loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 #include <fcntl.h>
   3 #include <signal.h>
   4 #include <stdio.h>
   5 #include <stdlib.h>
   6 #include <string.h>
   7 #include <syslog.h>
   8 #include <unistd.h>
   9 #include <utmp.h>
  10 #include <sys/resource.h>
  11 #include <sys/stat.h>
  12 #include <sys/time.h>
  13 #include <sys/types.h>
  14 #include <ctype.h>
  15 #include <time.h>
  16
  17 #include "busybox.h"
  18
  19
  20 // sulogin defines
  21 #define SULOGIN_PROMPT "\nGive root password for system maintenance\n" \
  22         "(or type Control-D for normal startup):"
  23
  24 static const char * const forbid[] = {
  25         "ENV",
  26         "BASH_ENV",
  27         "HOME",
  28         "IFS",
  29         "PATH",
  30         "SHELL",
  31         "LD_LIBRARY_PATH",
  32         "LD_PRELOAD",
  33         "LD_TRACE_LOADED_OBJECTS",
  34         "LD_BIND_NOW",
  35         "LD_AOUT_LIBRARY_PATH",
  36         "LD_AOUT_PRELOAD",
  37         "LD_NOWARN",
  38         "LD_KEEPDIR",
  39         (char *) 0
  40 };
  41
  42
  43
  44 static void catchalarm(int junk)
  45 {
  46         exit(EXIT_FAILURE);
  47 }
  48
  49
  50 extern int sulogin_main(int argc, char **argv)
  51 {
  52         char *cp;
  53         char *device = (char *) 0;
  54         const char *name = "root";
  55         int timeout = 0;
  56
  57 #define pass bb_common_bufsiz1
  58
  59         struct passwd pwent;
  60         struct passwd *pwd;
  61         time_t start, now;
  62         const char * const *p;
  63 #ifdef CONFIG_FEATURE_SHADOWPASSWDS
  64         struct spwd *spwd = NULL;
  65 #endif                                                  /* CONFIG_FEATURE_SHADOWPASSWDS */
  66
  67         openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
  68         if (argc > 1) {
  69                 if (strncmp(argv[1], "-t", 2) == 0) {
  70                         if (strcmp(argv[1], "-t") == 0) {
  71                                 if (argc > 2) {
  72                                         timeout = atoi(argv[2]);
  73                                         if (argc > 3) {
  74                                                 device = argv[3];
  75                                         }
  76                                 }
  77                         } else {
  78                                 if (argc > 2) {
  79                                         device = argv[2];
  80                                 }
  81                         }
  82                 } else {
  83                         device = argv[1];
  84                 }
  85                 if (device) {
  86                         close(0);
  87                         close(1);
  88                         close(2);
  89                         if (open(device, O_RDWR) >= 0) {
  90                                 dup(0);
  91                                 dup(0);
  92                         } else {
  93                                 syslog(LOG_WARNING, "cannot open %s\n", device);
  94                                 exit(EXIT_FAILURE);
  95                         }
  96                 }
  97         }
  98         if (access(bb_path_passwd_file, 0) == -1) {
  99                 syslog(LOG_WARNING, "No password file\n");
 100                 bb_error_msg_and_die("No password file\n");
 101         }
 102         if (!isatty(0) || !isatty(1) || !isatty(2)) {
 103                 exit(EXIT_FAILURE);
 104         }
 105
 106
 107         /* Clear out anything dangerous from the environment */
 108         for (p = forbid; *p; p++)
 109                 unsetenv(*p);
 110
 111
 112         signal(SIGALRM, catchalarm);
 113         if (!(pwd = getpwnam(name))) {
 114                 syslog(LOG_WARNING, "No password entry for `root'\n");
 115                 bb_error_msg_and_die("No password entry for `root'\n");
 116         }
 117         pwent = *pwd;
 118 #ifdef CONFIG_FEATURE_SHADOWPASSWDS
 119         spwd = NULL;
 120         if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
 121                                 || (strcmp(pwd->pw_passwd, "*") == 0))) {
 122                 endspent();
 123                 spwd = getspnam(name);
 124                 if (spwd) {
 125                         pwent.pw_passwd = spwd->sp_pwdp;
 126                 }
 127         }
 128 #endif                                                  /* CONFIG_FEATURE_SHADOWPASSWDS */
 129         while (1) {
 130                 cp = bb_askpass(timeout, SULOGIN_PROMPT);
 131                 if (!cp || !*cp) {
 132                         puts("\n");
 133                         fflush(stdout);
 134                         syslog(LOG_INFO, "Normal startup\n");
 135                         exit(EXIT_SUCCESS);
 136                 } else {
 137                         safe_strncpy(pass, cp, sizeof(pass));
 138                         bzero(cp, strlen(cp));
 139                 }
 140                 if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
 141                         break;
 142                 }
 143                 time(&start);
 144                 now = start;
 145                 while (difftime(now, start) < FAIL_DELAY) {
 146                         sleep(FAIL_DELAY);
 147                         time(&now);
 148                 }
 149                 puts("Login incorrect");
 150                 fflush(stdout);
 151                 syslog(LOG_WARNING, "Incorrect root password\n");
 152         }
 153         bzero(pass, strlen(pass));
 154         signal(SIGALRM, SIG_DFL);
 155         puts("Entering System Maintenance Mode\n");
 156         fflush(stdout);
 157         syslog(LOG_INFO, "System Maintenance Mode\n");
 158
 159 #ifdef CONFIG_SELINUX
 160         renew_current_security_context();
 161 #endif
 162
 163         run_shell(pwent.pw_shell, 1, 0, 0);
 164
 165         return (0);
 166 }