[821] | 1 | /* vi: set sw=4 ts=4: */
|
---|
| 2 | #include <fcntl.h>
|
---|
| 3 | #include <signal.h>
|
---|
| 4 | #include <stdio.h>
|
---|
| 5 | #include <stdlib.h>
|
---|
| 6 | #include <string.h>
|
---|
| 7 | #include <syslog.h>
|
---|
| 8 | #include <unistd.h>
|
---|
| 9 | #include <utmp.h>
|
---|
| 10 | #include <sys/resource.h>
|
---|
| 11 | #include <sys/stat.h>
|
---|
| 12 | #include <sys/types.h>
|
---|
| 13 | #include <ctype.h>
|
---|
| 14 | #include <time.h>
|
---|
| 15 |
|
---|
| 16 | #include "busybox.h"
|
---|
| 17 |
|
---|
| 18 |
|
---|
| 19 | #define SULOGIN_PROMPT "\nGive root password for system maintenance\n" \
|
---|
| 20 | "(or type Control-D for normal startup):"
|
---|
| 21 |
|
---|
| 22 | static const char * const forbid[] = {
|
---|
| 23 | "ENV",
|
---|
| 24 | "BASH_ENV",
|
---|
| 25 | "HOME",
|
---|
| 26 | "IFS",
|
---|
| 27 | "PATH",
|
---|
| 28 | "SHELL",
|
---|
| 29 | "LD_LIBRARY_PATH",
|
---|
| 30 | "LD_PRELOAD",
|
---|
| 31 | "LD_TRACE_LOADED_OBJECTS",
|
---|
| 32 | "LD_BIND_NOW",
|
---|
| 33 | "LD_AOUT_LIBRARY_PATH",
|
---|
| 34 | "LD_AOUT_PRELOAD",
|
---|
| 35 | "LD_NOWARN",
|
---|
| 36 | "LD_KEEPDIR",
|
---|
| 37 | (char *) 0
|
---|
| 38 | };
|
---|
| 39 |
|
---|
| 40 |
|
---|
| 41 |
|
---|
| 42 | static void catchalarm(int ATTRIBUTE_UNUSED junk)
|
---|
| 43 | {
|
---|
| 44 | exit(EXIT_FAILURE);
|
---|
| 45 | }
|
---|
| 46 |
|
---|
| 47 |
|
---|
| 48 | int sulogin_main(int argc, char **argv)
|
---|
| 49 | {
|
---|
| 50 | char *cp;
|
---|
| 51 | char *device = (char *) 0;
|
---|
| 52 | const char *name = "root";
|
---|
| 53 | int timeout = 0;
|
---|
| 54 |
|
---|
| 55 | #define pass bb_common_bufsiz1
|
---|
| 56 |
|
---|
| 57 | struct passwd pwent;
|
---|
| 58 | struct passwd *pwd;
|
---|
| 59 | const char * const *p;
|
---|
| 60 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
---|
| 61 | struct spwd *spwd = NULL;
|
---|
| 62 | #endif
|
---|
| 63 |
|
---|
| 64 | openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
|
---|
| 65 | if (argc > 1) {
|
---|
| 66 | if (strncmp(argv[1], "-t", 2) == 0) {
|
---|
| 67 | if (strcmp(argv[1], "-t") == 0) {
|
---|
| 68 | if (argc > 2) {
|
---|
| 69 | timeout = atoi(argv[2]);
|
---|
| 70 | if (argc > 3) {
|
---|
| 71 | device = argv[3];
|
---|
| 72 | }
|
---|
| 73 | }
|
---|
| 74 | } else {
|
---|
| 75 | if (argc > 2) {
|
---|
| 76 | device = argv[2];
|
---|
| 77 | }
|
---|
| 78 | }
|
---|
| 79 | } else {
|
---|
| 80 | device = argv[1];
|
---|
| 81 | }
|
---|
| 82 | if (device) {
|
---|
| 83 | close(0);
|
---|
| 84 | close(1);
|
---|
| 85 | close(2);
|
---|
| 86 | if (open(device, O_RDWR) >= 0) {
|
---|
| 87 | dup(0);
|
---|
| 88 | dup(0);
|
---|
| 89 | } else {
|
---|
| 90 | syslog(LOG_WARNING, "cannot open %s\n", device);
|
---|
| 91 | exit(EXIT_FAILURE);
|
---|
| 92 | }
|
---|
| 93 | }
|
---|
| 94 | }
|
---|
| 95 | if (access(bb_path_passwd_file, 0) == -1) {
|
---|
| 96 | syslog(LOG_WARNING, "No password file\n");
|
---|
| 97 | bb_error_msg_and_die("No password file\n");
|
---|
| 98 | }
|
---|
| 99 | if (!isatty(0) || !isatty(1) || !isatty(2)) {
|
---|
| 100 | exit(EXIT_FAILURE);
|
---|
| 101 | }
|
---|
| 102 |
|
---|
| 103 |
|
---|
| 104 | /* Clear out anything dangerous from the environment */
|
---|
| 105 | for (p = forbid; *p; p++)
|
---|
| 106 | unsetenv(*p);
|
---|
| 107 |
|
---|
| 108 |
|
---|
| 109 | signal(SIGALRM, catchalarm);
|
---|
| 110 | if (!(pwd = getpwnam(name))) {
|
---|
| 111 | syslog(LOG_WARNING, "No password entry for `root'\n");
|
---|
| 112 | bb_error_msg_and_die("No password entry for `root'\n");
|
---|
| 113 | }
|
---|
| 114 | pwent = *pwd;
|
---|
| 115 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
---|
| 116 | spwd = NULL;
|
---|
| 117 | if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
|
---|
| 118 | || (strcmp(pwd->pw_passwd, "*") == 0))) {
|
---|
| 119 | endspent();
|
---|
| 120 | spwd = getspnam(name);
|
---|
| 121 | if (spwd) {
|
---|
| 122 | pwent.pw_passwd = spwd->sp_pwdp;
|
---|
| 123 | }
|
---|
| 124 | }
|
---|
| 125 | #endif
|
---|
| 126 | while (1) {
|
---|
| 127 | cp = bb_askpass(timeout, SULOGIN_PROMPT);
|
---|
| 128 | if (!cp || !*cp) {
|
---|
| 129 | puts("\n");
|
---|
| 130 | fflush(stdout);
|
---|
| 131 | syslog(LOG_INFO, "Normal startup\n");
|
---|
| 132 | exit(EXIT_SUCCESS);
|
---|
| 133 | } else {
|
---|
| 134 | safe_strncpy(pass, cp, sizeof(pass));
|
---|
| 135 | memset(cp, 0, strlen(cp));
|
---|
| 136 | }
|
---|
| 137 | if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
|
---|
| 138 | break;
|
---|
| 139 | }
|
---|
| 140 | bb_do_delay(FAIL_DELAY);
|
---|
| 141 | puts("Login incorrect");
|
---|
| 142 | fflush(stdout);
|
---|
| 143 | syslog(LOG_WARNING, "Incorrect root password\n");
|
---|
| 144 | }
|
---|
| 145 | memset(pass, 0, strlen(pass));
|
---|
| 146 | signal(SIGALRM, SIG_DFL);
|
---|
| 147 | puts("Entering System Maintenance Mode\n");
|
---|
| 148 | fflush(stdout);
|
---|
| 149 | syslog(LOG_INFO, "System Maintenance Mode\n");
|
---|
| 150 |
|
---|
| 151 | #if ENABLE_SELINUX
|
---|
| 152 | renew_current_security_context();
|
---|
| 153 | #endif
|
---|
| 154 |
|
---|
| 155 | run_shell(pwent.pw_shell, 1, 0, 0);
|
---|
| 156 |
|
---|
| 157 | return (0);
|
---|
| 158 | }
|
---|