--- sshd.c.orig Tue Dec 7 22:56:55 1999 +++ sshd.c Tue Dec 7 22:58:36 1999 @@ -24,6 +24,8 @@ #include "servconf.h" #include "uidswap.h" #include "compat.h" +#include +#include #ifdef LIBWRAP #include @@ -32,6 +34,16 @@ int deny_severity = LOG_WARNING; #endif /* LIBWRAP */ +#ifdef __FreeBSD__ +#include +#include +#define LOGIN_CAP +#endif /* __FreeBSD__ */ + +#ifdef LOGIN_CAP +#include +#endif /* LOGIN_CAP */ + #ifndef O_NOCTTY #define O_NOCTTY 0 #endif @@ -118,6 +130,32 @@ the private key. */ RSA *public_key; +/* These are used to implement connections_per_period. */ +struct magic_connection { + struct timeval connections_begin; + unsigned int connections_this_period; +} *magic_connections; +/* Magic number, too! TODO: this doesn't have to be static. */ +const size_t MAGIC_CONNECTIONS_SIZE = 1; + +static __inline int +magic_hash(struct sockaddr_in *sin) { + + return 0; +} + +static __inline struct timeval +timevaldiff(struct timeval *tv1, struct timeval *tv2) { + struct timeval diff; + int carry; + + carry = tv1->tv_usec > tv2->tv_usec; + diff.tv_sec = tv2->tv_sec - tv1->tv_sec - (carry ? 0 : 1); + diff.tv_usec = tv2->tv_usec - tv1->tv_usec + (carry ? 1000000 : 0); + + return diff; +} + /* Prototypes for various functions defined later in this file. */ void do_connection(); void do_authentication(char *user); @@ -278,6 +316,7 @@ extern char *optarg; extern int optind; int opt, aux, sock_in, sock_out, newsock, i, pid, on = 1; + int connections_per_period_exceeded = 0; int remote_major, remote_minor; int silentrsa = 0; struct pollfd fds; @@ -543,6 +582,12 @@ /* Arrange SIGCHLD to be caught. */ signal(SIGCHLD, main_sigchld_handler); + /* Initialize the magic_connections table. It's magical! */ + magic_connections = calloc(MAGIC_CONNECTIONS_SIZE, + sizeof(struct magic_connection)); + if (magic_connections == NULL) + fatal("calloc: %s", strerror(errno)); + /* * Stay listening for connections until the system crashes or * the daemon is killed with a signal. @@ -572,9 +617,31 @@ error("accept: %.100s", strerror(errno)); continue; } + if (options.connections_per_period != 0) { + struct timeval diff, connections_end; + struct magic_connection *mc; + + (void)gettimeofday(&connections_end, NULL); + mc = &magic_connections[magic_hash(&sin)]; + diff = timevaldiff(&mc->connections_begin, &connections_end); + if (diff.tv_sec >= options.connections_period) { + /* + * Slide the window forward only after completely + * leaving it. + */ + mc->connections_begin = connections_end; + mc->connections_this_period = 1; + } else { + if (++mc->connections_this_period > + options.connections_per_period) + connections_per_period_exceeded = 1; + } + } + /* - * Got connection. Fork a child to handle it, unless - * we are in debugging mode. + * Got connection. Fork a child to handle it unless + * we are in debugging mode or the maximum number of + * connections per period has been exceeded. */ if (debug_flag) { /* @@ -588,6 +655,12 @@ sock_out = newsock; pid = getpid(); break; + } else if (connections_per_period_exceeded) { + log("Connection rate limit of %u/%us has been exceeded; " + "dropping connection from %s.", + options.connections_per_period, options.connections_period, + inet_ntoa(sin.sin_addr)); + connections_per_period_exceeded = 0; } else { /* * Normal production daemon. Fork, and have @@ -1065,6 +1138,14 @@ return 0; } } + /* Fail if the account's expiration time has passed. */ + if (pw->pw_expire != 0) { + struct timeval tv; + + (void)gettimeofday(&tv, NULL); + if (tv.tv_sec >= pw->pw_expire) + return 0; + } /* We found no reason not to let this user try to log on... */ return 1; } @@ -1100,6 +1181,9 @@ pwcopy.pw_gid = pw->pw_gid; pwcopy.pw_dir = xstrdup(pw->pw_dir); pwcopy.pw_shell = xstrdup(pw->pw_shell); + pwcopy.pw_class = xstrdup(pw->pw_class); + pwcopy.pw_expire = pw->pw_expire; + pwcopy.pw_change = pw->pw_change; pw = &pwcopy; /* @@ -1889,6 +1973,10 @@ struct sockaddr_in from; int fromlen; struct pty_cleanup_context cleanup_context; +#ifdef LOGIN_CAP + login_cap_t *lc; + char *fname; +#endif /* LOGIN_CAP */ /* Get remote host name. */ hostname = get_canonical_hostname(); @@ -1953,6 +2041,12 @@ /* Check if .hushlogin exists. */ snprintf(line, sizeof line, "%.200s/.hushlogin", pw->pw_dir); quiet_login = stat(line, &st) >= 0; +#ifdef LOGIN_CAP + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); + quiet_login = login_getcapbool(lc, "hushlogin", quiet_login); +#endif /* LOGIN_CAP */ /* * If the user has logged in before, display the time of last @@ -1976,6 +2070,20 @@ else printf("Last login: %s from %s\r\n", time_string, buf); } +#ifdef LOGIN_CAP + if (command == NULL && !quiet_login && !options.use_login) { + fname = login_getcapstr(lc, "copyright", NULL, NULL); + if (fname != NULL && (f = fopen(fname, "r")) != NULL) { + while (fgets(line, sizeof(line), f) != NULL) + fputs(line, stdout); + fclose(f); + } else + (void)printf("%s\n\t%s %s\n", + "Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994", + "The Regents of the University of California. ", + "All rights reserved."); + } +#endif /* LOGIN_CAP */ /* * Print /etc/motd unless a command was specified or printing * it was disabled in server options or login(1) will be @@ -1984,14 +2092,22 @@ */ if (command == NULL && options.print_motd && !quiet_login && !options.use_login) { - /* Print /etc/motd if it exists. */ +#ifdef LOGIN_CAP + fname = login_getcapstr(lc, "welcome", NULL, NULL); + login_close(lc); + if (fname == NULL || (f = fopen(fname, "r")) == NULL) + f = fopen("/etc/motd", "r"); +#else /* LOGIN_CAP */ f = fopen("/etc/motd", "r"); +#endif /* LOGIN_CAP */ + /* Print /etc/motd if it exists. */ if (f) { while (fgets(line, sizeof(line), f)) fputs(line, stdout); fclose(f); } } + /* Do common processing for the child, such as execing the command. */ do_child(command, pw, term, display, auth_proto, auth_data, ttyname); /* NOTREACHED */ @@ -2127,7 +2243,8 @@ const char *display, const char *auth_proto, const char *auth_data, const char *ttyname) { - const char *shell, *cp = NULL; + char *shell; + const char *cp = NULL; char buf[256]; FILE *f; unsigned int envsize, i; @@ -2135,15 +2252,34 @@ extern char **environ; struct stat st; char *argv[10]; +#ifdef LOGIN_CAP + login_cap_t *lc; + + lc = login_getpwclass(pw); + if (lc == NULL) + lc = login_getclassbyname(NULL, pw); +#endif /* LOGIN_CAP */ f = fopen("/etc/nologin", "r"); +#ifdef __FreeBSD__ + if (f == NULL) + f = fopen("/var/run/nologin", "r"); +#endif /* __FreeBSD__ */ if (f) { /* /etc/nologin exists. Print its contents and exit. */ - while (fgets(buf, sizeof(buf), f)) - fputs(buf, stderr); - fclose(f); - if (pw->pw_uid != 0) - exit(254); +#ifdef LOGIN_CAP + /* On FreeBSD, etc., allow overriding nologin via login.conf. */ + if (!login_getcapbool(lc, "ignorenologin", 0)) { +#else /* LOGIN_CAP */ + if (1) { +#endif /* LOGIN_CAP */ + while (fgets(buf, sizeof(buf), f)) + fputs(buf, stderr); + fclose(f); + if (pw->pw_uid != 0) + exit(254); + } + } /* Set login name in the kernel. */ if (setlogin(pw->pw_name) < 0) @@ -2153,6 +2289,13 @@ /* Login(1) does this as well, and it needs uid 0 for the "-h" switch, so we let login(1) to this for us. */ if (!options.use_login) { +#ifdef LOGIN_CAP + if (setclasscontext(pw->pw_class, LOGIN_SETPRIORITY | + LOGIN_SETRESOURCES | LOGIN_SETUMASK) == -1) { + perror("setclasscontext"); + exit(1); + } +#endif /* LOGIN_CAP */ if (getuid() == 0 || geteuid() == 0) { if (setgid(pw->pw_gid) < 0) { perror("setgid"); @@ -2175,7 +2318,14 @@ * Get the shell from the password data. An empty shell field is * legal, and means /bin/sh. */ +#ifdef LOGIN_CAP + shell = pw->pw_shell; + shell = login_getcapstr(lc, "shell", shell, shell); + if (shell[0] == '\0') + shell = _PATH_BSHELL; +#else /* LOGIN_CAP */ shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell; +#endif /* LOGIN_CAP */ #ifdef AFS /* Try to get AFS tokens for the local cell. */ @@ -2199,7 +2349,12 @@ child_set_env(&env, &envsize, "USER", pw->pw_name); child_set_env(&env, &envsize, "LOGNAME", pw->pw_name); child_set_env(&env, &envsize, "HOME", pw->pw_dir); +#ifdef LOGIN_CAP + child_set_env(&env, &envsize, "PATH", + login_getpath(lc, "path", _PATH_STDPATH)); +#else /* LOGIN_CAP */ child_set_env(&env, &envsize, "PATH", _PATH_STDPATH); +#endif /* LOGIN_CAP */ snprintf(buf, sizeof buf, "%.200s/%.50s", _PATH_MAILDIR, pw->pw_name); @@ -2289,6 +2444,9 @@ */ endpwent(); endhostent(); +#ifdef LOGIN_CAP + login_close(lc); +#endif /* LOGIN_CAP */ /* * Close any extra open file descriptors so that we don\'t have them @@ -2296,7 +2454,7 @@ * initgroups, because at least on Solaris 2.3 it leaves file * descriptors open. */ - for (i = 3; i < 64; i++) + for (i = 3; i < getdtablesize(); i++) close(i); /* Change current directory to the user\'s home directory. */ @@ -2315,6 +2473,26 @@ * in this order). */ if (!options.use_login) { +#ifdef __FreeBSD__ + /* + * If the password change time is set and has passed, give the + * user a password expiry notice and chance to change it. + */ + if (pw->pw_change != 0) { + struct timeval tv; + + (void)gettimeofday(&tv, NULL); + if (tv.tv_sec >= pw->pw_change) { + (void)printf( + "Sorry -- your password has expired.\n"); + syslog(LOG_INFO, + "%s Password expired - forcing change", + pw->pw_name); + if (system("/usr/bin/passwd") != 0) + perror("/usr/bin/passwd"); + } + } +#endif /* __FreeBSD__ */ if (stat(SSH_USER_RC, &st) >= 0) { if (debug_flag) fprintf(stderr, "Running /bin/sh %s\n", SSH_USER_RC);