loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 /*
   3  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
   4  */
   5
   6 #include <fcntl.h>
   7 #include <signal.h>
   8 #include <stdio.h>
   9 #include <stdlib.h>
  10 #include <string.h>
  11 #include <syslog.h>
  12 #include <unistd.h>
  13 #include <utmp.h>
  14 #include <sys/resource.h>
  15 #include <sys/stat.h>
  16 #include <sys/types.h>
  17 #include <ctype.h>
  18 #include <time.h>
  19
  20 #include "busybox.h"
  21
  22
  23 #define SULOGIN_PROMPT "\nGive root password for system maintenance\n" \
  24         "(or type Control-D for normal startup):"
  25
  26 static const char * const forbid[] = {
  27         "ENV",
  28         "BASH_ENV",
  29         "HOME",
  30         "IFS",
  31         "PATH",
  32         "SHELL",
  33         "LD_LIBRARY_PATH",
  34         "LD_PRELOAD",
  35         "LD_TRACE_LOADED_OBJECTS",
  36         "LD_BIND_NOW",
  37         "LD_AOUT_LIBRARY_PATH",
  38         "LD_AOUT_PRELOAD",
  39         "LD_NOWARN",
  40         "LD_KEEPDIR",
  41         (char *) 0
  42 };
  43
  44
  45
  46 static void catchalarm(int ATTRIBUTE_UNUSED junk)
  47 {
  48         exit(EXIT_FAILURE);
  49 }
  50
  51
  52 int sulogin_main(int argc, char **argv)
  53 {
  54         char *cp;
  55         char *device = (char *) 0;
  56         const char *name = "root";
  57         int timeout = 0;
  58
  59 #define pass bb_common_bufsiz1
  60
  61         struct passwd pwent;
  62         struct passwd *pwd;
  63         const char * const *p;
  64 #if ENABLE_FEATURE_SHADOWPASSWDS
  65         struct spwd *spwd = NULL;
  66 #endif
  67
  68         openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
  69         if (argc > 1) {
  70                 if (strncmp(argv[1], "-t", 2) == 0) {
  71                         if (strcmp(argv[1], "-t") == 0) {
  72                                 if (argc > 2) {
  73                                         timeout = atoi(argv[2]);
  74                                         if (argc > 3) {
  75                                                 device = argv[3];
  76                                         }
  77                                 }
  78                         } else {
  79                                 if (argc > 2) {
  80                                         device = argv[2];
  81                                 }
  82                         }
  83                 } else {
  84                         device = argv[1];
  85                 }
  86                 if (device) {
  87                         close(0);
  88                         close(1);
  89                         close(2);
  90                         if (open(device, O_RDWR) >= 0) {
  91                                 dup(0);
  92                                 dup(0);
  93                         } else {
  94                                 syslog(LOG_WARNING, "cannot open %s\n", device);
  95                                 exit(EXIT_FAILURE);
  96                         }
  97                 }
  98         }
  99         if (access(bb_path_passwd_file, 0) == -1) {
 100                 syslog(LOG_WARNING, "No password file\n");
 101                 bb_error_msg_and_die("No password file\n");
 102         }
 103         if (!isatty(0) || !isatty(1) || !isatty(2)) {
 104                 exit(EXIT_FAILURE);
 105         }
 106
 107
 108         /* Clear out anything dangerous from the environment */
 109         for (p = forbid; *p; p++)
 110                 unsetenv(*p);
 111
 112
 113         signal(SIGALRM, catchalarm);
 114         if (!(pwd = getpwnam(name))) {
 115                 syslog(LOG_WARNING, "No password entry for `root'\n");
 116                 bb_error_msg_and_die("No password entry for `root'\n");
 117         }
 118         pwent = *pwd;
 119 #if ENABLE_FEATURE_SHADOWPASSWDS
 120         spwd = NULL;
 121         if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
 122                                 || (strcmp(pwd->pw_passwd, "*") == 0))) {
 123                 endspent();
 124                 spwd = getspnam(name);
 125                 if (spwd) {
 126                         pwent.pw_passwd = spwd->sp_pwdp;
 127                 }
 128         }
 129 #endif
 130         while (1) {
 131                 cp = bb_askpass(timeout, SULOGIN_PROMPT);
 132                 if (!cp || !*cp) {
 133                         puts("\n");
 134                         fflush(stdout);
 135                         syslog(LOG_INFO, "Normal startup\n");
 136                         exit(EXIT_SUCCESS);
 137                 } else {
 138                         safe_strncpy(pass, cp, sizeof(pass));
 139                         memset(cp, 0, strlen(cp));
 140                 }
 141                 if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
 142                         break;
 143                 }
 144                 bb_do_delay(FAIL_DELAY);
 145                 puts("Login incorrect");
 146                 fflush(stdout);
 147                 syslog(LOG_WARNING, "Incorrect root password\n");
 148         }
 149         memset(pass, 0, strlen(pass));
 150         signal(SIGALRM, SIG_DFL);
 151         puts("Entering System Maintenance Mode\n");
 152         fflush(stdout);
 153         syslog(LOG_INFO, "System Maintenance Mode\n");
 154
 155 #if ENABLE_SELINUX
 156         renew_current_security_context();
 157 #endif
 158
 159         run_shell(pwent.pw_shell, 1, 0, 0);
 160
 161         return (0);
 162 }