Howto change login mechanism on OpenBSD

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Howto change login mechanism on OpenBSD

Valdrin MUJA
Hi Misc,

I have an interactive shell program which has an authentication section and I want to login via my program. How can I do that?

Actually I want to run this program instead of /bin/ksh. I changed the root's shell with "chsh -s /bin/{my_program} root" command. However, when the system boots, firstly OpenBSD Login is coming and after that my program is running.

In short, I want to run an external program on startup without OpenBSD Login.
Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Edgar Pettijohn III-2
On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
> Hi Misc,
>
> I have an interactive shell program which has an authentication section and I want to login via my program. How can I do that?
>
> Actually I want to run this program instead of /bin/ksh. I changed the root's shell with "chsh -s /bin/{my_program} root" command. However, when the system boots, firstly OpenBSD Login is coming and after that my program is running.
>
> In short, I want to run an external program on startup without OpenBSD Login.

I believe login(1) is executed by getty(8) which is started by init(8).
So you would likely have to make changes to one or more of them. But I
could be wrong.

Edgar

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Kevin Chadwick-4
On May 20, 2020 9:31:19 PM UTC, Edgar Pettijohn <[hidden email]> wrote:

>On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
>> Hi Misc,
>>
>> I have an interactive shell program which has an authentication
>section and I want to login via my program. How can I do that?
>>
>> Actually I want to run this program instead of /bin/ksh. I changed
>the root's shell with "chsh -s /bin/{my_program} root" command.
>However, when the system boots, firstly OpenBSD Login is coming and
>after that my program is running.
>>
>> In short, I want to run an external program on startup without
>OpenBSD Login.
>
>I believe login(1) is executed by getty(8) which is started by init(8).
>So you would likely have to make changes to one or more of them. But I
>could be wrong.
>
>Edgar

I believe /etc/ttys controls getty, which may or not help. Getty is respawned too.
https://man.openbsd.org/man5/ttys.5

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Edgar Pettijohn III-2
On Wed, May 20, 2020 at 09:50:17PM +0000, Kevin Chadwick wrote:

> On May 20, 2020 9:31:19 PM UTC, Edgar Pettijohn <[hidden email]> wrote:
> >On Wed, May 20, 2020 at 08:48:20PM +0200, Valdrin MUJA wrote:
> >> Hi Misc,
> >>
> >> I have an interactive shell program which has an authentication
> >section and I want to login via my program. How can I do that?
> >>
> >> Actually I want to run this program instead of /bin/ksh. I changed
> >the root's shell with "chsh -s /bin/{my_program} root" command.
> >However, when the system boots, firstly OpenBSD Login is coming and
> >after that my program is running.
> >>
> >> In short, I want to run an external program on startup without
> >OpenBSD Login.
> >
> >I believe login(1) is executed by getty(8) which is started by init(8).
> >So you would likely have to make changes to one or more of them. But I
> >could be wrong.
> >
> >Edgar
>
> I believe /etc/ttys controls getty, which may or not help. Getty is respawned too.
> https://man.openbsd.org/man5/ttys.5

I think you're right. Might just need to change a line in /etc/ttys to
execute /bin/{my_program}.

Edgar

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Jeffrey Joshua Rollin-2
On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote:

> On Wed, May 20, 2020 at 09:50:17PM +
> >
> > I believe /etc/ttys controls getty, which may or not help. Getty is
> > respawned too.
> > https://man.openbsd.org/man5/ttys.5
>
> I think you're right. Might just need to change a line in /etc/ttys
> to
> execute /bin/{my_program}.
>
> Edgar
>

Perhaps a better way would be just to change the user's login shell to
the name of your program: chpass -s $myprogram $user. That way you can
use OpenBSD's login authentication, and login automatically runs the
program when the user logs in; when the user quits the program they are
automatically logged out. Provided there's no way to execute a shell
from within the program, they therefore can't execute arbitrary code
once logged in. It's easy to add a user for this single purpose: just
add the user as normal, and specify $myprogram as the shell.

Jeff.

Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Valdrin MUJA
Hello Again,

Actually I updated the /etc/ttys file and add my program instead of getty. However, after boot, there was still OpenBSD login prompt before my program started. 

On the other hand, I tried chpass -s $myprogram $user, but still I'm faced with the same problem again, there was OpenBSD login prompt.. 

In short,  I want to disable OpenBSD login prompt and execute my program. If user exits this external program, my program should run again etc.




---- On Thu, 21 May 2020 01:53:29 +0200 Jeff Joshua Rollin <[hidden email]> wrote ----


On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote:

> On Wed, May 20, 2020 at 09:50:17PM +
> >
> > I believe /etc/ttys controls getty, which may or not help. Getty is
> > respawned too.
> > https://man.openbsd.org/man5/ttys.5 
>
> I think you're right. Might just need to change a line in /etc/ttys
> to
> execute /bin/{my_program}.
>
> Edgar
>
 
Perhaps a better way would be just to change the user's login shell to
the name of your program: chpass -s $myprogram $user. That way you can
use OpenBSD's login authentication, and login automatically runs the
program when the user logs in; when the user quits the program they are
automatically logged out. Provided there's no way to execute a shell
from within the program, they therefore can't execute arbitrary code
once logged in. It's easy to add a user for this single purpose: just
add the user as normal, and specify $myprogram as the shell.
 
Jeff.
Reply | Threaded
Open this post in threaded view
|

Re: Howto change login mechanism on OpenBSD

Marcus MERIGHI
hello,

[hidden email] (Valdrin MUJA), 2020.05.25 (Mon) 16:47 (CEST):
> Actually I updated the /etc/ttys file and add my program instead of
> getty. However, after boot, there was still OpenBSD login prompt
> before my program started. 

as already mentioned, init(8) respawns the program specified in ttys(5)
if the program stops. it also throttles respawning if it happens to
often. after changes to ttys(5), run "kill -s HUP 1".

 
> On the other hand, I tried chpass -s $myprogram $user, but still I'm

This only changes the login shell that is run after you have logged in
via login(1).

> In short,  I want to disable OpenBSD login prompt and execute my
> program. If user exits this external program, my program should run
> again etc.

use with care!

$ grep ttyC5 /etc/ttys
ttyC5   "/etc/ttymenu.getty"            vt220   on  secure

cat /etc/ttymenu.getty
#!/bin/sh -e
TERM=vt220 /etc/ttyprog < /dev/$1 > /dev/$1

/etc/ttyprog would be the program you want to run.
stdin and stdout are connected to the tty.

Marcus

> ---- On Thu, 21 May 2020 01:53:29 +0200 Jeff Joshua Rollin <[hidden email]> wrote ----
>
>
> On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote:
> > On Wed, May 20, 2020 at 09:50:17PM +
> > >
> > > I believe /etc/ttys controls getty, which may or not help. Getty is
> > > respawned too.
> > > https://man.openbsd.org/man5/ttys.5 
> >
> > I think you're right. Might just need to change a line in /etc/ttys
> > to
> > execute /bin/{my_program}.
> >
> > Edgar
> >
>  
> Perhaps a better way would be just to change the user's login shell to
> the name of your program: chpass -s $myprogram $user. That way you can
> use OpenBSD's login authentication, and login automatically runs the
> program when the user logs in; when the user quits the program they are
> automatically logged out. Provided there's no way to execute a shell
> from within the program, they therefore can't execute arbitrary code
> once logged in. It's easy to add a user for this single purpose: just
> add the user as normal, and specify $myprogram as the shell.
>  
> Jeff.