/[magellan-source]/trunk/mkinitrd-magellan/busybox/loginutils/login.c

Diff of /trunk/mkinitrd-magellan/busybox/loginutils/login.c

Parent Directory | Revision Log | View Patch Patch

-revision 532 by niro,
Sat Sep  1 22:45:15 2007 UTC
+revision 816 by niro,
Fri Apr 24 18:33:46 2009 UTC
 Line 3
   * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
   */
- #include "busybox.h"
+ #include "libbb.h"
+ #include <syslog.h>
  #include <utmp.h>
  #include <sys/resource.h>
- #include <syslog.h>
- #ifdef CONFIG_SELINUX
+ #if ENABLE_SELINUX
  #include <selinux/selinux.h>  /* for is_selinux_enabled()  */
  #include <selinux/get_context_list.h> /* for get_default_context() */
  #include <selinux/flask.h> /* for security class definitions  */
- #include <errno.h>
+ #endif
+ #if ENABLE_PAM
+ /* PAM may include <locale.h>. We may need to undefine bbox's stub define: */
+ #undef setlocale
+ /* For some obscure reason, PAM is not in pam/xxx, but in security/xxx.
+  * Apparently they like to confuse people. */
+ #include <security/pam_appl.h>
+ #include <security/pam_misc.h>
+ static const struct pam_conv conv = {
+ 	misc_conv,
+ 	NULL
+ };
  #endif
  enum {
-Line 22 
 enum {
+Line 34 
 enum {
  	TTYNAME_SIZE = 32,
  };
- static char full_tty[TTYNAME_SIZE];
+ static char* short_tty;
- static char* short_tty = full_tty;
  #if ENABLE_FEATURE_UTMP
  /* vv  Taken from tinylogin utmp.c  vv */
-Line 41 
 static char* short_tty = full_tty;
+Line 52 
 static char* short_tty = full_tty;
   *	command line flags.
   */
- static struct utmp utent;
+ static void read_or_build_utent(struct utmp *utptr, int run_by_root)
- static void read_or_build_utent(int picky)
  {
  	struct utmp *ut;
  	pid_t pid = getpid();
-Line 51 
 static void read_or_build_utent(int pick
+Line 60 
 static void read_or_build_utent(int pick
  	setutent();
  	/* First, try to find a valid utmp entry for this process.  */
- 	while ((ut = getutent()))
+ 	/* If there is one, just use it.  */
- 		if (ut->ut_pid == pid && ut->ut_line[0] && ut->ut_id[0] &&
+ 	while ((ut = getutent()) != NULL)
- 		(ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS))
+ 		if (ut->ut_pid == pid && ut->ut_line[0] && ut->ut_id[0]
- 			break;
+ 		 && (ut->ut_type == LOGIN_PROCESS || ut->ut_type == USER_PROCESS)
+ 		) {
+ 			*utptr = *ut; /* struct copy */
+ 			if (run_by_root) /* why only for root? */
+ 				memset(utptr->ut_host, 0, sizeof(utptr->ut_host));
+ 			return;
+ 		}
- 	/* If there is one, just use it, otherwise create a new one.  */
+ // Why? Do we require non-root to exec login from another
- 	if (ut) {
+ // former login process (e.g. login shell)? Some login's have
- 		utent = *ut;
+ // login shells as children, so it won't work...
- 	} else {
+ //	if (!run_by_root)
- 		if (picky)
+ //		bb_error_msg_and_die("no utmp entry found");
- 			bb_error_msg_and_die("no utmp entry found");
+ 	/* Otherwise create a new one.  */
- 		memset(&utent, 0, sizeof(utent));
+ 	memset(utptr, 0, sizeof(*utptr));
- 		utent.ut_type = LOGIN_PROCESS;
+ 	utptr->ut_type = LOGIN_PROCESS;
- 		utent.ut_pid = pid;
+ 	utptr->ut_pid = pid;
- 		strncpy(utent.ut_line, short_tty, sizeof(utent.ut_line));
+ 	strncpy(utptr->ut_line, short_tty, sizeof(utptr->ut_line));
- 		/* This one is only 4 chars wide. Try to fit something
+ 	/* This one is only 4 chars wide. Try to fit something
- 		 * remotely meaningful by skipping "tty"... */
+ 	 * remotely meaningful by skipping "tty"... */
- 		strncpy(utent.ut_id, short_tty + 3, sizeof(utent.ut_id));
+ 	strncpy(utptr->ut_id, short_tty + 3, sizeof(utptr->ut_id));
- 		strncpy(utent.ut_user, "LOGIN", sizeof(utent.ut_user));
+ 	strncpy(utptr->ut_user, "LOGIN", sizeof(utptr->ut_user));
- 		utent.ut_time = time(NULL);
+ 	utptr->ut_tv.tv_sec = time(NULL);
- 	}
- 	if (!picky)	/* root login */
- 		memset(utent.ut_host, 0, sizeof(utent.ut_host));
  }
  /*
-Line 83 
 static void read_or_build_utent(int pick
+Line 95 
 static void read_or_build_utent(int pick
   *	write_utent changes the type of the current utmp entry to
   *	USER_PROCESS.  the wtmp file will be updated as well.
   */
- static void write_utent(const char *username)
+ static void write_utent(struct utmp *utptr, const char *username)
  {
- 	utent.ut_type = USER_PROCESS;
+ 	utptr->ut_type = USER_PROCESS;
- 	strncpy(utent.ut_user, username, sizeof(utent.ut_user));
+ 	strncpy(utptr->ut_user, username, sizeof(utptr->ut_user));
- 	utent.ut_time = time(NULL);
+ 	utptr->ut_tv.tv_sec = time(NULL);
  	/* other fields already filled in by read_or_build_utent above */
  	setutent();
- 	pututline(&utent);
+ 	pututline(utptr);
  	endutent();
  #if ENABLE_FEATURE_WTMP
  	if (access(bb_path_wtmp_file, R_OK|W_OK) == -1) {
  		close(creat(bb_path_wtmp_file, 0664));
  	}
- 	updwtmp(bb_path_wtmp_file, &utent);
+ 	updwtmp(bb_path_wtmp_file, utptr);
  #endif
  }
  #else /* !ENABLE_FEATURE_UTMP */
- static inline void read_or_build_utent(int ATTRIBUTE_UNUSED picky) {}
+ #define read_or_build_utent(utptr, run_by_root) ((void)0)
- static inline void write_utent(const char ATTRIBUTE_UNUSED *username) {}
+ #define write_utent(utptr, username) ((void)0)
  #endif /* !ENABLE_FEATURE_UTMP */
- static void die_if_nologin_and_non_root(int amroot)
+ #if ENABLE_FEATURE_NOLOGIN
+ static void die_if_nologin(void)
  {
  	FILE *fp;
  	int c;
+ 	int empty = 1;
- 	if (access(bb_path_nologin_file, F_OK))
+ 	fp = fopen_for_read("/etc/nologin");
+ 	if (!fp) /* assuming it does not exist */
  		return;
- 	fp = fopen(bb_path_nologin_file, "r");
+ 	while ((c = getc(fp)) != EOF) {
- 	if (fp) {
+ 		if (c == '\n')
- 		while ((c = getc(fp)) != EOF)
+ 			bb_putchar('\r');
- 			putchar((c=='\n') ? '\r' : c);
+ 		bb_putchar(c);
- 		fflush(stdout);
+ 		empty = 0;
- 		fclose(fp);
+ 	}
- 	} else
+ 	if (empty)
  		puts("\r\nSystem closed for routine maintenance\r");
- 	if (!amroot)
- 		exit(1);
+ 	fclose(fp);
- 	puts("\r\n[Disconnect bypassed -- root login allowed.]\r");
+ 	fflush(NULL);
+ 	/* Users say that they do need this prior to exit: */
+ 	tcdrain(STDOUT_FILENO);
+ 	exit(EXIT_FAILURE);
  }
+ #else
+ static ALWAYS_INLINE void die_if_nologin(void) {}
+ #endif
- #if ENABLE_FEATURE_SECURETTY
+ #if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM
  static int check_securetty(void)
  {
- 	FILE *fp;
+ 	char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */
- 	int i;
+ 	parser_t *parser = config_open2("/etc/securetty", fopen_for_read);
- 	char buf[BUFSIZ];
+ 	while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) {
+ 		if (strcmp(buf, short_tty) == 0)
- 	fp = fopen(bb_path_securetty_file, "r");
+ 			break;
- 	if (!fp) {
+ 		buf = NULL;
- 		/* A missing securetty file is not an error. */
- 		return 1;
- 	}
- 	while (fgets(buf, sizeof(buf)-1, fp)) {
- 		for (i = strlen(buf)-1; i>=0; --i) {
- 			if (!isspace(buf[i]))
- 				break;
- 		}
- 		buf[++i] = '\0';
- 		if ((buf[0]=='\0') || (buf[0]=='#'))
- 			continue;
- 		if (strcmp(buf, short_tty) == 0) {
- 			fclose(fp);
- 			return 1;
- 		}
  	}
- 	fclose(fp);
+ 	config_close(parser);
- 	return 0;
+ 	/* buf != NULL here if config file was not found, empty
+ 	 * or line was found which equals short_tty */
+ 	return buf != NULL;
  }
  #else
- static inline int check_securetty(void) { return 1; }
+ static ALWAYS_INLINE int check_securetty(void) { return 1; }
  #endif
  static void get_username_or_die(char *buf, int size_buf)
  {
  	int c, cntdown;
  	cntdown = EMPTY_USERNAME_COUNT;
- prompt:
+  prompt:
- 	/* skip whitespace */
  	print_login_prompt();
+ 	/* skip whitespace */
  	do {
  		c = getchar();
- 		if (c == EOF) exit(1);
+ 		if (c == EOF) exit(EXIT_FAILURE);
  		if (c == '\n') {
- 			if (!--cntdown) exit(1);
+ 			if (!--cntdown) exit(EXIT_FAILURE);
  			goto prompt;
  		}
  	} while (isspace(c));
  	*buf++ = c;
  	if (!fgets(buf, size_buf-2, stdin))
- 		exit(1);
+ 		exit(EXIT_FAILURE);
  	if (!strchr(buf, '\n'))
- 		exit(1);
+ 		exit(EXIT_FAILURE);
  	while (isgraph(*buf)) buf++;
  	*buf = '\0';
  }
  static void motd(void)
  {
- 	FILE *fp;
+ 	int fd;
- 	int c;
- 	fp = fopen(bb_path_motd_file, "r");
+ 	fd = open(bb_path_motd_file, O_RDONLY);
- 	if (fp) {
+ 	if (fd >= 0) {
- 		while ((c = getc(fp)) != EOF)
+ 		fflush(stdout);
- 			putchar(c);
+ 		bb_copyfd_eof(fd, STDOUT_FILENO);
- 		fclose(fp);
+ 		close(fd);
  	}
  }
- static void nonblock(int fd)
+ static void alarm_handler(int sig UNUSED_PARAM)
- {
- 	fcntl(fd, F_SETFL, O_NONBLOCK | fcntl(fd, F_GETFL));
- }
- static void alarm_handler(int sig ATTRIBUTE_UNUSED)
  {
  	/* This is the escape hatch!  Poor serial line users and the like
  	 * arrive here when their connection is broken.
  	 * We don't want to block here */
- 	nonblock(1);
+ 	ndelay_on(1);
- 	nonblock(2);
+ 	printf("\r\nLogin timed out after %d seconds\r\n", TIMEOUT);
- 	bb_info_msg("\r\nLogin timed out after %d seconds\r", TIMEOUT);
+ 	fflush(stdout);
- 	exit(EXIT_SUCCESS);
+ 	/* unix API is brain damaged regarding O_NONBLOCK,
+ 	 * we should undo it, or else we can affect other processes */
+ 	ndelay_off(1);
+ 	_exit(EXIT_SUCCESS);
  }
- int login_main(int argc, char **argv)
+ int login_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
+ int login_main(int argc UNUSED_PARAM, char **argv)
  {
  	enum {
  		LOGIN_OPT_f = (1<<0),
  		LOGIN_OPT_h = (1<<1),
  		LOGIN_OPT_p = (1<<2),
  	};
- 	char fromhost[512];
+ 	char *fromhost;
  	char username[USERNAME_SIZE];
  	const char *tmp;
- 	int amroot;
+ 	int run_by_root;
  	unsigned opt;
  	int count = 0;
  	struct passwd *pw;
- 	char *opt_host = NULL;
+ 	char *opt_host = opt_host; /* for compiler */
- 	char *opt_user = NULL;
+ 	char *opt_user = opt_user; /* for compiler */
+ 	char full_tty[TTYNAME_SIZE];
  	USE_SELINUX(security_context_t user_sid = NULL;)
+ 	USE_FEATURE_UTMP(struct utmp utent;)
+ #if ENABLE_PAM
+ 	int pamret;
+ 	pam_handle_t *pamh;
+ 	const char *pamuser;
+ 	const char *failed_msg;
+ 	struct passwd pwdstruct;
+ 	char pwdbuf[256];
+ #endif
+ 	short_tty = full_tty;
  	username[0] = '\0';
- 	amroot = (getuid() == 0);
  	signal(SIGALRM, alarm_handler);
  	alarm(TIMEOUT);
- 	opt = getopt32(argc, argv, "f:h:p", &opt_user, &opt_host);
+ 	/* More of suid paranoia if called by non-root: */
+ 	/* Clear dangerous stuff, set PATH */
+ 	run_by_root = !sanitize_env_if_suid();
+ 	/* Mandatory paranoia for suid applet:
+ 	 * ensure that fd# 0,1,2 are opened (at least to /dev/null)
+ 	 * and any extra open fd's are closed.
+ 	 * (The name of the function is misleading. Not daemonizing here.) */
+ 	bb_daemonize_or_rexec(DAEMON_ONLY_SANITIZE | DAEMON_CLOSE_EXTRA_FDS, NULL);
+ 	opt = getopt32(argv, "f:h:p", &opt_user, &opt_host);
  	if (opt & LOGIN_OPT_f) {
- 		if (!amroot)
+ 		if (!run_by_root)
  			bb_error_msg_and_die("-f is for root only");
  		safe_strncpy(username, opt_user, sizeof(username));
  	}
- 	if (optind < argc) /* user from command line (getty) */
+ 	argv += optind;
- 		safe_strncpy(username, argv[optind], sizeof(username));
+ 	if (argv[0]) /* user from command line (getty) */
+ 		safe_strncpy(username, argv[0], sizeof(username));
  	/* Let's find out and memorize our tty */
  	if (!isatty(0) || !isatty(1) || !isatty(2))
-Line 254 
 int login_main(int argc, char **argv)
+Line 282 
 int login_main(int argc, char **argv)
  			short_tty = full_tty + 5;
  	}
- 	read_or_build_utent(!amroot);
+ 	read_or_build_utent(&utent, run_by_root);
- 	if (opt_host) {
+ 	if (opt & LOGIN_OPT_h) {
  		USE_FEATURE_UTMP(
  			safe_strncpy(utent.ut_host, opt_host, sizeof(utent.ut_host));
  		)
- 		snprintf(fromhost, sizeof(fromhost)-1, " on '%.100s' from "
+ 		fromhost = xasprintf(" on '%s' from '%s'", short_tty, opt_host);
- 					"'%.200s'", short_tty, opt_host);
+ 	} else
- 	}
+ 		fromhost = xasprintf(" on '%s'", short_tty);
- 	else
- 		snprintf(fromhost, sizeof(fromhost)-1, " on '%.100s'", short_tty);
- 	bb_setpgrp;
+ 	/* Was breaking "login <username>" from shell command line: */
+ 	/*bb_setpgrp();*/
  	openlog(applet_name, LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
  	while (1) {
+ 		/* flush away any type-ahead (as getty does) */
+ 		ioctl(0, TCFLSH, TCIFLUSH);
  		if (!username[0])
  			get_username_or_die(username, sizeof(username));
+ #if ENABLE_PAM
+ 		pamret = pam_start("login", username, &conv, &pamh);
+ 		if (pamret != PAM_SUCCESS) {
+ 			failed_msg = "start";
+ 			goto pam_auth_failed;
+ 		}
+ 		/* set TTY (so things like securetty work) */
+ 		pamret = pam_set_item(pamh, PAM_TTY, short_tty);
+ 		if (pamret != PAM_SUCCESS) {
+ 			failed_msg = "set_item(TTY)";
+ 			goto pam_auth_failed;
+ 		}
+ 		pamret = pam_authenticate(pamh, 0);
+ 		if (pamret != PAM_SUCCESS) {
+ 			failed_msg = "authenticate";
+ 			goto pam_auth_failed;
+ 			/* TODO: or just "goto auth_failed"
+ 			 * since user seems to enter wrong password
+ 			 * (in this case pamret == 7)
+ 			 */
+ 		}
+ 		/* check that the account is healthy */
+ 		pamret = pam_acct_mgmt(pamh, 0);
+ 		if (pamret != PAM_SUCCESS) {
+ 			failed_msg = "acct_mgmt";
+ 			goto pam_auth_failed;
+ 		}
+ 		/* read user back */
+ 		pamuser = NULL;
+ 		/* gcc: "dereferencing type-punned pointer breaks aliasing rules..."
+ 		 * thus we cast to (void*) */
+ 		if (pam_get_item(pamh, PAM_USER, (void*)&pamuser) != PAM_SUCCESS) {
+ 			failed_msg = "get_item(USER)";
+ 			goto pam_auth_failed;
+ 		}
+ 		if (!pamuser || !pamuser[0])
+ 			goto auth_failed;
+ 		safe_strncpy(username, pamuser, sizeof(username));
+ 		/* Don't use "pw = getpwnam(username);",
+ 		 * PAM is said to be capable of destroying static storage
+ 		 * used by getpwnam(). We are using safe(r) function */
+ 		pw = NULL;
+ 		getpwnam_r(username, &pwdstruct, pwdbuf, sizeof(pwdbuf), &pw);
+ 		if (!pw)
+ 			goto auth_failed;
+ 		pamret = pam_open_session(pamh, 0);
+ 		if (pamret != PAM_SUCCESS) {
+ 			failed_msg = "open_session";
+ 			goto pam_auth_failed;
+ 		}
+ 		pamret = pam_setcred(pamh, PAM_ESTABLISH_CRED);
+ 		if (pamret != PAM_SUCCESS) {
+ 			failed_msg = "setcred";
+ 			goto pam_auth_failed;
+ 		}
+ 		break; /* success, continue login process */
+  pam_auth_failed:
+ 		bb_error_msg("pam_%s call failed: %s (%d)", failed_msg,
+ 					pam_strerror(pamh, pamret), pamret);
+ 		safe_strncpy(username, "UNKNOWN", sizeof(username));
+ #else /* not PAM */
  		pw = getpwnam(username);
  		if (!pw) {
- 			safe_strncpy(username, "UNKNOWN", sizeof(username));
+ 			strcpy(username, "UNKNOWN");
- 			goto auth_failed;
+ 			goto fake_it;
  		}
  		if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*')
-Line 292 
 int login_main(int argc, char **argv)
+Line 384 
 int login_main(int argc, char **argv)
  		/* Don't check the password if password entry is empty (!) */
  		if (!pw->pw_passwd[0])
  			break;
+  fake_it:
  		/* authorization takes place here */
  		if (correct_password(pw))
  			break;
+ #endif /* ENABLE_PAM */
- auth_failed:
+  auth_failed:
  		opt &= ~LOGIN_OPT_f;
  		bb_do_delay(FAIL_DELAY);
+ 		/* TODO: doesn't sound like correct English phrase to me */
  		puts("Login incorrect");
  		if (++count == 3) {
  			syslog(LOG_WARNING, "invalid password for '%s'%s",
-Line 307 
 auth_failed:
+Line 400 
 auth_failed:
  			return EXIT_FAILURE;
  		}
  		username[0] = '\0';
- 	}
+ 	} /* while (1) */
  	alarm(0);
- 	die_if_nologin_and_non_root(pw->pw_uid == 0);
+ 	/* We can ignore /etc/nologin if we are logging in as root,
+ 	 * it doesn't matter whether we are run by root or not */
+ 	if (pw->pw_uid != 0)
+ 		die_if_nologin();
- 	write_utent(username);
+ 	write_utent(&utent, username);
- #ifdef CONFIG_SELINUX
+ #if ENABLE_SELINUX
  	if (is_selinux_enabled()) {
  		security_context_t old_tty_sid, new_tty_sid;
-Line 342 
 auth_failed:
+Line 438 
 auth_failed:
  	fchown(0, pw->pw_uid, pw->pw_gid);
  	fchmod(0, 0600);
- 	/* TODO: be nommu-friendly, use spawn? */
+ 	/* We trust environment only if we run by root */
- 	if (ENABLE_LOGIN_SCRIPTS) {
+ 	if (ENABLE_LOGIN_SCRIPTS && run_by_root) {
- 		char *script = getenv("LOGIN_PRE_SUID_SCRIPT");
+ 		char *t_argv[2];
- 		if (script) {
- 			char *t_argv[2] = { script, NULL };
+ 		t_argv[0] = getenv("LOGIN_PRE_SUID_SCRIPT");
- 			switch (fork()) {
+ 		if (t_argv[0]) {
- 			case -1: break;
+ 			t_argv[1] = NULL;
- 			case 0: /* child */
+ 			xsetenv("LOGIN_TTY", full_tty);
- 				xchdir("/");
+ 			xsetenv("LOGIN_USER", pw->pw_name);
- 				setenv("LOGIN_TTY", full_tty, 1);
+ 			xsetenv("LOGIN_UID", utoa(pw->pw_uid));
- 				setenv("LOGIN_USER", pw->pw_name, 1);
+ 			xsetenv("LOGIN_GID", utoa(pw->pw_gid));
- 				setenv("LOGIN_UID", utoa(pw->pw_uid), 1);
+ 			xsetenv("LOGIN_SHELL", pw->pw_shell);
- 				setenv("LOGIN_GID", utoa(pw->pw_gid), 1);
+ 			spawn_and_wait(t_argv); /* NOMMU-friendly */
- 				setenv("LOGIN_SHELL", pw->pw_shell, 1);
+ 			unsetenv("LOGIN_TTY"  );
- 				execvp(script, t_argv);
+ 			unsetenv("LOGIN_USER" );
- 				exit(1);
+ 			unsetenv("LOGIN_UID"  );
- 			default: /* parent */
+ 			unsetenv("LOGIN_GID"  );
- 				wait(NULL);
+ 			unsetenv("LOGIN_SHELL");
- 			}
  		}
  	}
-Line 368 
 auth_failed:
+Line 463 
 auth_failed:
  	tmp = pw->pw_shell;
  	if (!tmp || !*tmp)
  		tmp = DEFAULT_SHELL;
- 	setup_environment(tmp, 1, !(opt & LOGIN_OPT_p), pw);
+ 	/* setup_environment params: shell, clear_env, change_env, pw */
+ 	setup_environment(tmp, !(opt & LOGIN_OPT_p), 1, pw);
  	motd();
  	if (pw->pw_uid == 0)
  		syslog(LOG_INFO, "root login%s", fromhost);
- #ifdef CONFIG_SELINUX
+ #if ENABLE_SELINUX
  	/* well, a simple setexeccon() here would do the job as well,
  	 * but let's play the game for now */
  	set_current_security_context(user_sid);
-Line 385 
 auth_failed:
+Line 481 
 auth_failed:
  	// setsid();
  	// /* TIOCSCTTY: steal tty from other process group */
  	// if (ioctl(0, TIOCSCTTY, 1)) error_msg...
+ 	// BBox login used to do this (see above):
+ 	// bb_setpgrp();
+ 	// If this stuff is really needed, add it and explain why!
+ 	/* Set signals to defaults */
+ 	/* Non-ignored signals revert to SIG_DFL on exec anyway */
+ 	/*signal(SIGALRM, SIG_DFL);*/
- 	/* set signals to defaults */
- 	signal(SIGALRM, SIG_DFL);
  	/* Is this correct? This way user can ctrl-c out of /etc/profile,
  	 * potentially creating security breach (tested with bash 3.0).
  	 * But without this, bash 3.0 will not enable ctrl-c either.
  	 * Maybe bash is buggy?
  	 * Need to find out what standards say about /bin/login -
- 	 * should it leave SIGINT etc enabled or disabled? */
+ 	 * should we leave SIGINT etc enabled or disabled? */
  	signal(SIGINT, SIG_DFL);
- 	run_shell(tmp, 1, 0, 0);	/* exec the shell finally */
+ 	/* Exec login shell with no additional parameters */
+ 	run_shell(tmp, 1, NULL, NULL);
- 	return EXIT_FAILURE;
+ 	/* return EXIT_FAILURE; - not reached */
  }

 Legend:



Removed from v.532
 


changed lines


 
Added in v.816
 Legend:



Removed from v.532
 


changed lines


 
Added in v.816
-Removed from v.532
+Added in v.816