Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 1 | /* vi: set sw=4 ts=4: */ |
"Robert P. J. Day" | 801ab14 | 2006-07-12 07:56:04 +0000 | [diff] [blame] | 2 | /* |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 3 | * Mini sulogin implementation for busybox |
| 4 | * |
"Robert P. J. Day" | 801ab14 | 2006-07-12 07:56:04 +0000 | [diff] [blame] | 5 | * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. |
| 6 | */ |
| 7 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 8 | #include <syslog.h> |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 9 | |
Denis Vlasenko | b6adbf1 | 2007-05-26 19:00:18 +0000 | [diff] [blame] | 10 | #include "libbb.h" |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 11 | |
Denis Vlasenko | 6ca409e | 2007-08-12 20:58:27 +0000 | [diff] [blame^] | 12 | static const char *const forbid[] = { |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 13 | "ENV", |
| 14 | "BASH_ENV", |
| 15 | "HOME", |
| 16 | "IFS", |
| 17 | "PATH", |
| 18 | "SHELL", |
| 19 | "LD_LIBRARY_PATH", |
| 20 | "LD_PRELOAD", |
| 21 | "LD_TRACE_LOADED_OBJECTS", |
| 22 | "LD_BIND_NOW", |
| 23 | "LD_AOUT_LIBRARY_PATH", |
| 24 | "LD_AOUT_PRELOAD", |
| 25 | "LD_NOWARN", |
| 26 | "LD_KEEPDIR", |
| 27 | (char *) 0 |
| 28 | }; |
| 29 | |
| 30 | |
Bernhard Reutner-Fischer | 3038557 | 2006-01-31 17:57:48 +0000 | [diff] [blame] | 31 | static void catchalarm(int ATTRIBUTE_UNUSED junk) |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 32 | { |
| 33 | exit(EXIT_FAILURE); |
| 34 | } |
| 35 | |
| 36 | |
Denis Vlasenko | 06af216 | 2007-02-03 17:28:39 +0000 | [diff] [blame] | 37 | int sulogin_main(int argc, char **argv); |
Rob Landley | dfba741 | 2006-03-06 20:47:33 +0000 | [diff] [blame] | 38 | int sulogin_main(int argc, char **argv) |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 39 | { |
| 40 | char *cp; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 41 | int timeout = 0; |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 42 | char *timeout_arg; |
Denis Vlasenko | 6ca409e | 2007-08-12 20:58:27 +0000 | [diff] [blame^] | 43 | const char *const *p; |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 44 | struct passwd *pwd; |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 45 | const char *shell; |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 46 | #if ENABLE_FEATURE_SHADOWPASSWDS |
| 47 | /* Using _r function to avoid pulling in static buffers */ |
| 48 | char buffer[256]; |
| 49 | struct spwd spw; |
| 50 | struct spwd *result; |
| 51 | #endif |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 52 | |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 53 | logmode = LOGMODE_BOTH; |
Denis Vlasenko | 8f8f268 | 2006-10-03 21:00:43 +0000 | [diff] [blame] | 54 | openlog(applet_name, 0, LOG_AUTH); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 55 | |
Denis Vlasenko | 1385899 | 2006-10-08 12:49:22 +0000 | [diff] [blame] | 56 | if (getopt32(argc, argv, "t:", &timeout_arg)) { |
| 57 | timeout = xatoi_u(timeout_arg); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 58 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 59 | |
| 60 | if (argv[optind]) { |
| 61 | close(0); |
| 62 | close(1); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 63 | dup(xopen(argv[optind], O_RDWR)); |
Rob Landley | 6967494 | 2006-09-11 00:34:01 +0000 | [diff] [blame] | 64 | close(2); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 65 | dup(0); |
| 66 | } |
| 67 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 68 | if (!isatty(0) || !isatty(1) || !isatty(2)) { |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 69 | logmode = LOGMODE_SYSLOG; |
| 70 | bb_error_msg_and_die("not a tty"); |
Denis Vlasenko | a980165 | 2006-09-07 16:20:03 +0000 | [diff] [blame] | 71 | } |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 72 | |
| 73 | /* Clear out anything dangerous from the environment */ |
| 74 | for (p = forbid; *p; p++) |
| 75 | unsetenv(*p); |
| 76 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 77 | signal(SIGALRM, catchalarm); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 78 | |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 79 | pwd = getpwuid(0); |
| 80 | if (!pwd) { |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 81 | goto auth_error; |
Denis Vlasenko | 9213a9e | 2006-09-17 16:28:10 +0000 | [diff] [blame] | 82 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 83 | |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 84 | #if ENABLE_FEATURE_SHADOWPASSWDS |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 85 | if (getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result)) { |
| 86 | goto auth_error; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 87 | } |
Denis Vlasenko | 5df955f | 2007-03-13 13:01:14 +0000 | [diff] [blame] | 88 | pwd->pw_passwd = spw.sp_pwdp; |
Denis Vlasenko | b5a122b | 2006-12-30 14:46:51 +0000 | [diff] [blame] | 89 | #endif |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 90 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 91 | while (1) { |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 92 | /* cp points to a static buffer that is zeroed every time */ |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 93 | cp = bb_askpass(timeout, |
| 94 | "Give root password for system maintenance\n" |
| 95 | "(or type Control-D for normal startup):"); |
| 96 | |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 97 | if (!cp || !*cp) { |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 98 | bb_info_msg("Normal startup"); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 99 | return 0; |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 100 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 101 | if (strcmp(pw_encrypt(cp, pwd->pw_passwd), pwd->pw_passwd) == 0) { |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 102 | break; |
| 103 | } |
Rob Landley | 84cb767 | 2006-01-06 20:59:09 +0000 | [diff] [blame] | 104 | bb_do_delay(FAIL_DELAY); |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 105 | bb_error_msg("login incorrect"); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 106 | } |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 107 | memset(cp, 0, strlen(cp)); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 108 | signal(SIGALRM, SIG_DFL); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 109 | |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 110 | bb_info_msg("System Maintenance Mode"); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 111 | |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 112 | USE_SELINUX(renew_current_security_context()); |
Rob Landley | 60158cb | 2005-05-03 06:25:50 +0000 | [diff] [blame] | 113 | |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 114 | shell = getenv("SUSHELL"); |
| 115 | if (!shell) shell = getenv("sushell"); |
| 116 | if (!shell) { |
| 117 | shell = "/bin/sh"; |
| 118 | if (pwd->pw_shell[0]) |
| 119 | shell = pwd->pw_shell; |
| 120 | } |
| 121 | run_shell(shell, 1, 0, 0); |
Rob Landley | dd93abe | 2006-09-08 17:22:05 +0000 | [diff] [blame] | 122 | /* never returns */ |
Denis Vlasenko | 9852d5a | 2006-09-09 14:00:58 +0000 | [diff] [blame] | 123 | |
Denis Vlasenko | 9213a9e | 2006-09-17 16:28:10 +0000 | [diff] [blame] | 124 | auth_error: |
Denis Vlasenko | c345d8e | 2006-10-14 11:47:02 +0000 | [diff] [blame] | 125 | bb_error_msg_and_die("no password entry for 'root'"); |
Eric Andersen | 27f64e1 | 2002-06-23 04:24:25 +0000 | [diff] [blame] | 126 | } |