source: branches/2.2.9/mindi-busybox/loginutils/sulogin.c @ 3320

Last change on this file since 3320 was 3320, checked in by bruno, 5 years ago
  • Re-add (thanks git BTW) the 2.2.9 branch which had been destroyed in the move to 3.0
  • Property svn:eol-style set to native
File size: 2.4 KB
Line 
1/* vi: set sw=4 ts=4: */
2/*
3 * Mini sulogin implementation for busybox
4 *
5 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
6 */
7
8#include "libbb.h"
9#include <syslog.h>
10
11//static void catchalarm(int UNUSED_PARAM junk)
12//{
13//  exit(EXIT_FAILURE);
14//}
15
16
17int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
18int sulogin_main(int argc UNUSED_PARAM, char **argv)
19{
20    char *cp;
21    int timeout = 0;
22    struct passwd *pwd;
23    const char *shell;
24#if ENABLE_FEATURE_SHADOWPASSWDS
25    /* Using _r function to avoid pulling in static buffers */
26    char buffer[256];
27    struct spwd spw;
28#endif
29
30    logmode = LOGMODE_BOTH;
31    openlog(applet_name, 0, LOG_AUTH);
32
33    opt_complementary = "t+"; /* -t N */
34    getopt32(argv, "t:", &timeout);
35    argv += optind;
36
37    if (argv[0]) {
38        close(0);
39        close(1);
40        dup(xopen(argv[0], O_RDWR));
41        close(2);
42        dup(0);
43    }
44
45    /* Malicious use like "sulogin /dev/sda"? */
46    if (!isatty(0) || !isatty(1) || !isatty(2)) {
47        logmode = LOGMODE_SYSLOG;
48        bb_error_msg_and_die("not a tty");
49    }
50
51    /* Clear dangerous stuff, set PATH */
52    sanitize_env_if_suid();
53
54    pwd = getpwuid(0);
55    if (!pwd) {
56        goto auth_error;
57    }
58
59#if ENABLE_FEATURE_SHADOWPASSWDS
60    {
61        /* getspnam_r may return 0 yet set result to NULL.
62         * At least glibc 2.4 does this. Be extra paranoid here. */
63        struct spwd *result = NULL;
64        int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
65        if (r || !result) {
66            goto auth_error;
67        }
68        pwd->pw_passwd = result->sp_pwdp;
69    }
70#endif
71
72    while (1) {
73        char *encrypted;
74        int r;
75
76        /* cp points to a static buffer that is zeroed every time */
77        cp = bb_ask(STDIN_FILENO, timeout,
78                "Give root password for system maintenance\n"
79                "(or type Control-D for normal startup):");
80
81        if (!cp || !*cp) {
82            bb_info_msg("Normal startup");
83            return 0;
84        }
85        encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
86        r = strcmp(encrypted, pwd->pw_passwd);
87        free(encrypted);
88        if (r == 0) {
89            break;
90        }
91        bb_do_delay(FAIL_DELAY);
92        bb_error_msg("login incorrect");
93    }
94    memset(cp, 0, strlen(cp));
95//  signal(SIGALRM, SIG_DFL);
96
97    bb_info_msg("System Maintenance Mode");
98
99    IF_SELINUX(renew_current_security_context());
100
101    shell = getenv("SUSHELL");
102    if (!shell)
103        shell = getenv("sushell");
104    if (!shell)
105        shell = pwd->pw_shell;
106
107    /* Exec login shell with no additional parameters. Never returns. */
108    run_shell(shell, 1, NULL, NULL);
109
110 auth_error:
111    bb_error_msg_and_die("no password entry for root");
112}
Note: See TracBrowser for help on using the repository browser.