sulogin.c 2.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. /* vi: set sw=4 ts=4: */
  2. /*
  3. * Mini sulogin implementation for busybox
  4. *
  5. * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
  6. */
  7. #include "libbb.h"
  8. #include <syslog.h>
  9. //static void catchalarm(int UNUSED_PARAM junk)
  10. //{
  11. // exit(EXIT_FAILURE);
  12. //}
  13. int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  14. int sulogin_main(int argc UNUSED_PARAM, char **argv)
  15. {
  16. char *cp;
  17. int timeout = 0;
  18. struct passwd *pwd;
  19. const char *shell;
  20. #if ENABLE_FEATURE_SHADOWPASSWDS
  21. /* Using _r function to avoid pulling in static buffers */
  22. char buffer[256];
  23. struct spwd spw;
  24. #endif
  25. logmode = LOGMODE_BOTH;
  26. openlog(applet_name, 0, LOG_AUTH);
  27. opt_complementary = "t+"; /* -t N */
  28. getopt32(argv, "t:", &timeout);
  29. argv += optind;
  30. if (argv[0]) {
  31. close(0);
  32. close(1);
  33. dup(xopen(argv[0], O_RDWR));
  34. close(2);
  35. dup(0);
  36. }
  37. /* Malicious use like "sulogin /dev/sda"? */
  38. if (!isatty(0) || !isatty(1) || !isatty(2)) {
  39. logmode = LOGMODE_SYSLOG;
  40. bb_error_msg_and_die("not a tty");
  41. }
  42. /* Clear dangerous stuff, set PATH */
  43. sanitize_env_if_suid();
  44. // bb_ask() already handles this
  45. // signal(SIGALRM, catchalarm);
  46. pwd = getpwuid(0);
  47. if (!pwd) {
  48. goto auth_error;
  49. }
  50. #if ENABLE_FEATURE_SHADOWPASSWDS
  51. {
  52. /* getspnam_r may return 0 yet set result to NULL.
  53. * At least glibc 2.4 does this. Be extra paranoid here. */
  54. struct spwd *result = NULL;
  55. int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
  56. if (r || !result) {
  57. goto auth_error;
  58. }
  59. pwd->pw_passwd = result->sp_pwdp;
  60. }
  61. #endif
  62. while (1) {
  63. char *encrypted;
  64. int r;
  65. /* cp points to a static buffer that is zeroed every time */
  66. cp = bb_ask(STDIN_FILENO, timeout,
  67. "Give root password for system maintenance\n"
  68. "(or type Control-D for normal startup):");
  69. if (!cp || !*cp) {
  70. bb_info_msg("Normal startup");
  71. return 0;
  72. }
  73. encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
  74. r = strcmp(encrypted, pwd->pw_passwd);
  75. free(encrypted);
  76. if (r == 0) {
  77. break;
  78. }
  79. bb_do_delay(FAIL_DELAY);
  80. bb_error_msg("login incorrect");
  81. }
  82. memset(cp, 0, strlen(cp));
  83. // signal(SIGALRM, SIG_DFL);
  84. bb_info_msg("System Maintenance Mode");
  85. IF_SELINUX(renew_current_security_context());
  86. shell = getenv("SUSHELL");
  87. if (!shell)
  88. shell = getenv("sushell");
  89. if (!shell) {
  90. shell = "/bin/sh";
  91. if (pwd->pw_shell[0])
  92. shell = pwd->pw_shell;
  93. }
  94. /* Exec login shell with no additional parameters. Never returns. */
  95. run_shell(shell, 1, NULL, NULL);
  96. auth_error:
  97. bb_error_msg_and_die("no password entry for root");
  98. }