Mgetty's 'login.config' enhancement proposal

"Maciej W. Rozycki" (macro@ds2.pg.gda.pl)
Wed, 8 Apr 1998 22:53:10 +0200
Messages sorted by:[ date ][ thread ][ subject ][ author ]
  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.
  Send mail to mime@docserver.cac.washington.edu for more info.

--0-411304963-892068022=:19264
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
Content-ID: <Pine.GSO.3.96.980408224944.19342I@delta.ds2.pg.gda.pl>

Hi,

 Recently, I started setting up a Linux-based terminal server (TS).  As a
TS needs to be as transparent to the user as possible, I thought it would
be best if just a standard login + password sequence allowed logging in to
a remote server.  I needed a special getty replacement for the TS that
would allow to configure a `/bin/login' replacement out of the box.  With
security in mind I chose `slogin' (from the SSH package) to be the program
used for connections between the TS and the server and thus the `login'
replacement.  After finding out what getty packages are available I
considered mgetty to be the one which suits me best.

 The 'login.config' flexibility allows almost any `login' command lines
and what I needed for `slogin' is: `/usr/bin/slogin -q -l <username>
<hostname>'.  I was able to set up this easily using "@" for <username>
and hardcoding <hostname>.

 Then I thought that most TSs have the ability to perform some tasks
locally (usually some kind of setup) or connect to hosts other than the
default (using the telnet protocol, unfortunately) using the same terminal
connection (with some escape sequence, such as <Break>, usually).  I
thought that for local logins, a "~<username>" sequence would be
appropriate (as the tilde is a "well known" escape character) and for
non-default remote logins, a "<username>@<hostname>" seems to be a good
candidate.

 Unfortunately, the current 'login.config' syntax does not allow
extracting parts of the login response string which is required for the
mentioned tasks.  So I invented syntax extensions that allow extracting
parts of the user name matched by the special "*" character used in
'login.config'.  Two such characters are introduced: "^" that matches the
starting "*" and "$" that matches the trailing one.  The characters were
chosen so they remind some used in regular expressions (though they are
not mandatory).

 Using these characters I was able to construct the following
'login.config' file which allows default logins for normal user names,
local login for those prefixed by a tilde ("~") or suffixed by an at ("@")
and remote logins for those using the "user@host" form: 

~*      ts      -       /bin/login $
*@      ts      -       /bin/login ^
*@*     ts      -       /usr/bin/slogin -q -l ^ $
*       ts      -       /usr/bin/slogin -q -l @ default.host.domain

 I am going to use the patch in all my TS installations.  With a proper
setup, `slogin' allows limiting the list of remote hosts that may be
accessed from a given TS.  Together with Linux's flexibility, it results
in a superior TS installation that hardly any dedicated product may
compete with.  As I found this feature very useful, I propose the attached
patch to be included in the official mgetty release. 

 Technical details.  I tried to make the patch as portable as possible;
especially I did not use any library calls that would not be referenced
elsewhere in mgetty sources.  The prefix and suffix strings are set only
when they match an appropriate star ("*") special character, otherwise
they are null strings.  For the ambiguous case of a single "*" string,
both of them are empty (but one can use "@" in this case anyway).  All
strings are 'strdup'ed to the built command line as it prevents problems
with possible future manipulations with original strings.

 The patch was prepared against the 1.1.12 release of mgetty but it
cleanly applies to version 1.1.14 which is, I believe, the most current
one.  If you accept the patch in this form or another (to be discussed), I
may prepare appropriate documentation updates.

 Comments are welcomed.

 Best regards,

  Maciej

PS. Please Cc me as I am not on the list.

--
+  Maciej W. Rozycki, Technical University of Gdansk, Poland   +
+--------------------------------------------------------------+
+        e-mail: macro@ds2.pg.gda.pl, PGP key available        +

--0-411304963-892068022=:19264
Content-Type: APPLICATION/OCTET-STREAM; NAME="mgetty-1.1.12-pref_suff.patch.gz"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.OSF.3.96.980408224022.19264D@amedec.amg.gda.pl>
Content-Description: 

H4sIAAAAAAACA51YbW/TSBD+7PyKIUBix3Ybp29pQqEIioSuglNLxYeWixxn
nVp1bMsvzVXV/febmV2/haYcl4p4vTsvz8zOPLthEfg+2AXYdiq8Is2Ce4Hj
SKxtPwgFrJYizx9sZwf/Rjsr10vj3TBeBtGO114rZzu2bT+npX0rBHwUHjiH
4Iwme8eTvT1wjo+POqZpPm1S+y4W8D5JAcbgHEycoVIZd05PwT6yDsE8so7g
9LQDMNjtQAdeBpEXFgsBb7J8EcQ7t287ZmsuDOY02RAsogDnNyazPA2i5cZk
smYx8r0/RL/mvmONlXdYubl3C90iE2kX3KUbRFkO3Tvx0OVlHKDIA2S5m+YQ
pyCiBayDHFUGXdDXQbjw3HRhyEjseRyHwo2U1dmfIx10Mm2hHcMC79ZN0SjP
lC/kweiYm5r7DU0rSYVvZYXvG1bH1DTYZsiCIMpxyPJqTGroAB4RIn5oMryD
E4woDUWkS//TxmLRWCQHtMq5G9PGHQytY86d1AgTTHju63A++/L18+WZBV2O
YMKqJ/3XWd8iFzzqWgpx6bNjkg2JF70Op+UEgz5BLDijoPmgM3AUo3DogyFp
qciLNMK1JmRDiUngh2PLGWHJ7VnOAUPXmgbfwAgMUGa+XVydTTVtd8Dbi9vd
HeCTapR1fJzRITgZTiGAN4QPbNDDO3tk4Ay2g6EEH2mbqriCqXxVUQVgkmMb
RpgCTWMgiD7yVokOPcJ/HfywoIdZunZwQPahDKmFVHn7Rz3V0qf355e8RvMi
zIRGH45p7i1UOISwlfwyFvx2jGnbok6pKuDtCWFxEESvR8h5Exh7AzoK2pQS
x4A6iBq+IYHRvoxHVFDHw5IK1I5yPkiNjPwgvf6gD4YKwZ17g59CKMuFwf8u
dpn3qjCtUq4CDBViZ/+AS8k52C9riT6UY5RZ3xIBs78gEojHR3KkoQ5+Qpbg
xQl8uTo/r+vX1KjlZLtSEFzuWhSnq5lU7NFDplF2jC3zw02mN9uJSOTpNVSX
HnqSC7hKH1WWGkwyCxbTjdl8lcxElKcPU5Xrprg0ql4keqmtHmFS5FmTGQaD
AdwG+Ysuh/Iy8BdYeZ8+f/wqkzvGPnXAHA2H1siRjap5cZQHUSEapY4poBEW
w9c/LHDDEO7dsBAZLPEojHbgS7yGdRrkguEDw6eCMZ9TqwWq0CQNLoqkpsEN
iWv6wgqF/s2w31pVBfm0/kqsvORBryUlLSIryBfFZJLIbFncJji1gSdIl0/e
CVdS8PcEJO+SZvnW5ZNDln1z+2q4ZL5OUrQli9Ckz7Lz6zpBKHZXVvqwwYYN
mvtZ4bRbd1u9gOkjbEyd23X/ek6XQ/yFgVfPGlBVTfi3J71O0AReZ3TI1XaY
7rSVeydmPLvOCcFHcR942NZX32ZXl2cXVgvShziKhJeXp9fI4TvLaG+keFLT
FN9wD/+iILiwggUBw/tEsIDXCwsrnp4GloStVTXBRJGs7bfJeoaC1ZiEufLa
1dOQeEKamhsuzz5cXZx9f39xVuKU24CkiCp6Q11uAbFuKfkoY8egnSEGT3zr
qGtHWaF010sgcfEuFrkrATHWcB7bc2G76fL+evijPrcT2Yupd5vqoFYt6O/2
CatdQ0tqhi7FUDMxnbLznpEqex2lJVNXQOepcO+gSOSxgBsVAx4VucgS1xN2
JhI3dXO8MXvxauXi9ZLEFCr8oIdihaWRUT/PszzIC2TEJfRP+zB/gPxWyE2m
HCiUv6mFmfiLZmvtalnyCRCq/qu2piQXFSVAnWz1QAQepsVRVbx/aDnHuJOH
x9beoarjx1ZdsNUys70ev1NqKypRhUE1y2knD6b5o0kUmws/E7A6RXDAX9RK
bS5L2qxCl45mKvic4KtHG7k8Mjbgy1OijsHU6tvhc1Clsf+O99UTeOX+bMfL
nL+Jlyb/D97yAAGtupDy7XML3pubz23EJedxEWm8x6qGmi6VFAJ8V44n0H33
rlslagvGrYoKcwV1i+PkVw4SZYj+KbLJ4zudk4vxwk2uXJV3GNlqfiqEXiWw
Ot/raaoDQ14KaYGZhC/QfBmm36KUW77wUXczwfhxES0MTiV7KyX5eqrjwZ7z
a+wj4UR+sAT+fwNW4E4d83mzNyrv5aTvJgnpVJSBRFtRDHrFn8w6AmHTqyR/
kN61qthabfyouG1LDz+T5bKL+ZdNmcl/AXSVYpYQEQAA
--0-411304963-892068022=:19264--