logo

skeud

Simple and portable utilities to deal with user accounts (su, login)

login.c (4812B)

    

  1. // SPDX-FileCopyrightText: 2022 Haelwenn (lanodan) Monnier <contact+skeud@hacktivis.me>
  2. // SPDX-License-Identifier: MPL-2.0
  4. #define _POSIX_C_SOURCE 200809L
  5. // for explicit_bzero, initgroups
  6. #define _DEFAULT_SOURCE
  8. #ifdef __linux__
  9. // I love linux extensions (no)
  10. #include <shadow.h> /* getspnam */
  11. #endif
  13. #include "common.h" // skeud_getpass, skeud_crypt_check
  15. #include <assert.h>   // assert
  16. #include <errno.h>    // errno
  17. #include <grp.h>      // getgrnam, initgroups
  18. #include <pwd.h>      // getpwnam
  19. #include <stdbool.h>  // bool
  20. #include <stdio.h>    // fprintf, perror
  21. #include <stdlib.h>   // abort, setenv
  22. #include <string.h>   // strcmp, explicit_bzero
  23. #include <sys/stat.h> // fchmod
  24. #include <unistd.h>   // getuid, getopt, opt*, chdir, setuid, setgid, fchown
  26. #define TTY_GROUP "tty"
  27. #define TTY_PERMS 0600
  29. extern char **environ;
  30. char *envclear[] = {NULL};
  32. int
  33. main(int argc, char *argv[])
  34. {
  35. 	bool opt_f           = false;
  36. 	bool opt_p           = false;
  37. 	int c                = EOF;
  38. 	char *username       = NULL;
  39. 	struct passwd *pwent = NULL;
  40. 	char *shell          = "/bin/sh";
  42. 	if(getuid() != 0)
  43. 	{
  44. 		fprintf(stderr, "login: Not super-user\n");
  45. 		return 1;
  46. 	}
  48. 	/* flawfinder: ignore CWE-120, CWE-20 */
  49. 	while((c = getopt(argc, argv, ":f:p")) != EOF)
  50. 	{
  51. 		switch(c)
  52. 		{
  53. 		case 'f': // user already authenticated
  54. 			opt_f    = true;
  55. 			username = optarg;
  56. 			break;
  57. 		case 'p': // preserve environment
  58. 			opt_p = true;
  59. 			break;
  60. 		case ':':
  61. 			fprintf(stderr, "login: Option -%c requires an operand\n", optopt);
  62. 			return 1;
  63. 		case '?':
  64. 			fprintf(stderr, "login: Unrecognized option: '-%c'\n", optopt);
  65. 			return 1;
  66. 		default:
  67. 			fprintf(stderr, "login: Unknown getopt state, aborting\n");
  68. 			abort();
  69. 		}
  70. 	}
  72. 	argc -= optind;
  73. 	argv += optind;
  75. 	if(!opt_f)
  76. 	{
  77. 		if(argc == 1)
  78. 		{
  79. 			username = argv[0];
  80. 		}
  81. 		else if(argc > 1)
  82. 		{
  83. 			fprintf(stderr, "login: Too many arguments given.\n");
  84. 			return 1;
  85. 		}
  86. 	}
  87. 	else
  88. 	{
  89. 		if(argc > 0)
  90. 		{
  91. 			fprintf(stderr, "login: Too many arguments given.\n");
  92. 			return 1;
  93. 		}
  94. 	}
  96. 	if(username == NULL)
  97. 	{
  98. 		size_t len = 0;
  100. 		printf("username: ");
  101. 		ssize_t got = getline(&username, &len, stdin);
  102. 		if(got < 0)
  103. 		{
  104. 			if(errno != 0) perror("login: getline");
  105. 			free(username);
  106. 			return 1;
  107. 		}
  109. 		username[got]     = 0;
  110. 		username[got - 1] = 0;
  111. 	}
  113. 	assert(username != NULL);
  115. 	errno = 0;
  116. 	pwent = getpwnam(username);
  117. 	if(errno != 0)
  118. 	{
  119. 		perror("login: getpwnam");
  120. 	}
  122. 	if(!opt_f)
  123. 	{
  124. 		char *pw_hash = NULL;
  125. 		if(pwent && pwent->pw_passwd)
  126. 		{
  127. 			pw_hash = pwent->pw_passwd;
  128. 		}
  130. #ifdef __linux__
  131. 		// Always fetched to avoid potentially leaking passwd contents
  132. 		errno              = 0;
  133. 		struct spwd *swent = getspnam(username);
  134. 		if(errno != 0)
  135. 		{
  136. 			perror("login: getspnam");
  137. 		}
  138. 		else
  139. 		{
  140. 			if(pw_hash && strcmp(pw_hash, "x") == 0)
  141. 			{
  142. 				pw_hash = swent->sp_pwdp;
  143. 			}
  145. 			explicit_bzero(swent, sizeof(swent));
  146. 			swent = NULL;
  147. 		}
  148. #endif /* __linux__ */
  150. 		char *password = NULL;
  151. 		ssize_t got    = skeud_getpass(&password);
  152. 		if(got < 0)
  153. 		{
  154. 			free(username);
  155. 			free(password);
  156. 			return 1;
  157. 		}
  159. 		bool valid_p = skeud_crypt_check(pw_hash, password);
  161. 		explicit_bzero(password, got);
  162. 		free(password);
  163. 		if(pw_hash) explicit_bzero(pw_hash, sizeof(pw_hash));
  165. 		if(!valid_p)
  166. 		{
  167. 			free(username);
  168. 			sleep(2);
  169. 			fprintf(stderr, "login: Invalid username or password\n");
  170. 			return 1;
  171. 		}
  172. 	}
  174. 	if(!opt_p)
  175. 	{
  176. 		char *term = getenv("TERM");
  177. 		environ    = envclear;
  178. 		if(term)
  179. 		{
  180. 			setenv("TERM", term, 1);
  181. 		}
  182. 	}
  184. 	if(pwent != NULL)
  185. 	{
  186. 		int tty_gid             = pwent->pw_gid;
  187. 		struct group *tty_group = getgrnam(TTY_GROUP);
  188. 		if(tty_group == NULL)
  189. 		{
  190. 			perror("login: getgrnam");
  191. 		}
  192. 		else
  193. 		{
  194. 			tty_gid = tty_group->gr_gid;
  195. 		}
  197. 		/* considers that STDIN_FILENO is close enough to the current tty */
  198. 		if(fchown(STDIN_FILENO, pwent->pw_uid, tty_gid) < 0)
  199. 		{
  200. 			perror("login: fchown");
  201. 		}
  202. 		if(fchmod(STDIN_FILENO, TTY_PERMS))
  203. 		{
  204. 			perror("login: fchmod");
  205. 		}
  206. 		if(setgid(pwent->pw_gid) < 0)
  207. 		{
  208. 			perror("login: setgid");
  209. 		}
  210. 		if(initgroups(pwent->pw_name, pwent->pw_gid) < 0)
  211. 		{
  212. 			perror("login: initgroups");
  213. 		}
  214. 		if(setuid(pwent->pw_uid) < 0)
  215. 		{
  216. 			perror("login: setuid");
  217. 		}
  219. 		if(pwent->pw_shell != NULL)
  220. 		{
  221. 			shell = pwent->pw_shell;
  222. 		}
  224. 		if(pwent->pw_dir != NULL)
  225. 		{
  226. 			setenv("HOME", pwent->pw_dir, 1);
  228. 			if(chdir(pwent->pw_dir) != 0)
  229. 			{
  230. 				perror("login: chdir");
  231. 			}
  232. 		}
  234. 		explicit_bzero(pwent, sizeof(pwent));
  235. 		pwent = NULL;
  236. 	}
  238. 	setenv("USER", username, 1);
  239. 	setenv("LOGNAME", username, 1);
  240. 	setenv("SHELL", shell, 1);
  241. 	setenv("IFS", " \t\n", 1);
  243. 	free(username);
  245. 	errno = 0;
  246. 	/* flawfinder: ignore CWE-78 */
  247. 	if(execl(shell, shell, "-l", NULL) < 0)
  248. 	{
  249. 		if(errno == ENOENT)
  250. 		{
  251. 			perror("login: execve");
  252. 			return 127;
  253. 		}
  254. 		else
  255. 		{
  256. 			perror("login: execve");
  257. 			return 126;
  258. 		}
  259. 	}
  260. }