Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 1 | /* vi: set sw=4 ts=4: */ |
"Robert P. J. Day" | 801ab14 | 2006-07-12 07:56:04 +0000 | [diff] [blame] | 2 | /* |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 3 | * Mini sulogin implementation for busybox |
| 4 | * |
"Robert P. J. Day" | 801ab14 | 2006-07-12 07:56:04 +0000 | [diff] [blame] | 5 | * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. |
| 6 | */ |
| 7 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 8 | #include <syslog.h> |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 9 | |
Denis Vlasenko | b6adbf1 | 2007-05-26 19:00:18 +0000 | [diff] [blame] | 10 | #include "libbb.h" |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 11 | |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 12 | static const char forbid[] ALIGN1 = |
| 13 | "ENV" "\0" |
| 14 | "BASH_ENV" "\0" |
| 15 | "HOME" "\0" |
| 16 | "IFS" "\0" |
| 17 | "PATH" "\0" |
| 18 | "SHELL" "\0" |
| 19 | "LD_LIBRARY_PATH" "\0" |
| 20 | "LD_PRELOAD" "\0" |
| 21 | "LD_TRACE_LOADED_OBJECTS" "\0" |
| 22 | "LD_BIND_NOW" "\0" |
| 23 | "LD_AOUT_LIBRARY_PATH" "\0" |
| 24 | "LD_AOUT_PRELOAD" "\0" |
| 25 | "LD_NOWARN" "\0" |
| 26 | "LD_KEEPDIR" "\0"; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 27 | |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 28 | //static void catchalarm(int ATTRIBUTE_UNUSED junk) |
| 29 | //{ |
| 30 | // exit(EXIT_FAILURE); |
| 31 | //} |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 32 | |
| 33 | |
Denis Vlasenko | 9b49a5e | 2007-10-11 10:05:36 +0000 | [diff] [blame] | 34 | int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
Rob Landley | dfba741 | 2006-03-06 20:47:33 +0000 | [diff] [blame] | 35 | int sulogin_main(int argc, char **argv) |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 36 | { |
| 37 | char *cp; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 38 | int timeout = 0; |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 39 | char *timeout_arg; |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 40 | const char *p; |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 41 | struct passwd *pwd; |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 42 | const char *shell; |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 43 | #if ENABLE_FEATURE_SHADOWPASSWDS |
| 44 | /* Using _r function to avoid pulling in static buffers */ |
| 45 | char buffer[256]; |
| 46 | struct spwd spw; |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 47 | #endif |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 48 | |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 49 | logmode = LOGMODE_BOTH; |
Denis Vlasenko | 8f8f268 | 2006-10-03 21:00:43 +0000 | [diff] [blame] | 50 | openlog(applet_name, 0, LOG_AUTH); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 51 | |
Denis Vlasenko | fe7cd64 | 2007-08-18 15:32:12 +0000 | [diff] [blame] | 52 | if (getopt32(argv, "t:", &timeout_arg)) { |
Denis Vlasenko | 1385899 | 2006-10-08 12:49:22 +0000 | [diff] [blame] | 53 | timeout = xatoi_u(timeout_arg); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 54 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 55 | |
| 56 | if (argv[optind]) { |
| 57 | close(0); |
| 58 | close(1); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 59 | dup(xopen(argv[optind], O_RDWR)); |
Rob Landley | 6967494 | 2006-09-11 00:34:01 +0000 | [diff] [blame] | 60 | close(2); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 61 | dup(0); |
| 62 | } |
| 63 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 64 | if (!isatty(0) || !isatty(1) || !isatty(2)) { |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 65 | logmode = LOGMODE_SYSLOG; |
| 66 | bb_error_msg_and_die("not a tty"); |
Denis Vlasenko | a980165 | 2006-09-07 16:20:03 +0000 | [diff] [blame] | 67 | } |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 68 | |
| 69 | /* Clear out anything dangerous from the environment */ |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 70 | p = forbid; |
| 71 | do { |
| 72 | unsetenv(p); |
| 73 | p += strlen(p) + 1; |
| 74 | } while (*p); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 75 | |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 76 | // bb_askpass() already handles this |
| 77 | // signal(SIGALRM, catchalarm); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 78 | |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 79 | pwd = getpwuid(0); |
| 80 | if (!pwd) { |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 81 | goto auth_error; |
Denis Vlasenko | 9213a9e | 2006-09-17 16:28:10 +0000 | [diff] [blame] | 82 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 83 | |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 84 | #if ENABLE_FEATURE_SHADOWPASSWDS |
Denis Vlasenko | 15ca51e | 2007-10-29 19:25:45 +0000 | [diff] [blame^] | 85 | { |
| 86 | /* getspnam_r may return 0 yet set result to NULL. |
| 87 | * At least glibc 2.4 does this. Be extra paranoid here. */ |
| 88 | struct spwd *result = NULL; |
| 89 | int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result); |
| 90 | if (r || !result) { |
| 91 | goto auth_error; |
| 92 | } |
| 93 | pwd->pw_passwd = result->sp_pwdp; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 94 | } |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 95 | #endif |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 96 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 97 | while (1) { |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 98 | /* cp points to a static buffer that is zeroed every time */ |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 99 | cp = bb_askpass(timeout, |
| 100 | "Give root password for system maintenance\n" |
| 101 | "(or type Control-D for normal startup):"); |
| 102 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 103 | if (!cp || !*cp) { |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 104 | bb_info_msg("Normal startup"); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 105 | return 0; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 106 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 107 | if (strcmp(pw_encrypt(cp, pwd->pw_passwd), pwd->pw_passwd) == 0) { |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 108 | break; |
| 109 | } |
Rob Landley | 84cb767 | 2006-01-06 20:59:09 +0000 | [diff] [blame] | 110 | bb_do_delay(FAIL_DELAY); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 111 | bb_error_msg("login incorrect"); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 112 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 113 | memset(cp, 0, strlen(cp)); |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 114 | // signal(SIGALRM, SIG_DFL); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 115 | |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 116 | bb_info_msg("System Maintenance Mode"); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 117 | |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 118 | USE_SELINUX(renew_current_security_context()); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 119 | |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 120 | shell = getenv("SUSHELL"); |
Denis Vlasenko | a2f6101 | 2007-09-10 13:15:28 +0000 | [diff] [blame] | 121 | if (!shell) |
| 122 | shell = getenv("sushell"); |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 123 | if (!shell) { |
| 124 | shell = "/bin/sh"; |
| 125 | if (pwd->pw_shell[0]) |
| 126 | shell = pwd->pw_shell; |
| 127 | } |
Denis Vlasenko | a2f6101 | 2007-09-10 13:15:28 +0000 | [diff] [blame] | 128 | /* Exec login shell with no additional parameters. Never returns. */ |
| 129 | run_shell(shell, 1, NULL, NULL); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 130 | |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 131 | auth_error: |
| 132 | bb_error_msg_and_die("no password entry for root"); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 133 | } |