/***************************************************************************** * * $Id$ * Purpose ...............: MBSE BBS Shadow Password Suite * Original Source .......: Shadow Password Suite * Original Copyrioght ...: Julianne Frances Haugh and others. * ***************************************************************************** * Copyright (C) 1997-2001 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 * 1971 BV IJmuiden * the Netherlands * * This file is part of MBSE BBS. * * This BBS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2, or (at your option) any * later version. * * MBSE BBS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with MBSE BBS; see the file COPYING. If not, write to the Free * Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. *****************************************************************************/ #include "../config.h" #include #include #include #include #include #include "mblogin.h" #include #include "getdef.h" #include "chowntty.h" /* * is_my_tty -- determine if "tty" is the same as TTY stdin is using */ int is_my_tty(const char *tty) { struct stat by_name, by_fd; if (stat (tty, &by_name) || fstat (0, &by_fd)) return 0; if (by_name.st_rdev != by_fd.st_rdev) return 0; else return 1; } /* * chown_tty() sets the login tty to be owned by the new user ID * with TTYPERM modes */ void chown_tty(const char *tty, const struct passwd *info) { char buf[200], full_tty[200]; char *group; /* TTY group name or number */ struct group *grent; gid_t gid; /* * See if login.defs has some value configured for the port group * ID. Otherwise, use the user's primary group ID. */ if (! (group = getdef_str ("TTYGROUP"))) gid = info->pw_gid; else if (group[0] >= '0' && group[0] <= '9') gid = atoi (group); else if ((grent = getgrnam (group))) gid = grent->gr_gid; else gid = info->pw_gid; /* * Change the permissions on the TTY to be owned by the user with * the group as determined above. */ if (*tty != '/') { snprintf(full_tty, sizeof full_tty, "/dev/%s", tty); tty = full_tty; } if (! is_my_tty (tty)) { syslog(LOG_WARNING, "unable to determine TTY name, got %s\n", tty); closelog(); exit (1); } if (chown(tty, info->pw_uid, gid) || chmod(tty, getdef_num("TTYPERM", 0600))) { snprintf(buf, sizeof buf, "Unable to change tty %s", tty); syslog(LOG_WARNING, "unable to change tty `%s' for user `%s'\n", tty, info->pw_name); closelog(); perror (buf); exit(1); } #ifdef __linux__ /* * Please don't add code to chown /dev/vcs* to the user logging in - * it's a potential security hole. I wouldn't like the previous user * to hold the file descriptor open and watch my screen. We don't * have the *BSD revoke() system call yet, and vhangup() only works * for tty devices (which vcs* is not). --marekm */ #endif }