1 | /* vi: set sw=4 ts=4: */
|
---|
2 | #include <fcntl.h>
|
---|
3 | #include <signal.h>
|
---|
4 | #include <stdio.h>
|
---|
5 | #include <stdlib.h>
|
---|
6 | #include <string.h>
|
---|
7 | #include <syslog.h>
|
---|
8 | #include <unistd.h>
|
---|
9 | #include <utmp.h>
|
---|
10 | #include <sys/resource.h>
|
---|
11 | #include <sys/stat.h>
|
---|
12 | #include <sys/types.h>
|
---|
13 | #include <ctype.h>
|
---|
14 | #include <time.h>
|
---|
15 |
|
---|
16 | #include "busybox.h"
|
---|
17 |
|
---|
18 |
|
---|
19 | #define SULOGIN_PROMPT "\nGive root password for system maintenance\n" \
|
---|
20 | "(or type Control-D for normal startup):"
|
---|
21 |
|
---|
22 | static const char * const forbid[] = {
|
---|
23 | "ENV",
|
---|
24 | "BASH_ENV",
|
---|
25 | "HOME",
|
---|
26 | "IFS",
|
---|
27 | "PATH",
|
---|
28 | "SHELL",
|
---|
29 | "LD_LIBRARY_PATH",
|
---|
30 | "LD_PRELOAD",
|
---|
31 | "LD_TRACE_LOADED_OBJECTS",
|
---|
32 | "LD_BIND_NOW",
|
---|
33 | "LD_AOUT_LIBRARY_PATH",
|
---|
34 | "LD_AOUT_PRELOAD",
|
---|
35 | "LD_NOWARN",
|
---|
36 | "LD_KEEPDIR",
|
---|
37 | (char *) 0
|
---|
38 | };
|
---|
39 |
|
---|
40 |
|
---|
41 |
|
---|
42 | static void catchalarm(int ATTRIBUTE_UNUSED junk)
|
---|
43 | {
|
---|
44 | exit(EXIT_FAILURE);
|
---|
45 | }
|
---|
46 |
|
---|
47 |
|
---|
48 | int sulogin_main(int argc, char **argv)
|
---|
49 | {
|
---|
50 | char *cp;
|
---|
51 | char *device = NULL;
|
---|
52 | const char *name = "root";
|
---|
53 | int timeout = 0;
|
---|
54 |
|
---|
55 | #define pass bb_common_bufsiz1
|
---|
56 |
|
---|
57 | struct passwd pwent;
|
---|
58 | struct passwd *pwd;
|
---|
59 | const char * const *p;
|
---|
60 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
---|
61 | struct spwd *spwd = NULL;
|
---|
62 | #endif
|
---|
63 |
|
---|
64 | openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
|
---|
65 | if (argc > 1) {
|
---|
66 | if (strncmp(argv[1], "-t", 2) == 0) {
|
---|
67 | if (argv[1][2] == '\0') { /* -t NN */
|
---|
68 | if (argc > 2) {
|
---|
69 | timeout = atoi(argv[2]);
|
---|
70 | if (argc > 3) {
|
---|
71 | device = argv[3];
|
---|
72 | }
|
---|
73 | }
|
---|
74 | } else { /* -tNNN */
|
---|
75 | timeout = atoi(&argv[1][2]);
|
---|
76 | if (argc > 2) {
|
---|
77 | device = argv[2];
|
---|
78 | }
|
---|
79 | }
|
---|
80 | } else {
|
---|
81 | device = argv[1];
|
---|
82 | }
|
---|
83 | if (device) {
|
---|
84 | close(0);
|
---|
85 | close(1);
|
---|
86 | close(2);
|
---|
87 | if (open(device, O_RDWR) == 0) {
|
---|
88 | dup(0);
|
---|
89 | dup(0);
|
---|
90 | } else {
|
---|
91 | syslog(LOG_WARNING, "cannot open %s\n", device);
|
---|
92 | exit(EXIT_FAILURE);
|
---|
93 | }
|
---|
94 | }
|
---|
95 | }
|
---|
96 | if (access(bb_path_passwd_file, 0) == -1) {
|
---|
97 | syslog(LOG_WARNING, "No password file\n");
|
---|
98 | bb_error_msg_and_die("No password file\n");
|
---|
99 | }
|
---|
100 | if (!isatty(0) || !isatty(1) || !isatty(2)) {
|
---|
101 | exit(EXIT_FAILURE);
|
---|
102 | }
|
---|
103 |
|
---|
104 |
|
---|
105 | /* Clear out anything dangerous from the environment */
|
---|
106 | for (p = forbid; *p; p++)
|
---|
107 | unsetenv(*p);
|
---|
108 |
|
---|
109 |
|
---|
110 | signal(SIGALRM, catchalarm);
|
---|
111 | if (!(pwd = getpwnam(name))) {
|
---|
112 | syslog(LOG_WARNING, "No password entry for `root'\n");
|
---|
113 | bb_error_msg_and_die("No password entry for `root'\n");
|
---|
114 | }
|
---|
115 | pwent = *pwd;
|
---|
116 | #if ENABLE_FEATURE_SHADOWPASSWDS
|
---|
117 | spwd = NULL;
|
---|
118 | if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
|
---|
119 | || (strcmp(pwd->pw_passwd, "*") == 0))) {
|
---|
120 | endspent();
|
---|
121 | spwd = getspnam(name);
|
---|
122 | if (spwd) {
|
---|
123 | pwent.pw_passwd = spwd->sp_pwdp;
|
---|
124 | }
|
---|
125 | }
|
---|
126 | #endif
|
---|
127 | while (1) {
|
---|
128 | cp = bb_askpass(timeout, SULOGIN_PROMPT);
|
---|
129 | if (!cp || !*cp) {
|
---|
130 | puts("\n");
|
---|
131 | fflush(stdout);
|
---|
132 | syslog(LOG_INFO, "Normal startup\n");
|
---|
133 | exit(EXIT_SUCCESS);
|
---|
134 | } else {
|
---|
135 | safe_strncpy(pass, cp, sizeof(pass));
|
---|
136 | memset(cp, 0, strlen(cp));
|
---|
137 | }
|
---|
138 | if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
|
---|
139 | break;
|
---|
140 | }
|
---|
141 | bb_do_delay(FAIL_DELAY);
|
---|
142 | puts("Login incorrect");
|
---|
143 | fflush(stdout);
|
---|
144 | syslog(LOG_WARNING, "Incorrect root password\n");
|
---|
145 | }
|
---|
146 | memset(pass, 0, strlen(pass));
|
---|
147 | signal(SIGALRM, SIG_DFL);
|
---|
148 | puts("Entering System Maintenance Mode\n");
|
---|
149 | fflush(stdout);
|
---|
150 | syslog(LOG_INFO, "System Maintenance Mode\n");
|
---|
151 |
|
---|
152 | #if ENABLE_SELINUX
|
---|
153 | renew_current_security_context();
|
---|
154 | #endif
|
---|
155 |
|
---|
156 | run_shell(pwent.pw_shell, 1, 0, 0);
|
---|
157 |
|
---|
158 | return (0);
|
---|
159 | }
|
---|