Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 1 | /* vi: set sw=4 ts=4: */ |
"Robert P. J. Day" | 801ab14 | 2006-07-12 07:56:04 +0000 | [diff] [blame] | 2 | /* |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 3 | * Mini sulogin implementation for busybox |
| 4 | * |
"Robert P. J. Day" | 801ab14 | 2006-07-12 07:56:04 +0000 | [diff] [blame] | 5 | * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. |
| 6 | */ |
| 7 | |
Denis Vlasenko | b6adbf1 | 2007-05-26 19:00:18 +0000 | [diff] [blame] | 8 | #include "libbb.h" |
Bernhard Reutner-Fischer | f470196 | 2008-01-27 12:50:12 +0000 | [diff] [blame] | 9 | #include <syslog.h> |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 10 | |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 11 | //static void catchalarm(int ATTRIBUTE_UNUSED junk) |
| 12 | //{ |
| 13 | // exit(EXIT_FAILURE); |
| 14 | //} |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 15 | |
| 16 | |
Denis Vlasenko | 9b49a5e | 2007-10-11 10:05:36 +0000 | [diff] [blame] | 17 | int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
Denis Vlasenko | 68404f1 | 2008-03-17 09:00:54 +0000 | [diff] [blame^] | 18 | int sulogin_main(int argc ATTRIBUTE_UNUSED, char **argv) |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 19 | { |
| 20 | char *cp; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 21 | int timeout = 0; |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 22 | char *timeout_arg; |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 23 | struct passwd *pwd; |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 24 | const char *shell; |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 25 | #if ENABLE_FEATURE_SHADOWPASSWDS |
| 26 | /* Using _r function to avoid pulling in static buffers */ |
| 27 | char buffer[256]; |
| 28 | struct spwd spw; |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 29 | #endif |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 30 | |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 31 | logmode = LOGMODE_BOTH; |
Denis Vlasenko | 8f8f268 | 2006-10-03 21:00:43 +0000 | [diff] [blame] | 32 | openlog(applet_name, 0, LOG_AUTH); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 33 | |
Denis Vlasenko | fe7cd64 | 2007-08-18 15:32:12 +0000 | [diff] [blame] | 34 | if (getopt32(argv, "t:", &timeout_arg)) { |
Denis Vlasenko | 1385899 | 2006-10-08 12:49:22 +0000 | [diff] [blame] | 35 | timeout = xatoi_u(timeout_arg); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 36 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 37 | |
| 38 | if (argv[optind]) { |
| 39 | close(0); |
| 40 | close(1); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 41 | dup(xopen(argv[optind], O_RDWR)); |
Rob Landley | 6967494 | 2006-09-11 00:34:01 +0000 | [diff] [blame] | 42 | close(2); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 43 | dup(0); |
| 44 | } |
| 45 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 46 | if (!isatty(0) || !isatty(1) || !isatty(2)) { |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 47 | logmode = LOGMODE_SYSLOG; |
| 48 | bb_error_msg_and_die("not a tty"); |
Denis Vlasenko | a980165 | 2006-09-07 16:20:03 +0000 | [diff] [blame] | 49 | } |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 50 | |
Denis Vlasenko | 5281630 | 2007-11-06 05:26:51 +0000 | [diff] [blame] | 51 | /* Clear dangerous stuff, set PATH */ |
Denis Vlasenko | c9ca0a3 | 2008-02-18 11:08:33 +0000 | [diff] [blame] | 52 | sanitize_env_if_suid(); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 53 | |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 54 | // bb_askpass() already handles this |
| 55 | // signal(SIGALRM, catchalarm); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 56 | |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 57 | pwd = getpwuid(0); |
| 58 | if (!pwd) { |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 59 | goto auth_error; |
Denis Vlasenko | 9213a9e | 2006-09-17 16:28:10 +0000 | [diff] [blame] | 60 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 61 | |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 62 | #if ENABLE_FEATURE_SHADOWPASSWDS |
Denis Vlasenko | 15ca51e | 2007-10-29 19:25:45 +0000 | [diff] [blame] | 63 | { |
| 64 | /* getspnam_r may return 0 yet set result to NULL. |
| 65 | * At least glibc 2.4 does this. Be extra paranoid here. */ |
| 66 | struct spwd *result = NULL; |
| 67 | int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result); |
| 68 | if (r || !result) { |
| 69 | goto auth_error; |
| 70 | } |
| 71 | pwd->pw_passwd = result->sp_pwdp; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 72 | } |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 73 | #endif |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 74 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 75 | while (1) { |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 76 | /* cp points to a static buffer that is zeroed every time */ |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 77 | cp = bb_askpass(timeout, |
| 78 | "Give root password for system maintenance\n" |
| 79 | "(or type Control-D for normal startup):"); |
| 80 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 81 | if (!cp || !*cp) { |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 82 | bb_info_msg("Normal startup"); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 83 | return 0; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 84 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 85 | if (strcmp(pw_encrypt(cp, pwd->pw_passwd), pwd->pw_passwd) == 0) { |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 86 | break; |
| 87 | } |
Rob Landley | 84cb767 | 2006-01-06 20:59:09 +0000 | [diff] [blame] | 88 | bb_do_delay(FAIL_DELAY); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 89 | bb_error_msg("login incorrect"); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 90 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 91 | memset(cp, 0, strlen(cp)); |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 92 | // signal(SIGALRM, SIG_DFL); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 93 | |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 94 | bb_info_msg("System Maintenance Mode"); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 95 | |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 96 | USE_SELINUX(renew_current_security_context()); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 97 | |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 98 | shell = getenv("SUSHELL"); |
Denis Vlasenko | a2f6101 | 2007-09-10 13:15:28 +0000 | [diff] [blame] | 99 | if (!shell) |
| 100 | shell = getenv("sushell"); |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 101 | if (!shell) { |
| 102 | shell = "/bin/sh"; |
| 103 | if (pwd->pw_shell[0]) |
| 104 | shell = pwd->pw_shell; |
| 105 | } |
Denis Vlasenko | a2f6101 | 2007-09-10 13:15:28 +0000 | [diff] [blame] | 106 | /* Exec login shell with no additional parameters. Never returns. */ |
| 107 | run_shell(shell, 1, NULL, NULL); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 108 | |
Denis Vlasenko | e5387a0 | 2007-10-20 19:20:22 +0000 | [diff] [blame] | 109 | auth_error: |
| 110 | bb_error_msg_and_die("no password entry for root"); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 111 | } |