login.c - skeud - Simple and portable utilities to deal with user accounts (su, login)


// SPDX-FileCopyrightText: 2022 Haelwenn (lanodan) Monnier <contact+skeud@hacktivis.me>
// SPDX-License-Identifier: MPL-2.0
#define _POSIX_C_SOURCE 202405L
// for explicit_bzero, initgroups
#define _DEFAULT_SOURCE
#ifdef __linux__
// I love linux extensions (no)
#include <shadow.h> /* getspnam */
#endif
#include "common.h" // skeud_getpass, skeud_crypt_check
#include <errno.h>    // errno
#include <grp.h>      // getgrnam, initgroups
#include <limits.h>   // NAME_MAX
#include <pwd.h>      // getpwnam
#include <stdbool.h>  // bool
#include <stdio.h>    // fprintf, perror
#include <stdlib.h>   // abort, setenv
#include <string.h>   // strcmp, explicit_bzero
#include <sys/stat.h> // fchmod
#include <unistd.h>   // getuid, getopt, opt*, chdir, setuid, setgid, fchown
#define TTY_GROUP "tty"
#define TTY_PERMS 0600
extern char **environ;
char *envclear[]  = {NULL};
const char *argv0 = "login";
static int
process_pwent(struct passwd *pwent)
{
	int tty_gid             = pwent->pw_gid;
	struct group *tty_group = getgrnam(TTY_GROUP);
	if(tty_group == NULL)
	{
		perror("login: warning: getgrnam");
	}
	else
	{
		tty_gid = tty_group->gr_gid;
	}
	/* considers that STDIN_FILENO is close enough to the current tty */
	if(fchown(STDIN_FILENO, pwent->pw_uid, tty_gid) < 0)
	{
		perror("login: error: Failed setting TTY owner:group");
		return 1;
	}
	if(fchmod(STDIN_FILENO, TTY_PERMS))
	{
		perror("login: error: Failed setting TTY permissions");
		return 1;
	}
	if(setgid(pwent->pw_gid) < 0)
	{
		perror("login: error: Failed setting group-id");
		return 1;
	}
	if(initgroups(pwent->pw_name, pwent->pw_gid) < 0)
	{
		perror("login: error: initgroups");
		return 1;
	}
	if(setuid(pwent->pw_uid) < 0)
	{
		perror("login: error: Failed setting user-id");
		return 1;
	}
	if(pwent->pw_dir != NULL)
	{
		setenv("HOME", pwent->pw_dir, 1);
		if(chdir(pwent->pw_dir) != 0)
		{
			fprintf(stderr,
			        "login: warning: Failed to change current directory to '%s': %s\n",
			        pwent->pw_dir,
			        strerror(errno));
		}
	}
	return 0;
}
int
main(int argc, char *argv[])
{
	bool opt_f           = false;
	bool opt_p           = false;
	int c                = EOF;
	char *username       = NULL;
	struct passwd *pwent = NULL;
	const char *shell    = "/bin/sh";
	if(getuid() != 0)
	{
		fputs("login: error: Not super-user\n", stderr);
		return 1;
	}
	/* flawfinder: ignore CWE-120, CWE-20 */
	while((c = getopt(argc, argv, ":f:p")) != EOF)
	{
		switch(c)
		{
		case 'f': // user already authenticated
			opt_f    = true;
			username = optarg;
			break;
		case 'p': // preserve environment
			opt_p = true;
			break;
		case ':':
			fprintf(stderr, "login: error: Option -%c requires an operand\n", optopt);
			return 1;
		case '?':
			fprintf(stderr, "login: error: Unrecognized option: '-%c'\n", optopt);
			return 1;
		default:
			fputs("login: error: Unknown getopt state, aborting\n", stderr);
			abort();
		}
	}
	argc -= optind;
	argv += optind;
	if(!opt_f)
	{
		if(argc == 1)
		{
			username = argv[0];
		}
		else if(argc > 1)
		{
			fprintf(stderr, "login: error: Got %d arguments, expected <= 1\n", argc);
			return 1;
		}
	}
	else
	{
		if(argc > 0)
		{
			fprintf(stderr, "login: error: Got %d arguments, expected <= 0\n", argc);
			return 1;
		}
	}
	char *username_buf = NULL;
	if(username == NULL)
	{
		size_t len = 0;
		const char *prompt = "username: ";
		write(STDERR_FILENO, prompt, strlen(prompt));
		ssize_t got = getline(&username_buf, &len, stdin);
		if(got < 0)
		{
			if(errno != 0) skeud_err("Failed reading line", errno);
			free(username_buf);
			return 1;
		}
		username_buf[got]     = 0;
		username_buf[got - 1] = 0;
		username = username_buf;
	}
	if(username == NULL) return 1;
	errno = 0;
	pwent = getpwnam(username);
	if(errno != 0)
	{
		perror("login: warning: Failed getting passwd entry");
	}
	if(!opt_f)
	{
		char *pw_hash = NULL;
		if(pwent && pwent->pw_passwd)
		{
			pw_hash = pwent->pw_passwd;
		}
#ifdef __linux__
		// Always fetched to avoid potentially leaking passwd contents
		errno              = 0;
		struct spwd *swent = getspnam(username);
		if(errno != 0)
		{
			perror("login: warning: Failed getting shadow passwd entry");
		}
		else
		{
			if(pw_hash && strcmp(pw_hash, "x") == 0)
			{
				pw_hash = swent->sp_pwdp;
			}
			explicit_bzero(swent, sizeof(swent));
			swent = NULL;
		}
#endif /* __linux__ */
		char *password = NULL;
		ssize_t got    = skeud_getpass(&password);
		if(got < 0)
		{
			free(username_buf);
			free(password);
			return 1;
		}
		bool valid_p = skeud_crypt_check(pw_hash, password);
		explicit_bzero(password, got);
		free(password);
		if(pw_hash) explicit_bzero(pw_hash, sizeof(pw_hash));
		if(!valid_p)
		{
			free(username_buf);
			sleep(2);
			fputs("login: error: Invalid username or password\n", stderr);
			return 1;
		}
	}
	if(!opt_p)
	{
		char *term = getenv("TERM");
		environ    = envclear;
		if(term)
		{
			setenv("TERM", term, 1);
		}
	}
	if(pwent != NULL)
	{
		if(pwent->pw_shell != NULL)
		{
			shell = pwent->pw_shell;
		}
		int ret = process_pwent(pwent);
		explicit_bzero(pwent, sizeof(pwent));
		pwent = NULL;
		if(ret != 0)
		{
			free(username_buf);
			return ret;
		}
	}
	setenv("USER", username, 1);
	setenv("LOGNAME", username, 1);
	setenv("SHELL", shell, 1);
	setenv("IFS", " \t\n", 1);
	free(username_buf);
	const char *sh_basename = strrchr(shell, '/');
	sh_basename = sh_basename ? sh_basename + 1 : shell;
	char shell0[NAME_MAX] = "-sh";
	strlcpy(shell0 + 1, sh_basename, NAME_MAX - 1);
	errno = 0;
	/* flawfinder: ignore CWE-78 */
	if(execl(shell, shell0, NULL) < 0)
	{
		if(errno == ENOENT)
		{
			perror("login: error: Failed executing shell");
			return 127;
		}
		else
		{
			perror("login: error: Failed executing shell");
			return 126;
		}
	}
}