loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 #include <fcntl.h>
   3 #include <signal.h>
   4 #include <stdio.h>
   5 #include <stdlib.h>
   6 #include <string.h>
   7 #include <syslog.h>
   8 #include <unistd.h>
   9 #include <utmp.h>
  10 #include <sys/resource.h>
  11 #include <sys/stat.h>
  12 #include <sys/types.h>
  13 #include <ctype.h>
  14 #include <time.h>
  15
  16 #include "busybox.h"
  17
  18
  19 #define SULOGIN_PROMPT "\nGive root password for system maintenance\n" \
  20         "(or type Control-D for normal startup):"
  21
  22 static const char * const forbid[] = {
  23         "ENV",
  24         "BASH_ENV",
  25         "HOME",
  26         "IFS",
  27         "PATH",
  28         "SHELL",
  29         "LD_LIBRARY_PATH",
  30         "LD_PRELOAD",
  31         "LD_TRACE_LOADED_OBJECTS",
  32         "LD_BIND_NOW",
  33         "LD_AOUT_LIBRARY_PATH",
  34         "LD_AOUT_PRELOAD",
  35         "LD_NOWARN",
  36         "LD_KEEPDIR",
  37         (char *) 0
  38 };
  39
  40
  41
  42 static void catchalarm(int ATTRIBUTE_UNUSED junk)
  43 {
  44         exit(EXIT_FAILURE);
  45 }
  46
  47
  48 int sulogin_main(int argc, char **argv)
  49 {
  50         char *cp;
  51         char *device = (char *) 0;
  52         const char *name = "root";
  53         int timeout = 0;
  54
  55 #define pass bb_common_bufsiz1
  56
  57         struct passwd pwent;
  58         struct passwd *pwd;
  59         const char * const *p;
  60 #if ENABLE_FEATURE_SHADOWPASSWDS
  61         struct spwd *spwd = NULL;
  62 #endif
  63
  64         openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
  65         if (argc > 1) {
  66                 if (strncmp(argv[1], "-t", 2) == 0) {
  67                         if (strcmp(argv[1], "-t") == 0) {
  68                                 if (argc > 2) {
  69                                         timeout = atoi(argv[2]);
  70                                         if (argc > 3) {
  71                                                 device = argv[3];
  72                                         }
  73                                 }
  74                         } else {
  75                                 if (argc > 2) {
  76                                         device = argv[2];
  77                                 }
  78                         }
  79                 } else {
  80                         device = argv[1];
  81                 }
  82                 if (device) {
  83                         close(0);
  84                         close(1);
  85                         close(2);
  86                         if (open(device, O_RDWR) >= 0) {
  87                                 dup(0);
  88                                 dup(0);
  89                         } else {
  90                                 syslog(LOG_WARNING, "cannot open %s\n", device);
  91                                 exit(EXIT_FAILURE);
  92                         }
  93                 }
  94         }
  95         if (access(bb_path_passwd_file, 0) == -1) {
  96                 syslog(LOG_WARNING, "No password file\n");
  97                 bb_error_msg_and_die("No password file\n");
  98         }
  99         if (!isatty(0) || !isatty(1) || !isatty(2)) {
 100                 exit(EXIT_FAILURE);
 101         }
 102
 103
 104         /* Clear out anything dangerous from the environment */
 105         for (p = forbid; *p; p++)
 106                 unsetenv(*p);
 107
 108
 109         signal(SIGALRM, catchalarm);
 110         if (!(pwd = getpwnam(name))) {
 111                 syslog(LOG_WARNING, "No password entry for `root'\n");
 112                 bb_error_msg_and_die("No password entry for `root'\n");
 113         }
 114         pwent = *pwd;
 115 #if ENABLE_FEATURE_SHADOWPASSWDS
 116         spwd = NULL;
 117         if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
 118                                 || (strcmp(pwd->pw_passwd, "*") == 0))) {
 119                 endspent();
 120                 spwd = getspnam(name);
 121                 if (spwd) {
 122                         pwent.pw_passwd = spwd->sp_pwdp;
 123                 }
 124         }
 125 #endif
 126         while (1) {
 127                 cp = bb_askpass(timeout, SULOGIN_PROMPT);
 128                 if (!cp || !*cp) {
 129                         puts("\n");
 130                         fflush(stdout);
 131                         syslog(LOG_INFO, "Normal startup\n");
 132                         exit(EXIT_SUCCESS);
 133                 } else {
 134                         safe_strncpy(pass, cp, sizeof(pass));
 135                         memset(cp, 0, strlen(cp));
 136                 }
 137                 if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
 138                         break;
 139                 }
 140                 bb_do_delay(FAIL_DELAY);
 141                 puts("Login incorrect");
 142                 fflush(stdout);
 143                 syslog(LOG_WARNING, "Incorrect root password\n");
 144         }
 145         memset(pass, 0, strlen(pass));
 146         signal(SIGALRM, SIG_DFL);
 147         puts("Entering System Maintenance Mode\n");
 148         fflush(stdout);
 149         syslog(LOG_INFO, "System Maintenance Mode\n");
 150
 151 #if ENABLE_SELINUX
 152         renew_current_security_context();
 153 #endif
 154
 155         run_shell(pwent.pw_shell, 1, 0, 0);
 156
 157         return (0);
 158 }