loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 #include <fcntl.h>
   3 #include <signal.h>
   4 #include <stdio.h>
   5 #include <stdlib.h>
   6 #include <string.h>
   7 #include <syslog.h>
   8 #include <unistd.h>
   9 #include <utmp.h>
  10 #include <sys/resource.h>
  11 #include <sys/stat.h>
  12 #include <sys/time.h>
  13 #include <sys/types.h>
  14 #include <ctype.h>
  15 #include <time.h>
  16
  17 #include "busybox.h"
  18
  19
  20 // sulogin defines
  21 #define SULOGIN_PROMPT "\nGive root password for system maintenance\n" \
  22         "(or type Control-D for normal startup):"
  23
  24 static const char * const forbid[] = {
  25         "ENV",
  26         "BASH_ENV",
  27         "HOME",
  28         "IFS",
  29         "PATH",
  30         "SHELL",
  31         "LD_LIBRARY_PATH",
  32         "LD_PRELOAD",
  33         "LD_TRACE_LOADED_OBJECTS",
  34         "LD_BIND_NOW",
  35         "LD_AOUT_LIBRARY_PATH",
  36         "LD_AOUT_PRELOAD",
  37         "LD_NOWARN",
  38         "LD_KEEPDIR",
  39         (char *) 0
  40 };
  41
  42
  43
  44 static void catchalarm(int junk)
  45 {
  46         exit(EXIT_FAILURE);
  47 }
  48
  49
  50 extern int sulogin_main(int argc, char **argv)
  51 {
  52         char *cp;
  53         char *device = (char *) 0;
  54         const char *name = "root";
  55         int timeout = 0;
  56
  57 #define pass bb_common_bufsiz1
  58
  59         struct passwd pwent;
  60         struct passwd *pwd;
  61         const char * const *p;
  62 #ifdef CONFIG_FEATURE_SHADOWPASSWDS
  63         struct spwd *spwd = NULL;
  64 #endif                                                  /* CONFIG_FEATURE_SHADOWPASSWDS */
  65
  66         openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
  67         if (argc > 1) {
  68                 if (strncmp(argv[1], "-t", 2) == 0) {
  69                         if (strcmp(argv[1], "-t") == 0) {
  70                                 if (argc > 2) {
  71                                         timeout = atoi(argv[2]);
  72                                         if (argc > 3) {
  73                                                 device = argv[3];
  74                                         }
  75                                 }
  76                         } else {
  77                                 if (argc > 2) {
  78                                         device = argv[2];
  79                                 }
  80                         }
  81                 } else {
  82                         device = argv[1];
  83                 }
  84                 if (device) {
  85                         close(0);
  86                         close(1);
  87                         close(2);
  88                         if (open(device, O_RDWR) >= 0) {
  89                                 dup(0);
  90                                 dup(0);
  91                         } else {
  92                                 syslog(LOG_WARNING, "cannot open %s\n", device);
  93                                 exit(EXIT_FAILURE);
  94                         }
  95                 }
  96         }
  97         if (access(bb_path_passwd_file, 0) == -1) {
  98                 syslog(LOG_WARNING, "No password file\n");
  99                 bb_error_msg_and_die("No password file\n");
 100         }
 101         if (!isatty(0) || !isatty(1) || !isatty(2)) {
 102                 exit(EXIT_FAILURE);
 103         }
 104
 105
 106         /* Clear out anything dangerous from the environment */
 107         for (p = forbid; *p; p++)
 108                 unsetenv(*p);
 109
 110
 111         signal(SIGALRM, catchalarm);
 112         if (!(pwd = getpwnam(name))) {
 113                 syslog(LOG_WARNING, "No password entry for `root'\n");
 114                 bb_error_msg_and_die("No password entry for `root'\n");
 115         }
 116         pwent = *pwd;
 117 #ifdef CONFIG_FEATURE_SHADOWPASSWDS
 118         spwd = NULL;
 119         if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
 120                                 || (strcmp(pwd->pw_passwd, "*") == 0))) {
 121                 endspent();
 122                 spwd = getspnam(name);
 123                 if (spwd) {
 124                         pwent.pw_passwd = spwd->sp_pwdp;
 125                 }
 126         }
 127 #endif                                                  /* CONFIG_FEATURE_SHADOWPASSWDS */
 128         while (1) {
 129                 cp = bb_askpass(timeout, SULOGIN_PROMPT);
 130                 if (!cp || !*cp) {
 131                         puts("\n");
 132                         fflush(stdout);
 133                         syslog(LOG_INFO, "Normal startup\n");
 134                         exit(EXIT_SUCCESS);
 135                 } else {
 136                         safe_strncpy(pass, cp, sizeof(pass));
 137                         bzero(cp, strlen(cp));
 138                 }
 139                 if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
 140                         break;
 141                 }
 142                 bb_do_delay(FAIL_DELAY);
 143                 puts("Login incorrect");
 144                 fflush(stdout);
 145                 syslog(LOG_WARNING, "Incorrect root password\n");
 146         }
 147         bzero(pass, strlen(pass));
 148         signal(SIGALRM, SIG_DFL);
 149         puts("Entering System Maintenance Mode\n");
 150         fflush(stdout);
 151         syslog(LOG_INFO, "System Maintenance Mode\n");
 152
 153 #ifdef CONFIG_SELINUX
 154         renew_current_security_context();
 155 #endif
 156
 157         run_shell(pwent.pw_shell, 1, 0, 0);
 158
 159         return (0);
 160 }