diff options
| author | Ron Yorston <rmy@pobox.com> | 2021-05-14 08:17:12 +0100 |
|---|---|---|
| committer | Ron Yorston <rmy@pobox.com> | 2021-05-14 08:17:12 +0100 |
| commit | a3f5a1b7f4275f713acf22f534f95c0da8392e53 (patch) | |
| tree | 49b65422a3e9c33f508da9ccf3ae79d324bd9e96 /loginutils | |
| parent | 375cda9a88024135d630ca8990d9aff4ea414e89 (diff) | |
| parent | 7de0ab21d939a5a304157f75918d0318a95261a3 (diff) | |
| download | busybox-w32-a3f5a1b7f4275f713acf22f534f95c0da8392e53.tar.gz busybox-w32-a3f5a1b7f4275f713acf22f534f95c0da8392e53.tar.bz2 busybox-w32-a3f5a1b7f4275f713acf22f534f95c0da8392e53.zip | |
Merge branch 'busybox' into merge
Diffstat (limited to 'loginutils')
| -rw-r--r-- | loginutils/login.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/loginutils/login.c b/loginutils/login.c index 21c32fc25..ce87e318a 100644 --- a/loginutils/login.c +++ b/loginutils/login.c | |||
| @@ -60,6 +60,11 @@ | |||
| 60 | //usage: "\n -f Don't authenticate (user already authenticated)" | 60 | //usage: "\n -f Don't authenticate (user already authenticated)" |
| 61 | //usage: "\n -h HOST Host user came from (for network logins)" | 61 | //usage: "\n -h HOST Host user came from (for network logins)" |
| 62 | //usage: "\n -p Preserve environment" | 62 | //usage: "\n -p Preserve environment" |
| 63 | //usage: "\n" | ||
| 64 | //usage: "\n$LOGIN_TIMEOUT Seconds (default 60, 0 - disable)" | ||
| 65 | //usage: IF_LOGIN_SCRIPTS( | ||
| 66 | //usage: "\n$LOGIN_PRE_SUID_SCRIPT Execute before user ID change" | ||
| 67 | //usage: ) | ||
| 63 | 68 | ||
| 64 | #include "libbb.h" | 69 | #include "libbb.h" |
| 65 | #include "common_bufsiz.h" | 70 | #include "common_bufsiz.h" |
| @@ -130,7 +135,6 @@ static const struct pam_conv conv = { | |||
| 130 | #endif | 135 | #endif |
| 131 | 136 | ||
| 132 | enum { | 137 | enum { |
| 133 | TIMEOUT = 60, | ||
| 134 | EMPTY_USERNAME_COUNT = 10, | 138 | EMPTY_USERNAME_COUNT = 10, |
| 135 | /* Some users found 32 chars limit to be too low: */ | 139 | /* Some users found 32 chars limit to be too low: */ |
| 136 | USERNAME_SIZE = 64, | 140 | USERNAME_SIZE = 64, |
| @@ -139,6 +143,7 @@ enum { | |||
| 139 | 143 | ||
| 140 | struct globals { | 144 | struct globals { |
| 141 | struct termios tty_attrs; | 145 | struct termios tty_attrs; |
| 146 | int timeout; | ||
| 142 | } FIX_ALIASING; | 147 | } FIX_ALIASING; |
| 143 | #define G (*(struct globals*)bb_common_bufsiz1) | 148 | #define G (*(struct globals*)bb_common_bufsiz1) |
| 144 | #define INIT_G() do { setup_common_bufsiz(); } while (0) | 149 | #define INIT_G() do { setup_common_bufsiz(); } while (0) |
| @@ -302,7 +307,7 @@ static void alarm_handler(int sig UNUSED_PARAM) | |||
| 302 | * when you are back at shell prompt, echo will be still off. | 307 | * when you are back at shell prompt, echo will be still off. |
| 303 | */ | 308 | */ |
| 304 | tcsetattr_stdin_TCSANOW(&G.tty_attrs); | 309 | tcsetattr_stdin_TCSANOW(&G.tty_attrs); |
| 305 | printf("\r\nLogin timed out after %u seconds\r\n", TIMEOUT); | 310 | printf("\r\nLogin timed out after %u seconds\r\n", G.timeout); |
| 306 | fflush_all(); | 311 | fflush_all(); |
| 307 | /* unix API is brain damaged regarding O_NONBLOCK, | 312 | /* unix API is brain damaged regarding O_NONBLOCK, |
| 308 | * we should undo it, or else we can affect other processes */ | 313 | * we should undo it, or else we can affect other processes */ |
| @@ -345,6 +350,8 @@ int login_main(int argc UNUSED_PARAM, char **argv) | |||
| 345 | 350 | ||
| 346 | INIT_G(); | 351 | INIT_G(); |
| 347 | 352 | ||
| 353 | G.timeout = xatoi_positive(getenv("LOGIN_TIMEOUT") ? : "60"); | ||
| 354 | |||
| 348 | /* More of suid paranoia if called by non-root: */ | 355 | /* More of suid paranoia if called by non-root: */ |
| 349 | /* Clear dangerous stuff, set PATH */ | 356 | /* Clear dangerous stuff, set PATH */ |
| 350 | run_by_root = !sanitize_env_if_suid(); | 357 | run_by_root = !sanitize_env_if_suid(); |
| @@ -376,7 +383,7 @@ int login_main(int argc UNUSED_PARAM, char **argv) | |||
| 376 | 383 | ||
| 377 | /* We install timeout handler only _after_ we saved G.tty_attrs */ | 384 | /* We install timeout handler only _after_ we saved G.tty_attrs */ |
| 378 | signal(SIGALRM, alarm_handler); | 385 | signal(SIGALRM, alarm_handler); |
| 379 | alarm(TIMEOUT); | 386 | alarm(G.timeout); |
| 380 | 387 | ||
| 381 | /* Find out and memorize our tty name */ | 388 | /* Find out and memorize our tty name */ |
| 382 | full_tty = xmalloc_ttyname(STDIN_FILENO); | 389 | full_tty = xmalloc_ttyname(STDIN_FILENO); |
| @@ -435,6 +442,9 @@ int login_main(int argc UNUSED_PARAM, char **argv) | |||
| 435 | } | 442 | } |
| 436 | /* check that the account is healthy */ | 443 | /* check that the account is healthy */ |
| 437 | pamret = pam_acct_mgmt(pamh, 0); | 444 | pamret = pam_acct_mgmt(pamh, 0); |
| 445 | if (pamret == PAM_NEW_AUTHTOK_REQD) { | ||
| 446 | pamret = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); | ||
| 447 | } | ||
| 438 | if (pamret != PAM_SUCCESS) { | 448 | if (pamret != PAM_SUCCESS) { |
| 439 | failed_msg = "acct_mgmt"; | 449 | failed_msg = "acct_mgmt"; |
| 440 | goto pam_auth_failed; | 450 | goto pam_auth_failed; |