1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
|
--- session.c.orig Tue Apr 17 21:34:25 2001
+++ session.c Mon Jun 25 07:51:19 2001
@@ -58,6 +58,12 @@
#include "canohost.h"
#include "session.h"
+#ifdef __FreeBSD__
+#include <libutil.h>
+#include <syslog.h>
+#include <time.h>
+#endif /* __FreeBSD__ */
+
/* types */
#define TTYSZ 64
@@ -461,6 +467,13 @@
log_init(__progname, options.log_level, options.log_facility, log_stderr);
/*
+ * Using login and executing a specific "command" are mutually
+ * exclusive, so turn off use_login if there's a command.
+ */
+ if (command != NULL)
+ options.use_login = 0;
+
+ /*
* Create a new session and process group since the 4.4BSD
* setlogin() affects the entire process group.
*/
@@ -566,6 +579,13 @@
/* Child. Reinitialize the log because the pid has changed. */
log_init(__progname, options.log_level, options.log_facility, log_stderr);
+ /*
+ * Using login and executing a specific "command" are mutually
+ * exclusive, so turn off use_login if there's a command.
+ */
+ if (command != NULL)
+ options.use_login = 0;
+
/* Close the master side of the pseudo tty. */
close(ptyfd);
@@ -639,6 +659,11 @@
time_t last_login_time;
struct passwd * pw = s->pw;
pid_t pid = getpid();
+#ifdef HAVE_LOGIN_CAP
+ FILE *f;
+ char buf[256];
+ char *fname;
+#endif /* HAVE_LOGIN_CAP */
/*
* Get IP address of client. If the connection is not a socket, let
@@ -679,6 +704,21 @@
printf("Last login: %s from %s\r\n", time_string, hostname);
}
+#ifdef HAVE_LOGIN_CAP
+ if (!options.use_login) {
+ fname = login_getcapstr(lc, "copyright", NULL, NULL);
+ if (fname != NULL && (f = fopen(fname, "r")) != NULL) {
+ while (fgets(buf, sizeof(buf), f) != NULL)
+ fputs(buf, stdout);
+ fclose(f);
+ } else
+ (void)printf("%s\n\t%s %s\n",
+ "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994",
+ "The Regents of the University of California. ",
+ "All rights reserved.");
+ }
+#endif /* HAVE_LOGIN_CAP */
+
do_motd();
}
@@ -914,6 +954,10 @@
env[0] = NULL;
if (!options.use_login) {
+#ifdef HAVE_LOGIN_CAP
+ char *var;
+#endif /* HAVE_LOGIN_CAP */
+
/* Set basic environment. */
child_set_env(&env, &envsize, "USER", pw->pw_name);
child_set_env(&env, &envsize, "LOGNAME", pw->pw_name);
@@ -921,6 +965,12 @@
#ifdef HAVE_LOGIN_CAP
(void) setusercontext(lc, pw, pw->pw_uid, LOGIN_SETPATH);
child_set_env(&env, &envsize, "PATH", getenv("PATH"));
+ var= login_getcapstr(lc, "lang", NULL, NULL);
+ if ( var ) child_set_env(&env, &envsize, "LANG", var);
+ var= login_getcapstr(lc, "charset", NULL, NULL);
+ if ( var ) child_set_env(&env, &envsize, "MM_CHARSET", var);
+ var= login_getcapstr(lc, "timezone", NULL, NULL);
+ if ( var ) child_set_env(&env, &envsize, "TZ", var);
#else
child_set_env(&env, &envsize, "PATH", _PATH_STDPATH);
#endif
@@ -932,8 +982,13 @@
/* Normal systems set SHELL by default. */
child_set_env(&env, &envsize, "SHELL", shell);
}
+#ifdef HAVE_LOGIN_CAP
+#else /* HAVE_LOGIN_CAP */
+ if (getenv("TZ"))
+ child_set_env(&env, &envsize, "TZ", getenv("TZ"));
if (getenv("TZ"))
child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+#endif /* HAVE_LOGIN_CAP */
/* Set custom environment options from RSA authentication. */
while (custom_environment) {
@@ -1027,7 +1082,7 @@
* initgroups, because at least on Solaris 2.3 it leaves file
* descriptors open.
*/
- for (i = 3; i < 64; i++)
+ for (i = 3; i < getdtablesize(); i++)
close(i);
/* Change current directory to the user\'s home directory. */
@@ -1051,6 +1106,28 @@
* in this order).
*/
if (!options.use_login) {
+#ifdef __FreeBSD__
+ /*
+ * If the password change time is set and has passed, give the
+ * user a password expiry notice and chance to change it.
+ */
+ if (pw->pw_change != 0) {
+ struct timeval tv;
+
+ (void)gettimeofday(&tv, NULL);
+ if (tv.tv_sec >= pw->pw_change) {
+ (void)printf(
+ "Sorry -- your password has expired.\n");
+ syslog(LOG_INFO,
+ "%s Password expired - forcing change",
+ pw->pw_name);
+ if (system("/usr/bin/passwd") != 0) {
+ perror("/usr/bin/passwd");
+ exit(1);
+ }
+ }
+ }
+#endif /* __FreeBSD__ */
/* ignore _PATH_SSH_USER_RC for subsystems */
if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
if (debug_flag)
|
