loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 /*
   3  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
   4  */
   5
   6 #include <fcntl.h>
   7 #include <signal.h>
   8 #include <stdio.h>
   9 #include <stdlib.h>
  10 #include <string.h>
  11 #include <syslog.h>
  12 #include <unistd.h>
  13 #include <utmp.h>
  14 #include <sys/resource.h>
  15 #include <sys/stat.h>
  16 #include <sys/types.h>
  17 #include <ctype.h>
  18 #include <time.h>
  19
  20 #include "busybox.h"
  21
  22
  23 #define SULOGIN_PROMPT "\nGive root password for system maintenance\n" \
  24         "(or type Control-D for normal startup):"
  25
  26 static const char * const forbid[] = {
  27         "ENV",
  28         "BASH_ENV",
  29         "HOME",
  30         "IFS",
  31         "PATH",
  32         "SHELL",
  33         "LD_LIBRARY_PATH",
  34         "LD_PRELOAD",
  35         "LD_TRACE_LOADED_OBJECTS",
  36         "LD_BIND_NOW",
  37         "LD_AOUT_LIBRARY_PATH",
  38         "LD_AOUT_PRELOAD",
  39         "LD_NOWARN",
  40         "LD_KEEPDIR",
  41         (char *) 0
  42 };
  43
  44
  45
  46 static void catchalarm(int ATTRIBUTE_UNUSED junk)
  47 {
  48         exit(EXIT_FAILURE);
  49 }
  50
  51
  52 int sulogin_main(int argc, char **argv)
  53 {
  54         char *cp;
  55         char *device = NULL;
  56         const char *name = "root";
  57         int timeout = 0;
  58
  59 #define pass bb_common_bufsiz1
  60
  61         struct passwd pwent;
  62         struct passwd *pwd;
  63         const char * const *p;
  64 #if ENABLE_FEATURE_SHADOWPASSWDS
  65         struct spwd *spwd = NULL;
  66 #endif
  67
  68         openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
  69         if (argc > 1) {
  70                 if (strncmp(argv[1], "-t", 2) == 0) {
  71                         if (argv[1][2] == '\0') { /* -t NN */
  72                                 if (argc > 2) {
  73                                         timeout = atoi(argv[2]);
  74                                         if (argc > 3) {
  75                                                 device = argv[3];
  76                                         }
  77                                 }
  78                         } else { /* -tNNN */
  79                                 timeout = atoi(&argv[1][2]);
  80                                 if (argc > 2) {
  81                                         device = argv[2];
  82                                 }
  83                         }
  84                 } else {
  85                         device = argv[1];
  86                 }
  87                 if (device) {
  88                         close(0);
  89                         close(1);
  90                         close(2);
  91                         if (open(device, O_RDWR) == 0) {
  92                                 dup(0);
  93                                 dup(0);
  94                         } else {
  95                                 syslog(LOG_WARNING, "cannot open %s\n", device);
  96                                 exit(EXIT_FAILURE);
  97                         }
  98                 }
  99         }
 100         if (access(bb_path_passwd_file, 0) == -1) {
 101                 syslog(LOG_WARNING, "No password file\n");
 102                 bb_error_msg_and_die("No password file\n");
 103         }
 104         if (!isatty(0) || !isatty(1) || !isatty(2)) {
 105                 exit(EXIT_FAILURE);
 106         }
 107
 108
 109         /* Clear out anything dangerous from the environment */
 110         for (p = forbid; *p; p++)
 111                 unsetenv(*p);
 112
 113
 114         signal(SIGALRM, catchalarm);
 115         if (!(pwd = getpwnam(name))) {
 116                 syslog(LOG_WARNING, "No password entry for `root'\n");
 117                 bb_error_msg_and_die("No password entry for `root'\n");
 118         }
 119         pwent = *pwd;
 120 #if ENABLE_FEATURE_SHADOWPASSWDS
 121         spwd = NULL;
 122         if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
 123                                 || (strcmp(pwd->pw_passwd, "*") == 0))) {
 124                 endspent();
 125                 spwd = getspnam(name);
 126                 if (spwd) {
 127                         pwent.pw_passwd = spwd->sp_pwdp;
 128                 }
 129         }
 130 #endif
 131         while (1) {
 132                 cp = bb_askpass(timeout, SULOGIN_PROMPT);
 133                 if (!cp || !*cp) {
 134                         puts("\n");
 135                         fflush(stdout);
 136                         syslog(LOG_INFO, "Normal startup\n");
 137                         exit(EXIT_SUCCESS);
 138                 } else {
 139                         safe_strncpy(pass, cp, sizeof(pass));
 140                         memset(cp, 0, strlen(cp));
 141                 }
 142                 if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
 143                         break;
 144                 }
 145                 bb_do_delay(FAIL_DELAY);
 146                 puts("Login incorrect");
 147                 fflush(stdout);
 148                 syslog(LOG_WARNING, "Incorrect root password\n");
 149         }
 150         memset(pass, 0, strlen(pass));
 151         signal(SIGALRM, SIG_DFL);
 152         puts("Entering System Maintenance Mode\n");
 153         fflush(stdout);
 154         syslog(LOG_INFO, "System Maintenance Mode\n");
 155
 156 #if ENABLE_SELINUX
 157         renew_current_security_context();
 158 #endif
 159
 160         run_shell(pwent.pw_shell, 1, 0, 0);
 161
 162         return (0);
 163 }