loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 /*
   3  * Mini sulogin implementation for busybox
   4  *
   5  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
   6  */
   7
   8 #include "libbb.h"
   9 #include <syslog.h>
  10
  11 //static void catchalarm(int UNUSED_PARAM junk)
  12 //{
  13 //      exit(EXIT_FAILURE);
  14 //}
  15
  16
  17 int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  18 int sulogin_main(int argc UNUSED_PARAM, char **argv)
  19 {
  20         char *cp;
  21         int timeout = 0;
  22         struct passwd *pwd;
  23         const char *shell;
  24 #if ENABLE_FEATURE_SHADOWPASSWDS
  25         /* Using _r function to avoid pulling in static buffers */
  26         char buffer[256];
  27         struct spwd spw;
  28 #endif
  29
  30         logmode = LOGMODE_BOTH;
  31         openlog(applet_name, 0, LOG_AUTH);
  32
  33         opt_complementary = "t+"; /* -t N */
  34         getopt32(argv, "t:", &timeout);
  35         argv += optind;
  36
  37         if (argv[0]) {
  38                 close(0);
  39                 close(1);
  40                 dup(xopen(argv[0], O_RDWR));
  41                 close(2);
  42                 dup(0);
  43         }
  44
  45         /* Malicious use like "sulogin /dev/sda"? */
  46         if (!isatty(0) || !isatty(1) || !isatty(2)) {
  47                 logmode = LOGMODE_SYSLOG;
  48                 bb_error_msg_and_die("not a tty");
  49         }
  50
  51         /* Clear dangerous stuff, set PATH */
  52         sanitize_env_if_suid();
  53
  54 // bb_ask() already handles this
  55 //      signal(SIGALRM, catchalarm);
  56
  57         pwd = getpwuid(0);
  58         if (!pwd) {
  59                 goto auth_error;
  60         }
  61
  62 #if ENABLE_FEATURE_SHADOWPASSWDS
  63         {
  64                 /* getspnam_r may return 0 yet set result to NULL.
  65                  * At least glibc 2.4 does this. Be extra paranoid here. */
  66                 struct spwd *result = NULL;
  67                 int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
  68                 if (r || !result) {
  69                         goto auth_error;
  70                 }
  71                 pwd->pw_passwd = result->sp_pwdp;
  72         }
  73 #endif
  74
  75         while (1) {
  76                 char *encrypted;
  77                 int r;
  78
  79                 /* cp points to a static buffer that is zeroed every time */
  80                 cp = bb_ask(STDIN_FILENO, timeout,
  81                                 "Give root password for system maintenance\n"
  82                                 "(or type Control-D for normal startup):");
  83
  84                 if (!cp || !*cp) {
  85                         bb_info_msg("Normal startup");
  86                         return 0;
  87                 }
  88                 encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
  89                 r = strcmp(encrypted, pwd->pw_passwd);
  90                 free(encrypted);
  91                 if (r == 0) {
  92                         break;
  93                 }
  94                 bb_do_delay(FAIL_DELAY);
  95                 bb_error_msg("login incorrect");
  96         }
  97         memset(cp, 0, strlen(cp));
  98 //      signal(SIGALRM, SIG_DFL);
  99
 100         bb_info_msg("System Maintenance Mode");
 101
 102         IF_SELINUX(renew_current_security_context());
 103
 104         shell = getenv("SUSHELL");
 105         if (!shell)
 106                 shell = getenv("sushell");
 107         if (!shell) {
 108                 shell = "/bin/sh";
 109                 if (pwd->pw_shell[0])
 110                         shell = pwd->pw_shell;
 111         }
 112         /* Exec login shell with no additional parameters. Never returns. */
 113         run_shell(shell, 1, NULL, NULL);
 114
 115  auth_error:
 116         bb_error_msg_and_die("no password entry for root");
 117 }