loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 /*
   3  * Mini sulogin implementation for busybox
   4  *
   5  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
   6  */
   7
   8 #include <syslog.h>
   9
  10 #include "busybox.h"
  11
  12 static const char * const forbid[] = {
  13         "ENV",
  14         "BASH_ENV",
  15         "HOME",
  16         "IFS",
  17         "PATH",
  18         "SHELL",
  19         "LD_LIBRARY_PATH",
  20         "LD_PRELOAD",
  21         "LD_TRACE_LOADED_OBJECTS",
  22         "LD_BIND_NOW",
  23         "LD_AOUT_LIBRARY_PATH",
  24         "LD_AOUT_PRELOAD",
  25         "LD_NOWARN",
  26         "LD_KEEPDIR",
  27         (char *) 0
  28 };
  29
  30
  31 static void catchalarm(int ATTRIBUTE_UNUSED junk)
  32 {
  33         exit(EXIT_FAILURE);
  34 }
  35
  36
  37 int sulogin_main(int argc, char **argv)
  38 {
  39         char *cp;
  40         int timeout = 0;
  41         char *timeout_arg;
  42         const char * const *p;
  43         struct passwd *pwd;
  44         struct spwd *spwd;
  45         const char *shell;
  46
  47         logmode = LOGMODE_BOTH;
  48         openlog(applet_name, 0, LOG_AUTH);
  49
  50         if (getopt32(argc, argv, "t:", &timeout_arg)) {
  51                 timeout = xatoi_u(timeout_arg);
  52         }
  53
  54         if (argv[optind]) {
  55                 close(0);
  56                 close(1);
  57                 dup(xopen(argv[optind], O_RDWR));
  58                 close(2);
  59                 dup(0);
  60         }
  61
  62         if (!isatty(0) || !isatty(1) || !isatty(2)) {
  63                 logmode = LOGMODE_SYSLOG;
  64                 bb_error_msg_and_die("not a tty");
  65         }
  66
  67         /* Clear out anything dangerous from the environment */
  68         for (p = forbid; *p; p++)
  69                 unsetenv(*p);
  70
  71         signal(SIGALRM, catchalarm);
  72
  73         pwd = getpwuid(0);
  74         if (!pwd) {
  75                 goto auth_error;
  76         }
  77
  78         if (ENABLE_FEATURE_SHADOWPASSWDS) {
  79                 spwd = getspnam(pwd->pw_name);
  80                 if (!spwd) {
  81                         goto auth_error;
  82                 }
  83                 pwd->pw_passwd = spwd->sp_pwdp;
  84         }
  85
  86         while (1) {
  87                 /* cp points to a static buffer that is zeroed every time */
  88                 cp = bb_askpass(timeout,
  89                                 "Give root password for system maintenance\n"
  90                                 "(or type Control-D for normal startup):");
  91
  92                 if (!cp || !*cp) {
  93                         bb_info_msg("Normal startup");
  94                         return 0;
  95                 }
  96                 if (strcmp(pw_encrypt(cp, pwd->pw_passwd), pwd->pw_passwd) == 0) {
  97                         break;
  98                 }
  99                 bb_do_delay(FAIL_DELAY);
 100                 bb_error_msg("login incorrect");
 101         }
 102         memset(cp, 0, strlen(cp));
 103         signal(SIGALRM, SIG_DFL);
 104
 105         bb_info_msg("System Maintenance Mode");
 106
 107         USE_SELINUX(renew_current_security_context());
 108
 109         shell = getenv("SUSHELL");
 110         if (!shell) shell = getenv("sushell");
 111         if (!shell) {
 112                 shell = "/bin/sh";
 113                 if (pwd->pw_shell[0])
 114                         shell = pwd->pw_shell;
 115         }
 116         run_shell(shell, 1, 0, 0);
 117         /* never returns */
 118
 119 auth_error:
 120         bb_error_msg_and_die("no password entry for 'root'");
 121 }