[821] | 1 | /* vi: set sw=4 ts=4: */
|
---|
[1765] | 2 | /*
|
---|
| 3 | * Mini sulogin implementation for busybox
|
---|
| 4 | *
|
---|
[2725] | 5 | * Licensed under GPLv2 or later, see file LICENSE in this source tree.
|
---|
[1765] | 6 | */
|
---|
| 7 |
|
---|
[3232] | 8 | //usage:#define sulogin_trivial_usage
|
---|
| 9 | //usage: "[-t N] [TTY]"
|
---|
| 10 | //usage:#define sulogin_full_usage "\n\n"
|
---|
| 11 | //usage: "Single user login\n"
|
---|
| 12 | //usage: "\n -t N Timeout"
|
---|
| 13 |
|
---|
[2725] | 14 | #include "libbb.h"
|
---|
[821] | 15 | #include <syslog.h>
|
---|
| 16 |
|
---|
[2725] | 17 | //static void catchalarm(int UNUSED_PARAM junk)
|
---|
| 18 | //{
|
---|
| 19 | // exit(EXIT_FAILURE);
|
---|
| 20 | //}
|
---|
[821] | 21 |
|
---|
| 22 |
|
---|
[2725] | 23 | int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
|
---|
| 24 | int sulogin_main(int argc UNUSED_PARAM, char **argv)
|
---|
[821] | 25 | {
|
---|
| 26 | char *cp;
|
---|
| 27 | int timeout = 0;
|
---|
| 28 | struct passwd *pwd;
|
---|
[1765] | 29 | const char *shell;
|
---|
[821] | 30 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
---|
[1765] | 31 | /* Using _r function to avoid pulling in static buffers */
|
---|
| 32 | char buffer[256];
|
---|
| 33 | struct spwd spw;
|
---|
[821] | 34 | #endif
|
---|
| 35 |
|
---|
[1765] | 36 | logmode = LOGMODE_BOTH;
|
---|
| 37 | openlog(applet_name, 0, LOG_AUTH);
|
---|
| 38 |
|
---|
[2725] | 39 | opt_complementary = "t+"; /* -t N */
|
---|
| 40 | getopt32(argv, "t:", &timeout);
|
---|
| 41 | argv += optind;
|
---|
[1765] | 42 |
|
---|
[2725] | 43 | if (argv[0]) {
|
---|
[1765] | 44 | close(0);
|
---|
| 45 | close(1);
|
---|
[2725] | 46 | dup(xopen(argv[0], O_RDWR));
|
---|
[1765] | 47 | close(2);
|
---|
| 48 | dup(0);
|
---|
[821] | 49 | }
|
---|
[1765] | 50 |
|
---|
[2725] | 51 | /* Malicious use like "sulogin /dev/sda"? */
|
---|
[821] | 52 | if (!isatty(0) || !isatty(1) || !isatty(2)) {
|
---|
[1765] | 53 | logmode = LOGMODE_SYSLOG;
|
---|
| 54 | bb_error_msg_and_die("not a tty");
|
---|
[821] | 55 | }
|
---|
| 56 |
|
---|
[2725] | 57 | /* Clear dangerous stuff, set PATH */
|
---|
| 58 | sanitize_env_if_suid();
|
---|
[821] | 59 |
|
---|
[1765] | 60 | pwd = getpwuid(0);
|
---|
| 61 | if (!pwd) {
|
---|
| 62 | goto auth_error;
|
---|
[821] | 63 | }
|
---|
[1765] | 64 |
|
---|
[821] | 65 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
---|
[2725] | 66 | {
|
---|
| 67 | /* getspnam_r may return 0 yet set result to NULL.
|
---|
| 68 | * At least glibc 2.4 does this. Be extra paranoid here. */
|
---|
| 69 | struct spwd *result = NULL;
|
---|
| 70 | int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
|
---|
| 71 | if (r || !result) {
|
---|
| 72 | goto auth_error;
|
---|
| 73 | }
|
---|
| 74 | pwd->pw_passwd = result->sp_pwdp;
|
---|
[821] | 75 | }
|
---|
| 76 | #endif
|
---|
[1765] | 77 |
|
---|
[821] | 78 | while (1) {
|
---|
[2725] | 79 | char *encrypted;
|
---|
| 80 | int r;
|
---|
| 81 |
|
---|
[1765] | 82 | /* cp points to a static buffer that is zeroed every time */
|
---|
[2725] | 83 | cp = bb_ask(STDIN_FILENO, timeout,
|
---|
[1765] | 84 | "Give root password for system maintenance\n"
|
---|
| 85 | "(or type Control-D for normal startup):");
|
---|
| 86 |
|
---|
[821] | 87 | if (!cp || !*cp) {
|
---|
[1765] | 88 | bb_info_msg("Normal startup");
|
---|
| 89 | return 0;
|
---|
[821] | 90 | }
|
---|
[2725] | 91 | encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
|
---|
| 92 | r = strcmp(encrypted, pwd->pw_passwd);
|
---|
| 93 | free(encrypted);
|
---|
| 94 | if (r == 0) {
|
---|
[821] | 95 | break;
|
---|
| 96 | }
|
---|
[3232] | 97 | bb_do_delay(LOGIN_FAIL_DELAY);
|
---|
| 98 | bb_info_msg("Login incorrect");
|
---|
[821] | 99 | }
|
---|
[1765] | 100 | memset(cp, 0, strlen(cp));
|
---|
[2725] | 101 | // signal(SIGALRM, SIG_DFL);
|
---|
[821] | 102 |
|
---|
[1765] | 103 | bb_info_msg("System Maintenance Mode");
|
---|
[821] | 104 |
|
---|
[2725] | 105 | IF_SELINUX(renew_current_security_context());
|
---|
[821] | 106 |
|
---|
[1765] | 107 | shell = getenv("SUSHELL");
|
---|
[2725] | 108 | if (!shell)
|
---|
| 109 | shell = getenv("sushell");
|
---|
| 110 | if (!shell)
|
---|
| 111 | shell = pwd->pw_shell;
|
---|
[1765] | 112 |
|
---|
[2725] | 113 | /* Exec login shell with no additional parameters. Never returns. */
|
---|
| 114 | run_shell(shell, 1, NULL, NULL);
|
---|
| 115 |
|
---|
| 116 | auth_error:
|
---|
| 117 | bb_error_msg_and_die("no password entry for root");
|
---|
[821] | 118 | }
|
---|