNOBJS)
! cc -o pwunconv $(LDFLAGS) $(PWUNOBJS) $(LIBS)
pwunconv.L: $(PWUNSRCS)
lint -DPASSWD $(PWUNSRCS) > pwunconv.L
--- 133,139 -----
lint -DPASSWD $(PWSRCS) > pwconv.L
pwunconv: $(PWUNOBJS)
! $(CC) -o pwunconv $(LDFLAGS) $(PWUNOBJS) $(LIBS)
pwunconv.L: $(PWUNSRCS)
lint -DPASSWD $(PWUNSRCS) > pwunconv.L
**************
*** 97,103
lint -DPASSWD $(PWUNSRCS) > pwunconv.L
sulogin: $(SULOGOBJS)
! cc -o sulogin $(LDFLAGS) $(SULOGOBJS) $(LIBS)
sulogin.L: $(SULOGSRCS)
lint $(SULOGSRCS) > sulogin.L
--- 139,145 -----
lint -DPASSWD $(PWUNSRCS) > pwunconv.L
sulogin: $(SULOGOBJS)
! $(CC) -o sulogin $(LDFLAGS) $(SULOGOBJS) $(LIBS)
sulogin.L: $(SULOGSRCS)
lint $(SULOGSRCS) > sulogin.L
**************
*** 102,107
sulogin.L: $(SULOGSRCS)
lint $(SULOGSRCS) > sulogin.L
sushell.o: config.h shell.c
cc -c $(CFLAGS) -DSU shell.c
mv shell.o sushell.o
--- 144,155 -----
sulogin.L: $(SULOGSRCS)
lint $(SULOGSRCS) > sulogin.L
+ faillog: faillog.o
+ $(CC) -o faillog $(LDFLAGS) faillog.o $(LIBS)
+
+ faillog.L: faillog.c faillog.h config.h
+ lint faillog.c > faillog.L
+
sushell.o: config.h shell.c
$(CC) -c $(CFLAGS) -DSU shell.c
mv shell.o sushell.o
**************
*** 103,109
lint $(SULOGSRCS) > sulogin.L
sushell.o: config.h shell.c
! cc -c $(CFLAGS) -DSU shell.c
mv shell.o sushell.o
susub.o: config.h sub.c
--- 151,157 -----
lint faillog.c > faillog.L
sushell.o: config.h shell.c
! $(CC) -c $(CFLAGS) -DSU shell.c
mv shell.o sushell.o
susub.o: config.h sub.c
**************
*** 107,113
mv shell.o sushell.o
susub.o: config.h sub.c
! cc -c $(CFLAGS) -DSU sub.c
mv sub.o susub.o
sulog.o: config.h
--- 155,161 -----
mv shell.o sushell.o
susub.o: config.h sub.c
! $(CC) -c $(CFLAGS) -DSU sub.c
mv sub.o susub.o
sulog.o: config.h
**************
*** 113,119
sulog.o: config.h
susetup.o: config.h setup.c
! cc -c $(CFLAGS) -DSU setup.c
mv setup.o susetup.o
pmain.o: config.h lastlog.h shadow.h
--- 161,167 -----
sulog.o: config.h
susetup.o: config.h setup.c
! $(CC) -c $(CFLAGS) -DSU setup.c
mv setup.o susetup.o
pmain.o: config.h lastlog.h shadow.h
**************
*** 120,126
pwage.o: age.c config.h
cp age.c pwage.c
! cc -c $(CFLAGS) -DPASSWD pwage.c
rm pwage.c
lmain.o: config.h lastlog.h
--- 168,174 -----
pwage.o: age.c config.h
cp age.c pwage.c
! $(CC) -c $(CFLAGS) -DPASSWD pwage.c
rm pwage.c
lmain.o: config.h lastlog.h
**************
*** 151,156
valid.o: config.h
clean:
-rm -f *.o a.out core npasswd nshadow
--- 199,208 -----
valid.o: config.h
+ failure.o: faillog.h config.h
+
+ faillog.o: faillog.h config.h
+
clean:
-rm -f *.o a.out core npasswd nshadow
**************
*** 155,161
-rm -f *.o a.out core npasswd nshadow
clobber: clean
! -rm -f su login passwd pwconv pwunconv sulogin *.L
shar: login.sh.1 login.sh.2 login.sh.3
--- 207,213 -----
-rm -f *.o a.out core npasswd nshadow
clobber: clean
! -rm -f su login passwd pwconv pwunconv sulogin faillog *.L
shar: login.sh.1 login.sh.2 login.sh.3
*** README
--- new/README
**************
*** 19,25
Begin by reading and editing the config.h file. All options are selected
by using #define's. A brief description for each available option appears
below. You may want to print this file out as it is LONG and you will
! need to refer to it while editting config.h
Note that there are MANY options. As distributed most options are turned
on, which produces a really nice package. This is the system as used on
--- 19,27 -----
Begin by reading and editing the config.h file. All options are selected
by using #define's. A brief description for each available option appears
below. You may want to print this file out as it is LONG and you will
! need to refer to it while editting config.h. You will also have to edit
! the Makefile. The possible differences are documented there. Pay close
! attention to the install: rule.
Note that there are MANY options. As distributed most options are turned
on, which produces a really nice package. This is the system as used on
**************
*** 94,100
various utilities.
Select this option by defining the TZ macro to have
! the desired environmental variable value.
Password Aging -
This option includes code to perform password aging.
--- 96,103 -----
various utilities.
Select this option by defining the TZ macro to have
! the desired environmental variable value, or the name
! of the file containing the desired value.
Password Aging -
This option includes code to perform password aging.
**************
*** 147,152
You will need to determine if you system already has
a lastlog.h file and use that file if present.
Terminal Permissions -
This option allows the terminal modes to be set at
login time. This is particularly useful to disable
--- 150,164 -----
You will need to determine if you system already has
a lastlog.h file and use that file if present.
+ Failed Login Logging -
+ This option causes a record to be kept of the most
+ recent login failure by date and port. A cummulative
+ count of failures is maintained and compared against
+ an allowable limit.
+
+ Select this option by defining the FAILLOG macro.
+
+ See the file faillog.h for more details.
Terminal Permissions -
This option allows the terminal modes to be set at
login time. This is particularly useful to disable
*** config.h
--- new/config.h
**************
*** 1,7
/*
* Configuration file for login.
*
! * @(#)config.h 1.4 11:17:19 3/8/89
*/
/*
--- 1,7 -----
/*
* Configuration file for login.
*
! * @(#)config.h 1.5 21:15:33 3/26/89
*/
/*
**************
*** 64,69
/*
* Define TZ if login must set timezone
*/
#define TZ "TZ=CST6CDT"
--- 64,74 -----
/*
* Define TZ if login must set timezone
+ *
+ * The first example sets the variable directly. The
+ * second example names a file which is read to determine
+ * the proper value. The file consists of a single line
+ * of the form 'TZ=zone-name'
*/
/* #define TZ "TZ=CST6CDT" */
**************
*** 66,72
* Define TZ if login must set timezone
*/
! #define TZ "TZ=CST6CDT"
/*
* Define the default PATH and SUPATH here. PATH is for non-privileged
--- 71,78 -----
* of the form 'TZ=zone-name'
*/
! /* #define TZ "TZ=CST6CDT" */
! #define TZ "/etc/tzname"
/*
* Define the default PATH and SUPATH here. PATH is for non-privileged
**************
*** 131,136
*/
#define LASTLOG
/*
* Define TTYPERM to be the initial terminal permissions. Defining
--- 137,150 -----
*/
#define LASTLOG
+
+ /*
+ * Define FAILLOG if you want a record make of failed logins in
+ * /usr/adm/faillog. See faillog.h for more details. See fail(1L)
+ * for even still more details ...
+ */
+
+ #define FAILLOG
/*
* Define TTYPERM to be the initial terminal permissions. Defining
*** dialup.c
--- new/dialup.c
**************
*** 2,8
#include <string.h>
#include "dialup.h"
! static FILE *dialpwd;
void setduent ()
{
--- 2,10 -----
#include <string.h>
#include "dialup.h"
! #ifndef lint
! static char _sccsid[] = "@(#)dialup.c 1.2 21:15:35 3/26/89";
! #endif
static FILE *dialpwd;
**************
*** 4,9
static FILE *dialpwd;
void setduent ()
{
if (dialpwd)
--- 6,13 -----
static char _sccsid[] = "@(#)dialup.c 1.2 21:15:35 3/26/89";
#endif
+ static FILE *dialpwd;
+
void setduent ()
{
if (dialpwd)
**************
*** 34,42
if (! dialpwd || feof (dialpwd))
return ((struct dialup *) 0);
! while (fgets (buf, BUFSIZ, dialpwd) == buf)
! if (buf[0] == '#')
! continue;
if (feof (dialpwd))
return ((struct dialup *) 0);
--- 38,45 -----
if (! dialpwd || feof (dialpwd))
return ((struct dialup *) 0);
! while (fgets (buf, BUFSIZ, dialpwd) == buf && buf[0] == '#')
! ;
if (feof (dialpwd))
return ((struct dialup *) 0);
**************
*** 85,90
return (0);
while (fgets (buf, BUFSIZ, fp) == buf) {
buf[strlen (buf) - 1] = '\0';
if (strcmp (buf, tty) == 0) {
--- 88,96 -----
return (0);
while (fgets (buf, BUFSIZ, fp) == buf) {
+ if (buf[0] == '#')
+ continue;
+
buf[strlen (buf) - 1] = '\0';
if (strcmp (buf, tty) == 0) {
*** lmain.c
--- new/lmain.c
**************
*** 11,17
#include "lastlog.h"
#ifndef lint
! static char _sccsid[] = "@(#)lmain.c 1.4 15:59:41 3/4/89";
#endif
#ifndef ERASECHAR
--- 11,17 -----
#include "lastlog.h"
#ifndef lint
! static char _sccsid[] = "@(#)lmain.c 1.5 21:15:37 3/26/89";
#endif
#ifndef ERASECHAR
**************
*** 63,68
void mailcheck ();
void shell ();
#ifndef ALARM
#define ALARM 60
#endif
--- 63,73 -----
void mailcheck ();
void shell ();
+ #ifdef TZ
+ FILE *tzfile;
+ char tzbuf[16] = TZ;
+ #endif
+
#ifndef ALARM
#define ALARM 60
#endif
**************
*** 95,101
* Add your favorite terminal modes here ...
*/
! termio.c_cflag |= ISIG;
termio.c_cc[VERASE] = ERASECHAR;
termio.c_cc[VKILL] = KILLCHAR;
--- 100,106 -----
* Add your favorite terminal modes here ...
*/
! termio.c_lflag |= ISIG;
termio.c_cc[VERASE] = ERASECHAR;
termio.c_cc[VKILL] = KILLCHAR;
**************
*** 111,117
addenv (*envp++); /* some variables change later */
#ifdef TZ
! addenv (TZ); /* set the default $TZ, if one */
#endif
#ifdef HZ
addenv (HZ); /* set the default $HZ, if one */
--- 116,132 -----
addenv (*envp++); /* some variables change later */
#ifdef TZ
! if (tzbuf[0] == '/') {
! if ((tzfile = fopen (tzbuf, "r")) != (FILE *) 0) {
! if (fgets (tzbuf, sizeof tzbuf, tzfile)) {
! tzbuf[strlen (tzbuf) - 1] = '\0';
! addenv (tzbuf);
! }
! fclose (tzfile);
! }
! } else {
! addenv (tzbuf);
! }
#endif
#ifdef HZ
addenv (HZ); /* set the default $HZ, if one */
**************
*** 147,152
&& ! password ("Password:", pass))
continue;
#endif
if (valid (pass, &pwent)) /* check encrypted passwords ... */
break; /* ... encrypted passwords matched */
--- 162,170 -----
&& ! password ("Password:", pass))
continue;
#endif
+ #ifdef FAILLOG
+ if (valid (pass, &pwent) && failcheck (pwent.pw_uid))
+ #else
if (valid (pass, &pwent)) /* check encrypted passwords ... */
#endif
break;
**************
*** 148,154
continue;
#endif
if (valid (pass, &pwent)) /* check encrypted passwords ... */
! break; /* ... encrypted passwords matched */
if (--retries <= 0) /* only allow so many failures */
exit (1);
--- 166,173 -----
if (valid (pass, &pwent) && failcheck (pwent.pw_uid))
#else
if (valid (pass, &pwent)) /* check encrypted passwords ... */
! #endif
! break;
if (--retries <= 0) /* only allow so many failures */
exit (1);
**************
*** 155,160
puts ("Login incorrect");
(void) memset (name, '\0', sizeof name);
}
#ifdef DIALUP
if (! dialcheck (utent.ut_line,
--- 174,183 -----
puts ("Login incorrect");
(void) memset (name, '\0', sizeof name);
+ #ifdef FAILLOG
+ if (pwent.pw_name) /* don't log non-existent users */
+ faillog (pwent.pw_uid, utent.ut_line);
+ #endif
}
#ifdef DIALUP
if (! dialcheck (utent.ut_line,
*** pwconv.c
--- new/pwconv.c
**************
*** 20,26
#include <fcntl.h>
#include <pwd.h>
#include "config.h"
- #include "lastlog.h"
#include "shadow.h"
#ifndef lint
--- 20,25 -----
#include <fcntl.h>
#include <pwd.h>
#include "config.h"
#include "shadow.h"
#ifndef lint
**************
*** 24,30
#include "shadow.h"
#ifndef lint
! static char _sccsidi[] = "@(#)pwconv.c 1.2 11:17:22 3/8/89";
#endif
char buf[BUFSIZ];
--- 23,29 -----
#include "shadow.h"
#ifndef lint
! static char _sccsid[] = "@(#)pwconv.c 1.3 21:15:40 3/26/89";
#endif
char buf[BUFSIZ];
*** pwunconv.c
--- new/pwunconv.c
**************
*** 15,21
#include <fcntl.h>
#include <pwd.h>
#include "config.h"
- #include "lastlog.h"
#include "shadow.h"
char buf[BUFSIZ];
--- 15,20 -----
#include <fcntl.h>
#include <pwd.h>
#include "config.h"
#include "shadow.h"
#ifndef lint
**************
*** 17,22
#include "config.h"
#include "lastlog.h"
#include "shadow.h"
char buf[BUFSIZ];
char *l64a ();
--- 16,25 -----
#include <pwd.h>
#include "config.h"
#include "shadow.h"
+
+ #ifndef lint
+ static char _sccsid[] = "@(#)pwunconv.c 1.2 21:15:42 3/26/89";
+ #endif
char buf[BUFSIZ];
char *l64a ();
*** setup.c
--- new/setup.c
**************
*** 5,11
#include "config.h"
#ifndef lint
! static char _sccsid[] = "@(#)setup.c 1.3 08:41:10 2/22/89";
#endif
extern char home[];
--- 5,11 -----
#include "config.h"
#ifndef lint
! static char _sccsid[] = "@(#)setup.c 1.4 21:15:45 3/26/89";
#endif
extern char home[];
**************
*** 44,50
struct passwd *info;
{
extern int errno;
- #ifndef SU
char logname[30];
char tty[30];
#endif
--- 44,49 -----
struct passwd *info;
{
extern int errno;
char logname[30];
#ifndef SU
char tty[30];
**************
*** 46,51
extern int errno;
#ifndef SU
char logname[30];
char tty[30];
#endif
char *cp;
--- 45,51 -----
{
extern int errno;
char logname[30];
+ #ifndef SU
char tty[30];
#endif
char *cp;
**************
*** 110,116
else
addenv (PATH);
- #ifndef SU
(void) strcat (strcpy (logname, "LOGNAME="), name);
addenv (logname);
#endif
--- 110,115 -----
else
addenv (PATH);
(void) strcat (strcpy (logname, "LOGNAME="), name);
addenv (logname);
**************
*** 113,119
#ifndef SU
(void) strcat (strcpy (logname, "LOGNAME="), name);
addenv (logname);
! #endif
(void) strcat (strcat (strcpy (mail, "MAIL="), MAILDIR), name);
addenv (mail);
}
--- 112,118 -----
(void) strcat (strcpy (logname, "LOGNAME="), name);
addenv (logname);
!
(void) strcat (strcat (strcpy (mail, "MAIL="), MAILDIR), name);
addenv (mail);
}
*** shadow.c
--- new/shadow.c
**************
*** 2,8
#include <stdio.h>
#include <string.h>
! static FILE *shadow;
void setspent ()
{
--- 2,10 -----
#include <stdio.h>
#include <string.h>
! #ifndef lint
! static char _sccsid[] = "@(#)shadow.c 1.2 21:15:47 3/26/89";
! #endif
static FILE *shadow;
**************
*** 4,9
static FILE *shadow;
void setspent ()
{
if (shadow)
--- 6,13 -----
static char _sccsid[] = "@(#)shadow.c 1.2 21:15:47 3/26/89";
#endif
+ static FILE *shadow;
+
void setspent ()
{
if (shadow)
**************
*** 99,105
if (! fp)
return (0);
! return (fprintf (fp, "%s:%s:%ld:%d:%d\n",
spwd->sp_namp, spwd->sp_pwdp,
spwd->sp_lstchg, spwd->sp_min, spwd->sp_max) != EOF);
}
--- 103,109 -----
if (! fp)
return (0);
! return (fprintf (fp, "%s:%s:%ld:%ld:%ld\n",
spwd->sp_namp, spwd->sp_pwdp,
spwd->sp_lstchg, spwd->sp_min, spwd->sp_max) != EOF);
}
*** shell.c
--- new/shell.c
**************
*** 2,8
#include <string.h>
#include "config.h"
! extern char *newenvp[];
void shell (file)
char *file;
--- 2,10 -----
#include <string.h>
#include "config.h"
! #ifndef lint
! static char _sccsid[] = "@(#)shell.c 1.2 21:15:49 3/26/89";
! #endif
extern char *newenvp[];
**************
*** 4,9
extern char *newenvp[];
void shell (file)
char *file;
{
--- 6,13 -----
static char _sccsid[] = "@(#)shell.c 1.2 21:15:49 3/26/89";
#endif
+ extern char *newenvp[];
+
void shell (file)
char *file;
{
**************
*** 8,14
char *file;
{
char arg0[BUFSIZ];
- #ifndef SU
char *path;
#endif
char *strrchr ();
--- 12,17 -----
char *file;
{
char arg0[BUFSIZ];
char *path;
extern int errno;
**************
*** 10,17
char arg0[BUFSIZ];
#ifndef SU
char *path;
- #endif
- char *strrchr ();
extern int errno;
if (file == (char *) 0)
--- 13,18 -----
{
char arg0[BUFSIZ];
char *path;
extern int errno;
if (file == (char *) 0)
**************
*** 17,23
if (file == (char *) 0)
exit (1);
- #ifndef SU
if (path = strrchr (file, '/'))
path++;
else
--- 18,23 -----
if (file == (char *) 0)
exit (1);
if (path = strrchr (file, '/'))
path++;
else
**************
*** 25,33
(void) strcpy (arg0 + 1, path);
arg0[0] = '-';
- #else
- (void) strcpy (arg0, "-su");
- #endif
#ifndef NDEBUG
printf ("Executing shell %s\n", file);
#endif
--- 25,30 -----
(void) strcpy (arg0 + 1, path);
arg0[0] = '-';
#ifndef NDEBUG
printf ("Executing shell %s\n", file);
#endif
*** smain.c
--- new/smain.c
**************
*** 7,13
#include "lastlog.h"
#ifndef lint
! static char _sccsid[] = "@(#)smain.c 1.5 15:59:55 3/4/89";
#endif
#ifndef MAXENV
--- 7,13 -----
#include "lastlog.h"
#ifndef lint
! static char _sccsid[] = "@(#)smain.c 1.6 21:15:50 3/26/89";
#endif
#ifndef MAXENV
**************
*** 38,43
int maxenv = MAXENV;
struct passwd pwent;
void addenv ();
void entry ();
void sulog ();
--- 38,48 -----
int maxenv = MAXENV;
struct passwd pwent;
+ #ifdef TZ
+ FILE *tzfile;
+ char tzbuf[16] = TZ;
+ #endif
+
void addenv ();
void entry ();
void sulog ();
**************
*** 66,72
addenv (*envp++); /* some variables change later */
#ifdef TZ
! addenv (TZ); /* set the default $TZ, if one */
#endif
#ifdef HZ
addenv (HZ); /* set the default $HZ, if one */
--- 71,87 -----
addenv (*envp++); /* some variables change later */
#ifdef TZ
! if (tzbuf[0] == '/') {
! if ((tzfile = fopen (tzbuf, "r")) != (FILE *) 0) {
! if (fgets (tzbuf, sizeof tzbuf, tzfile)) {
! tzbuf[strlen (tzbuf) - 1] = '\0';
! addenv (tzbuf);
! }
! fclose (tzfile);
! }
! } else {
! addenv (tzbuf);
! }
#endif
#ifdef HZ
addenv (HZ); /* set the default $HZ, if one */
*** sulogin.c
--- new/sulogin.c
**************
*** 4,10
#include <utmp.h>
#include <string.h>
#include "config.h"
- #include "lastlog.h"
#ifndef lint
static char _sccsid[] = "@(#)sulogin.c 1.2 15:59:59 3/4/89";
--- 4,9 -----
#include <utmp.h>
#include <string.h>
#include "config.h"
#ifndef lint
static char _sccsid[] = "@(#)sulogin.c 1.3 21:15:53 3/26/89";
**************
*** 7,13
#include "lastlog.h"
#ifndef lint
! static char _sccsid[] = "@(#)sulogin.c 1.2 15:59:59 3/4/89";
#endif
char name[BUFSIZ];
--- 6,12 -----
#include "config.h"
#ifndef lint
! static char _sccsid[] = "@(#)sulogin.c 1.3 21:15:53 3/26/89";
#endif
char name[BUFSIZ];
**************
*** 18,24
struct passwd pwent;
struct utmp utent;
- struct lastlog lastlog;
#ifndef MAXENV
#define MAXENV 64
--- 17,22 -----
struct passwd pwent;
struct utmp utent;
#ifdef TZ
FILE *tzfile;
**************
*** 20,25
struct utmp utent;
struct lastlog lastlog;
#ifndef MAXENV
#define MAXENV 64
#endif
--- 18,28 -----
struct passwd pwent;
struct utmp utent;
+ #ifdef TZ
+ FILE *tzfile;
+ char tzbuf[16] = TZ;
+ #endif
+
#ifndef MAXENV
#define MAXENV 64
#endif
**************
*** 61,67
addenv (*envp++); /* some variables change later */
#ifdef TZ
! addenv (TZ); /* set the default $TZ, if one */
#endif
#ifdef HZ
addenv (HZ); /* set the default $HZ, if one */
--- 64,80 -----
addenv (*envp++); /* some variables change later */
#ifdef TZ
! if (tzbuf[0] == '/') {
! if ((tzfile = fopen (tzbuf, "r")) != (FILE *) 0) {
! if (fgets (tzbuf, sizeof tzbuf, tzfile)) {
! tzbuf[strlen (tzbuf) - 1] = '\0';
! addenv (tzbuf);
! }
! fclose (tzfile);
! }
! } else {
! addenv (tzbuf);
! }
#endif
#ifdef HZ
addenv (HZ); /* set the default $HZ, if one */
SHAR_EOF
fi
if test -f 'faillog.c'
then
echo shar: "will not over-write existing file 'faillog.c'"
else
cat << \SHAR_EOF > 'faillog.c'
#include <sys/types.h>
#include <sys/stat.h>
#include <stdio.h>
#include <pwd.h>
#include <time.h>
#include "config.h"
#include "faillog.h"
#ifndef lint
static char _sccsid[] = "@(#)faillog.c 1.1 20:42:41 3/26/89";
#endif
FILE *fail; /* failure file stream */
off_t user; /* one single user, specified on command line */
int days; /* number of days to consider for print command */
time_t seconds; /* that number of days in seconds */
int max; /* maximum failure count for fail_max */
int mflg; /* set fail_max for a given user */
int rflg; /* reset fail_cnt for user or all user's */
int uflg; /* set if user is a valid user id */
int tflg; /* print is restricted to most recent days */
struct faillog faillog; /* scratch structure to play with ... */
struct stat statbuf; /* fstat buffer for file size */
extern int optind;
extern char *optarg;
extern char *asctime ();
extern struct passwd *getpwuid ();
extern struct passwd *getpwnam ();
extern struct passwd *getpwent ();
extern struct tm *localtime ();
#define DAY (24L*3600L)
#define NOW (time ((time_t *) 0))
main (argc, argv)
int argc;
char **argv;
{
char *mode;
int uid = 0;
int c;
struct passwd *pwent;
if (getuid () == 0) /* only root can update anything */
mode = "r+";
else /* all others can only look */
mode = "r";
if ((fail = fopen (FAILFILE, mode)) == (FILE *) 0) {
perror (FAILFILE);
exit (1);
}
while ((c = getopt (argc, argv, "m:pru:t:")) != EOF) {
switch (c) {
case 'm':
max = atoi (optarg);
setmax ();
break;
case 'p':
print ();
break;
case 'r':
reset ();
break;
case 'u':
pwent = getpwnam (optarg);
if (! pwent) {
fprintf (stderr, "Unknown User: %s\n", optarg);
exit (1);
}
uflg++;
user = pwent->pw_uid;
break;
case 't':
days = atoi (optarg);
seconds = days * DAY;
tflg++;
break;
}
}
fclose (fail);
exit (0);
}
print ()
{
int uid;
off_t offset;
if (uflg) {
offset = user * sizeof faillog;
fstat (fileno (fail), &statbuf);
if (offset >= statbuf.st_size)
return;
fseek (fail, (off_t) user * sizeof faillog, 0);
if (fread ((char *) &faillog, sizeof faillog, 1, fail) == 1)
print_one (&faillog, user);
else
perror (FAILFILE);
} else {
for (uid = 0;
fread ((char *) &faillog, sizeof faillog, 1, fail) == 1;
uid++) {
if (faillog.fail_cnt == 0)
continue;
if (tflg && NOW - faillog.fail_time > seconds)
continue;
print_one (&faillog, uid);
}
}
}
print_one (faillog, uid)
struct faillog *faillog;
{
static int once;
char *cp;
struct tm *tm;
struct passwd *pwent;
if (! once) {
printf ("Username Failures Maximum Latest\n");
once++;
}
pwent = getpwuid (uid);
tm = localtime (&faillog->fail_time);
cp = asctime (tm);
cp[24] = '\0';
if (pwent) {
printf ("%-16s %4d %4d",
pwent->pw_name, faillog->fail_cnt, faillog->fail_max);
if (faillog->fail_time)
printf (" %s on %s\n", cp, faillog->fail_line);
else
putchar ('\n');
}
}
reset ()
{
int uid = 0;
if (uflg)
reset_one (user);
else
for (uid = 0;reset_one (uid);uid++)
;
}
reset_one (uid)
int uid;
{
off_t offset;
offset = uid * sizeof faillog;
fstat (fileno (fail), &statbuf);
if (offset >= statbuf.st_size)
return (0);
if (fseek (fail, offset, 0) != 0) {
perror (FAILFILE);
return (0);
}
if (fread ((char *) &faillog, sizeof faillog, 1, fail) != 1) {
if (! feof (fail))
perror (FAILFILE);
return (0);
}
if (faillog.fail_cnt == 0)
return (1); /* don't fill in no holes ... */
faillog.fail_cnt = 0;
if (fseek (fail, offset, 0) == 0
&& fwrite ((char *) &faillog, sizeof faillog, 1, fail) == 1) {
fflush (fail);
return (1);
} else {
perror (FAILFILE);
}
return (0);
}
setmax ()
{
int uid = 0;
struct passwd *pwent;
if (uflg) {
setmax_one (user);
} else {
setpwent ();
while (pwent = getpwent ())
setmax_one (pwent->pw_uid);
}
}
setmax_one (uid)
int uid;
{
off_t offset;
offset = uid * sizeof faillog;
if (fseek (fail, offset, 0) != 0) {
perror (FAILFILE);
return;
}
if (fread ((char *) &faillog, sizeof faillog, 1, fail) != 1) {
if (! feof (fail))
perror (FAILFILE);
} else {
memset ((char *) &faillog, '\0', sizeof faillog);
}
faillog.fail_max = max;
if (fseek (fail, offset, 0) == 0
&& fwrite ((char *) &faillog, sizeof faillog, 1, fail) == 1)
fflush (fail);
else
perror (FAILFILE);
}
SHAR_EOF
fi
if test -f 'faillog.h'
then
echo shar: "will not over-write existing file 'faillog.h'"
else
cat << \SHAR_EOF > 'faillog.h'
/*
* faillog.h - login failure logging file format
*
* @(#)faillog.h 1.1 20:43:01 3/26/89
*
* The login failure file is maintained by login(1) and fail(1L)
* Each record in the file represents a separate UID and the file
* is indexed in that fashion.
*/
#define FAILFILE "/usr/adm/faillog"
struct faillog {
short fail_cnt; /* failures since last success */
short fail_max; /* failures before turning account off */
char fail_line[12]; /* last failure occured here */
time_t fail_time; /* last failure occured then */
};
SHAR_EOF
fi
if test -f 'failure.c'
then
echo shar: "will not over-write existing file 'failure.c'"
else
cat << \SHAR_EOF > 'failure.c'
#include <sys/types.h>
#include <fcntl.h>
#include <time.h>
#include "faillog.h"
#include "config.h"
#ifndef lint
static char _sccsid[] = "@(#)failure.c 1.1 21:06:32 3/26/89";
#endif
#ifdef FAILLOG
#define DAY (24L*3600L)
#define YEAR (365L*DAY)
#define NOW (time ((time_t *) 0))
extern struct tm *localtime ();
extern char *asctime;
extern void failprint ();
/*
* faillog - make failure entry
*/
void
faillog (uid, tty)
int uid;
char *tty;
{
int fd;
struct faillog faillog;
if ((fd = open (FAILFILE, O_RDWR)) < 0)
return;
lseek (fd, (off_t) sizeof faillog * uid, 0);
if (read (fd, (char *) &faillog, sizeof faillog)
!= sizeof faillog)
memset ((void *) &faillog, '\0', sizeof faillog);
if (faillog.fail_max == 0 || faillog.fail_cnt < faillog.fail_max)
faillog.fail_cnt++;
strncpy (faillog.fail_line, tty, sizeof faillog.fail_line);
faillog.fail_time = time ((time_t *) 0);
lseek (fd, (off_t) sizeof faillog * uid, 0);
write (fd, (char *) &faillog, sizeof faillog);
close (fd);
return;
}
/*
* failcheck - check for failures > allowable, reset count if not
*
* failcheck() is called AFTER the password has been validated.
*/
int failcheck (uid)
int uid;
{
int fd;
int okay = 1;
struct faillog faillog;
if ((fd = open (FAILFILE, O_RDWR)) < 0)
return (1);
lseek (fd, (off_t) sizeof faillog * uid, 0);
if (read (fd, (char *) &faillog, sizeof faillog) == sizeof faillog) {
if (faillog.fail_max != 0
&& faillog.fail_cnt >= faillog.fail_max)
okay = 0;
else {
if (faillog.fail_cnt)
failprint (&faillog);
faillog.fail_cnt = 0;
lseek (fd, (off_t) sizeof faillog * uid, 0);
write (fd, (char *) &faillog, sizeof faillog);
}
}
close (fd);
return (okay);
}
/*
* failprint - print line of failure information
*/
void failprint (fail)
struct faillog *fail;
{
struct tm *tp;
char *lasttime;
if (fail->fail_cnt == 0)
return;
tp = localtime (&fail->fail_time);
lasttime = asctime (tp);
lasttime[24] = '\0';
if (NOW - fail->fail_time < YEAR)
lasttime[19] = '\0';
if (NOW - fail->fail_time < DAY)
lasttime = lasttime + 11;
if (*lasttime == ' ')
lasttime++;
printf ("%d %s since last login. Last was %s on %s.\n",
fail->fail_cnt, fail->fail_cnt > 1 ? "failures":"failure",
lasttime, fail->fail_line);
}
#endif
SHAR_EOF
fi
exit 0
# End of shell archive
--
John F. Haugh II +-Quote of the Week:-------------------
VoiceNet: (214) 250-3311 Data: -6272 | "Do not drink and bake"
InterNet: jfh at rpp386.Dallas.TX.US | -- Arnold Swartzenegger
UucpNet : <backbone>!killer!rpp386!jfh +--------------------------------------
More information about the Comp.sources.bugs
mailing list