14 #include <sys/ioctl.h>
20 #include "libcommon.h"
23 #include "compat/linux-limits.h"
26 // There must be a universal way to find these!
31 #define VTBASE "/dev/vt%02d"
34 // Where your VTs are hidden
36 #define VTNAME "/dev/tty%d"
37 #define VTNAME2 "/dev/vc/%d"
41 #error vt device name must be defined
45 __attribute__((noreturn))
48 printf(_("Usage: %s [OPTIONS] -- command\n"
50 "This utility helps you to start a program on a new virtual terminal (VT).\n"
53 " -c, --console=NUM use the given VT number;\n"
54 " -e, --exec execute the command, without forking;\n"
55 " -f, --force force opening a VT without checking;\n"
56 " -l, --login make the command a login shell;\n"
57 " -u, --user figure out the owner of the current VT;\n"
58 " -s, --switch switch to the new VT;\n"
59 " -w, --wait wait for command to complete;\n"
60 " -v, --verbose print a message for each action;\n"
61 " -V, --version print program version and exit;\n"
62 " -h, --help output a brief help message.\n"
69 * Support for Spawn_Console: openvt running from init
70 * added by Joshua Spoerri, Thu Jul 18 21:13:16 EDT 1996
72 * -u Figure out the owner of the current VT, and run
73 * login as that user. Suitable to be called by init.
74 * Shouldn't be used with -c or -l.
75 * Sample inittab line:
76 * kb::kbrequest:/usr/bin/openvt -us
78 * It is the job of authenticate_user() to find out who
79 * produced this keyboard signal. It is called only as root.
81 * Note that there is a race condition: curvt may not be the vt
82 * from which the keyboard signal was produced.
83 * (Possibly the signal was not produced at the keyboard at all,
84 * but by a "kill -SIG 1". However, only root can do this.)
86 * Conclusion: do not use this in high security environments.
87 * Or fix the code below to be more suspicious.
89 * Maybe it is better to just start a login at the new vt,
90 * instead of pre-authenticating the user with "login -f".
94 authenticate_user(int curvt)
102 char filename[NAME_MAX + 12];
103 struct passwd *pwnam;
105 if (!(dp = opendir("/proc")))
106 kbd_error(EXIT_FAILURE, errno, "opendir(/proc)");
108 /* get the current tty */
109 /* try /dev/ttyN, then /dev/vc/N */
110 sprintf(filename, VTNAME, curvt);
111 if (stat(filename, &buf)) {
113 sprintf(filename, VTNAME2, curvt);
114 if (stat(filename, &buf)) {
115 /* give error message for first attempt */
116 sprintf(filename, VTNAME, curvt);
117 kbd_error(EXIT_FAILURE, errsv, "%s", filename);
120 console_dev = buf.st_dev;
121 console_ino = buf.st_ino;
122 console_uid = buf.st_uid;
124 /* get the owner of current tty */
125 if (!(pwnam = getpwuid(console_uid)))
126 kbd_error(EXIT_FAILURE, errno, "getpwuid");
128 /* check to make sure that user has a process on that tty */
129 /* this will fail for example when X is running on the tty */
130 while ((dentp = readdir(dp))) {
131 sprintf(filename, "/proc/%s/fd/0", dentp->d_name);
133 if (stat(filename, &buf))
136 if (buf.st_dev == console_dev && buf.st_ino == console_ino && buf.st_uid == console_uid)
140 kbd_error(EXIT_FAILURE, 0, _("Couldn't find owner of current tty!"));
145 return pwnam->pw_name;
149 open_vt(char *vtname, int force)
153 if ((fd = open(vtname, O_RDWR)) == -1)
156 if (ioctl(fd, TIOCSCTTY, force) == -1) {
164 int main(int argc, char *argv[])
167 struct vt_stat vtstat;
176 char verbose = FALSE;
177 char direct_exec = FALSE;
178 char do_wait = FALSE;
179 char as_user = FALSE;
180 char vtname[PATH_MAX+1];
181 char *cmd = NULL, *def_cmd = NULL, *username = NULL;
183 struct option long_options[] = {
184 { "help", no_argument, 0, 'h' },
185 { "version", no_argument, 0, 'V' },
186 { "verbose", no_argument, 0, 'v' },
187 { "exec", no_argument, 0, 'e' },
188 { "force", no_argument, 0, 'f' },
189 { "login", no_argument, 0, 'l' },
190 { "user", no_argument, 0, 'u' },
191 { "switch", no_argument, 0, 's' },
192 { "wait", no_argument, 0, 'w' },
193 { "console", required_argument, 0, 'c' },
197 set_progname(argv[0]);
200 while ((opt = getopt_long(argc, argv, "c:lsfuewhvV", long_options, NULL)) != -1) {
203 optc = 1; /* vtno was specified by the user */
204 vtno = (int)atol(optarg);
206 if (vtno <= 0 || vtno > 63)
207 kbd_error(5, 0, _("%s: Illegal vt number"), optarg);
209 /* close security holes - until we can do this safely */
210 if (setuid(getuid()) < 0)
211 kbd_error(5, errno, "%s: setuid", optarg);
232 /* we'll let 'em get away with the meaningless -ul combo */
234 kbd_error(EXIT_FAILURE, 0, _("Only root can use the -u flag."));
239 print_version_and_exit();
243 print_help(EXIT_SUCCESS);
248 for (i = 0; i < 3; i++) {
251 if (fstat(i, &st) == -1 && open("/dev/null", O_RDWR) == -1)
252 kbd_error(EXIT_FAILURE, errno, "open(/dev/null)");
255 if ((consfd = getfd(NULL)) < 0)
256 kbd_error(2, 0, _("Couldn't get a file descriptor referring to the console"));
258 if (ioctl(consfd, VT_GETSTATE, &vtstat) < 0)
259 kbd_error(4, errno, "ioctl(VT_GETSTATE)");
262 if (ioctl(consfd, VT_OPENQRY, &vtno) < 0 || vtno == -1)
263 kbd_error(3, errno, _("Cannot find a free vt"));
267 kbd_error(7, 0, _("Cannot check whether vt %d is free; use `%s -f' to force."),
268 vtno, get_progname());
270 if (vtstat.v_state & (1 << vtno))
271 kbd_error(7, 0, _("vt %d is in use; command aborted; use `%s -f' to force."),
272 vtno, get_progname());
276 username = authenticate_user(vtstat.v_active);
278 if (!(argc > optind)) {
279 def_cmd = getenv("SHELL");
281 kbd_error(7, 0, _("Unable to find command."));
282 cmd = xmalloc(strlen(def_cmd) + 2);
284 cmd = xmalloc(strlen(argv[optind]) + 2);
293 strcat(cmd, def_cmd);
295 strcat(cmd, argv[optind]);
298 argv[optind] = cmd++;
301 if (direct_exec || ((pid = fork()) == 0)) {
302 /* leave current vt */
309 #endif /* HAVE_SETPGRP */
312 #endif /* ESIX_5_3_2_D */
313 kbd_error(5, errno, _("Unable to set new session"));
316 snprintf(vtname, PATH_MAX, VTNAME, vtno);
318 /* Can we open the vt we want? */
319 if ((fd = open_vt(vtname, force)) == -1) {
322 /* We found vtno ourselves - it is free according
323 to the kernel, but we cannot open it. Maybe X
324 used it and did a chown. Try a few vt's more
325 before giving up. Note: the 16 is a kernel limitation. */
326 for (i = vtno + 1; i < 16; i++) {
327 if ((vtstat.v_state & (1 << i)) == 0) {
328 snprintf(vtname, PATH_MAX, VTNAME, i);
329 if ((fd = open_vt(vtname, force)) >= 0) {
335 snprintf(vtname, PATH_MAX, VTNAME, vtno);
337 kbd_error(5, errsv, _("Unable to open %s"), vtname);
341 kbd_warning(0, _("Using VT %s"), vtname);
343 /* Maybe we are suid root, and the -c option was given.
344 Check that the real user can access this VT.
345 We assume getty has made any in use VT non accessable */
346 if (access(vtname, R_OK | W_OK) < 0)
347 kbd_error(5, errno, _("Cannot open %s read/write"), vtname);
349 if (!as_user && !geteuid()) {
350 uid_t uid = getuid();
351 if (chown(vtname, uid, getgid()) == -1)
352 kbd_error(5, errno, "chown");
354 kbd_error(5, errno, "setuid");
358 if (ioctl(fd, VT_ACTIVATE, vtno))
359 kbd_error(1, errno, _("Couldn't activate vt %d"), vtno);
361 if (ioctl(fd, VT_WAITACTIVE, vtno))
362 kbd_error(1, errno, _("Activation interrupted?"));
369 if ((dup2(fd, 0) == -1) || (dup2(fd, 1) == -1) || (dup2(fd, 2) == -1))
370 kbd_error(1, errno, "dup");
372 /* slight problem: after "openvt -su" has finished, the
373 utmp entry is not removed */
375 execlp("login", "login", "-f", username, NULL);
377 execlp(cmd, def_cmd, NULL);
379 execvp(cmd, &argv[optind]);
381 kbd_error(127, errno, "exec");
385 kbd_error(6, errno, "fork");
388 int retval = 0; /* actual value returned form process */
391 waitpid(pid, &retval, 0);
393 if (show) { /* Switch back... */
394 if (ioctl(consfd, VT_ACTIVATE, vtstat.v_active))
395 kbd_error(8, errno, "ioctl(VT_ACTIVATE)");
397 /* wait to be really sure we have switched */
398 if (ioctl(consfd, VT_WAITACTIVE, vtstat.v_active))
399 kbd_error(8, errno, "ioctl(VT_WAITACTIVE)");
401 if (ioctl(consfd, VT_DISALLOCATE, vtno))
402 kbd_error(8, 0, _("Couldn't deallocate console %d"), vtno);
405 /* if all our stuff went right, we want to return the exit code of the command we ran
406 super vital for scripting loops etc */