loginutils/sulogin.c

   1 /* vi: set sw=4 ts=4: */
   2 /*
   3  * Mini sulogin implementation for busybox
   4  *
   5  * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
   6  */
   7
   8 #include "libbb.h"
   9 #include <syslog.h>
  10
  11 //static void catchalarm(int ATTRIBUTE_UNUSED junk)
  12 //{
  13 //      exit(EXIT_FAILURE);
  14 //}
  15
  16
  17 int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  18 int sulogin_main(int argc, char **argv)
  19 {
  20         char *cp;
  21         int timeout = 0;
  22         char *timeout_arg;
  23         struct passwd *pwd;
  24         const char *shell;
  25 #if ENABLE_FEATURE_SHADOWPASSWDS
  26         /* Using _r function to avoid pulling in static buffers */
  27         char buffer[256];
  28         struct spwd spw;
  29 #endif
  30
  31         logmode = LOGMODE_BOTH;
  32         openlog(applet_name, 0, LOG_AUTH);
  33
  34         if (getopt32(argv, "t:", &timeout_arg)) {
  35                 timeout = xatoi_u(timeout_arg);
  36         }
  37
  38         if (argv[optind]) {
  39                 close(0);
  40                 close(1);
  41                 dup(xopen(argv[optind], O_RDWR));
  42                 close(2);
  43                 dup(0);
  44         }
  45
  46         if (!isatty(0) || !isatty(1) || !isatty(2)) {
  47                 logmode = LOGMODE_SYSLOG;
  48                 bb_error_msg_and_die("not a tty");
  49         }
  50
  51         /* Clear dangerous stuff, set PATH */
  52         sanitize_env_for_suid();
  53
  54 // bb_askpass() already handles this
  55 //      signal(SIGALRM, catchalarm);
  56
  57         pwd = getpwuid(0);
  58         if (!pwd) {
  59                 goto auth_error;
  60         }
  61
  62 #if ENABLE_FEATURE_SHADOWPASSWDS
  63         {
  64                 /* getspnam_r may return 0 yet set result to NULL.
  65                  * At least glibc 2.4 does this. Be extra paranoid here. */
  66                 struct spwd *result = NULL;
  67                 int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
  68                 if (r || !result) {
  69                         goto auth_error;
  70                 }
  71                 pwd->pw_passwd = result->sp_pwdp;
  72         }
  73 #endif
  74
  75         while (1) {
  76                 /* cp points to a static buffer that is zeroed every time */
  77                 cp = bb_askpass(timeout,
  78                                 "Give root password for system maintenance\n"
  79                                 "(or type Control-D for normal startup):");
  80
  81                 if (!cp || !*cp) {
  82                         bb_info_msg("Normal startup");
  83                         return 0;
  84                 }
  85                 if (strcmp(pw_encrypt(cp, pwd->pw_passwd), pwd->pw_passwd) == 0) {
  86                         break;
  87                 }
  88                 bb_do_delay(FAIL_DELAY);
  89                 bb_error_msg("login incorrect");
  90         }
  91         memset(cp, 0, strlen(cp));
  92 //      signal(SIGALRM, SIG_DFL);
  93
  94         bb_info_msg("System Maintenance Mode");
  95
  96         USE_SELINUX(renew_current_security_context());
  97
  98         shell = getenv("SUSHELL");
  99         if (!shell)
 100                 shell = getenv("sushell");
 101         if (!shell) {
 102                 shell = "/bin/sh";
 103                 if (pwd->pw_shell[0])
 104                         shell = pwd->pw_shell;
 105         }
 106         /* Exec login shell with no additional parameters. Never returns. */
 107         run_shell(shell, 1, NULL, NULL);
 108
 109  auth_error:
 110         bb_error_msg_and_die("no password entry for root");
 111 }