Move dovoid() macro from #ifdef__GLIBC__ to #ifdef __linux__, to match the condutions...
[sysvinit.git] / src / sulogin.c
CommitLineData
a74aeac6
PR
1/*
2 * sulogin This program gives Linux machines a reasonable
3 * secure way to boot single user. It forces the
4 * user to supply the root password before a
5 * shell is started.
6 *
7 * If there is a shadow password file and the
8 * encrypted root password is "x" the shadow
9 * password will be used.
10 *
11 * Version: @(#)sulogin 2.85-3 23-Apr-2003 miquels@cistron.nl
12 *
13 * Copyright (C) 1998-2003 Miquel van Smoorenburg.
14 *
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation; either version 2 of the License, or
18 * (at your option) any later version.
19 *
20 * This program is distributed in the hope that it will be useful,
21 * but WITHOUT ANY WARRANTY; without even the implied warranty of
22 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
23 * GNU General Public License for more details.
24 *
25 * You should have received a copy of the GNU General Public License
26 * along with this program; if not, write to the Free Software
27 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
28 *
29 */
30
35ec6446 31#include <sys/mman.h>
a74aeac6
PR
32#include <sys/types.h>
33#include <sys/stat.h>
35ec6446 34#include <sys/wait.h>
a74aeac6
PR
35#include <stdio.h>
36#include <string.h>
37#include <stdlib.h>
38#include <unistd.h>
39#include <fcntl.h>
40#include <signal.h>
41#include <pwd.h>
42#include <shadow.h>
43#include <termios.h>
c5b4c135 44#include <sys/ttydefaults.h>
a74aeac6
PR
45#include <errno.h>
46#include <sys/ioctl.h>
47#if defined(__GLIBC__)
48# include <crypt.h>
49#endif
35ec6446
DWF
50#ifdef __linux__
51# include <sys/statfs.h>
52# include <sys/mount.h>
53# include <linux/fs.h>
54# include <linux/magic.h>
55# include <linux/major.h>
56# ifndef TMPFS_MAGIC
57# define TMPFS_MAGIC 0x01021994
58# endif
59# ifndef MNT_DETACH
60# define MNT_DETACH 2
61# endif
f12c0737 62# define dovoid(f) if ((f)){}
35ec6446
DWF
63#endif
64
65#define BS CTRL('h')
66#define NL CTRL('j')
67#define CR CTRL('m')
a74aeac6
PR
68
69#ifdef WITH_SELINUX
70# include <selinux/selinux.h>
71# include <selinux/get_context_list.h>
72#endif
73
35ec6446
DWF
74#include "consoles.h"
75#define CONMAX 16
76
a74aeac6
PR
77#define CHECK_DES 1
78#define CHECK_MD5 1
79
80#define F_PASSWD "/etc/passwd"
81#define F_SHADOW "/etc/shadow"
82#define BINSH "/bin/sh"
83#define STATICSH "/bin/sash"
84
85char *Version = "@(#)sulogin 2.85-3 23-Apr-2003 miquels@cistron.nl";
86
c5b4c135
DWF
87static int timeout;
88static int profile;
35ec6446
DWF
89static volatile uint32_t openfd; /* Remember higher file descriptors */
90static volatile uint32_t *usemask;
c5b4c135 91
35ec6446
DWF
92static sighandler_t saved_sigint = SIG_DFL;
93static sighandler_t saved_sigtstp = SIG_DFL;
94static sighandler_t saved_sigquit = SIG_DFL;
95static sighandler_t saved_sighup = SIG_DFL;
a74aeac6 96
82111852 97static volatile sig_atomic_t alarm_rised;
35ec6446 98static volatile sig_atomic_t sigchild;
82111852 99
a74aeac6
PR
100#ifndef IUCLC
101# define IUCLC 0
102#endif
103
a74aeac6
PR
104/*
105 * Fix the tty modes and set reasonable defaults.
a74aeac6 106 */
c5b4c135 107static
35ec6446 108void tcinit(struct console *con)
a74aeac6 109{
35ec6446
DWF
110 int serial, flags;
111 struct termios *tio = &con->tio;
112 int fd = con->fd;
c5b4c135 113
c5b4c135
DWF
114 /* Expected error */
115 serial = errno = 0;
a74aeac6 116
35ec6446
DWF
117 /* Get line attributes */
118 if (tcgetattr(fd, tio) < 0) {
119 con->flags |= CON_NOTTY;
120 return;
121 }
122
123 /* Handle serial lines here */
124 if (ioctl (fd, TIOCMGET, (char*)&serial) == 0) {
125 speed_t ispeed, ospeed;
126 struct winsize ws;
127
128 /* this is a modem line */
129 con->flags |= CON_SERIAL;
130
131 /* Flush input and output queues on modem lines */
132 (void) tcflush(fd, TCIOFLUSH);
133
134 ispeed = cfgetispeed(tio);
135 ospeed = cfgetospeed(tio);
136
137 if (!ispeed) ispeed = TTYDEF_SPEED;
138 if (!ospeed) ospeed = TTYDEF_SPEED;
a74aeac6 139
35ec6446
DWF
140 tio->c_iflag = tio->c_lflag = tio->c_oflag = 0;
141 tio->c_cflag = CREAD | CS8 | HUPCL | (tio->c_cflag & CLOCAL);
142
143 cfsetispeed(tio, ispeed);
144 cfsetospeed(tio, ospeed);
145
146 tio->c_line = 0;
147 tio->c_cc[VTIME] = 0;
148 tio->c_cc[VMIN] = 1;
149
150 if (ioctl(fd, TIOCGWINSZ, &ws) == 0) {
151 int set = 0;
152 if (ws.ws_row == 0) {
153 ws.ws_row = 24;
154 set++;
155 }
156 if (ws.ws_col == 0) {
157 ws.ws_col = 80;
158 set++;
159 }
160 (void)ioctl(fd, TIOCSWINSZ, &ws);
161 }
162
163 goto setattr;
164 }
165#if defined(SANE_TIO) && (SANE_TIO == 1)
166 /*
167 * Use defaults of <sys/ttydefaults.h> for base settings
168 * of a local terminal line like a virtual console.
169 */
170 tio->c_iflag |= TTYDEF_IFLAG;
171 tio->c_oflag |= TTYDEF_OFLAG;
172 tio->c_lflag |= TTYDEF_LFLAG;
173# ifdef CBAUD
174 tio->c_lflag &= ~CBAUD;
175# endif
176 tio->c_cflag |= (B38400 | TTYDEF_CFLAG);
a74aeac6 177
c5b4c135
DWF
178 /* Sane setting, allow eight bit characters, no carriage return delay
179 * the same result as `stty sane cr0 pass8'
180 */
35ec6446
DWF
181 tio->c_iflag |= (BRKINT | ICRNL | IMAXBEL);
182 tio->c_iflag &= ~(IGNBRK | INLCR | IGNCR | IXOFF | IUCLC | IXANY | INPCK | ISTRIP);
183 tio->c_oflag |= (OPOST | ONLCR | NL0 | CR0 | TAB0 | BS0 | VT0 | FF0);
184 tio->c_oflag &= ~(OLCUC | OCRNL | ONOCR | ONLRET | OFILL | OFDEL |\
c5b4c135 185 NLDLY|CRDLY|TABDLY|BSDLY|VTDLY|FFDLY);
35ec6446
DWF
186 tio->c_lflag |= (ISIG | ICANON | IEXTEN | ECHO|ECHOE|ECHOK|ECHOKE);
187 tio->c_lflag &= ~(ECHONL|ECHOCTL|ECHOPRT | NOFLSH | XCASE | TOSTOP);
188 tio->c_cflag |= (CREAD | CS8 | HUPCL);
189 tio->c_cflag &= ~(PARODD | PARENB);
c5b4c135 190
35ec6446
DWF
191 /*
192 * VTIME and VMIN can overlap with VEOF and VEOL since they are
c5b4c135
DWF
193 * only used for non-canonical mode. We just set the at the
194 * beginning, so nothing bad should happen.
a74aeac6 195 */
35ec6446
DWF
196 tio->c_cc[VTIME] = 0;
197 tio->c_cc[VMIN] = CMIN;
198 tio->c_cc[VINTR] = CINTR;
199 tio->c_cc[VQUIT] = CQUIT;
200 tio->c_cc[VERASE] = CERASE; /* ASCII DEL (0177) */
201 tio->c_cc[VKILL] = CKILL;
202 tio->c_cc[VEOF] = CEOF;
203# ifdef VSWTC
204 tio->c_cc[VSWTC] = _POSIX_VDISABLE;
205# else
206 tio->c_cc[VSWTCH] = _POSIX_VDISABLE;
207# endif
208 tio->c_cc[VSTART] = CSTART;
209 tio->c_cc[VSTOP] = CSTOP;
210 tio->c_cc[VSUSP] = CSUSP;
211 tio->c_cc[VEOL] = _POSIX_VDISABLE;
212 tio->c_cc[VREPRINT] = CREPRINT;
213 tio->c_cc[VDISCARD] = CDISCARD;
214 tio->c_cc[VWERASE] = CWERASE;
215 tio->c_cc[VLNEXT] = CLNEXT;
216 tio->c_cc[VEOL2] = _POSIX_VDISABLE;
217#endif
218setattr:
219 /* Set line attributes */
220 tcsetattr(fd, TCSANOW, tio);
221
222 /* Enable blocking mode for read and write */
223 if ((flags = fcntl(fd, F_GETFL, 0)) != -1)
224 (void)fcntl(fd, F_SETFL, flags & ~O_NONBLOCK);
a74aeac6 225}
35ec6446
DWF
226
227
228/*
229 * Finalize the tty modes on modem lines.
230 */
231static
232void tcfinal(struct console *con)
233{
234 int serial;
235 struct termios *tio = &con->tio;
236 int fd = con->fd;
237
238 /* Expected error */
239 serial = errno = 0;
240
241 if ((con->flags & CON_SERIAL) == 0) {
242#ifdef __linux__
243 setenv("TERM", "linux", 1);
244#else
245 setenv("TERM", "vt100", 1);
a74aeac6 246#endif
35ec6446
DWF
247 return;
248 }
249 if (con->flags & CON_NOTTY)
250 return;
251 setenv("TERM", "vt100", 1);
252
253 tio->c_iflag |= (IXON | IXOFF);
254 tio->c_lflag |= (ICANON | ISIG | ECHO|ECHOE|ECHOK|ECHOKE);
255 tio->c_oflag |= OPOST;
256
257 tio->c_cc[VINTR] = CINTR;
258 tio->c_cc[VQUIT] = CQUIT;
259 tio->c_cc[VERASE] = con->cp.erase;
260 tio->c_cc[VKILL] = con->cp.kill;
261 tio->c_cc[VEOF] = CEOF;
262#ifdef VSWTC
263 tio->c_cc[VSWTC] = _POSIX_VDISABLE;
264#else
265 tio->c_cc[VSWTCH] = _POSIX_VDISABLE;
266#endif
267 tio->c_cc[VSTART] = CSTART;
268 tio->c_cc[VSTOP] = CSTOP;
269 tio->c_cc[VSUSP] = CSUSP;
270 tio->c_cc[VEOL] = _POSIX_VDISABLE;
271
272 if (con->cp.eol == CR) {
273 tio->c_iflag |= ICRNL;
274 tio->c_iflag &= ~(INLCR|IGNCR);
275 tio->c_oflag |= ONLCR;
276 tio->c_oflag &= ~(OCRNL|ONLRET);
277 }
a74aeac6 278
35ec6446
DWF
279 switch (con->cp.parity) {
280 default:
281 case 0:
282 tio->c_cflag &= ~(PARODD | PARENB);
283 tio->c_iflag &= ~(INPCK | ISTRIP);
284 break;
285 case 1: /* odd parity */
286 tio->c_cflag |= PARODD;
287 /* fall through */
288 case 2: /* even parity */
289 tio->c_cflag |= PARENB;
290 tio->c_iflag |= (INPCK | ISTRIP);
291 /* fall through */
292 case (1 | 2): /* no parity bit */
293 tio->c_cflag &= ~CSIZE;
294 tio->c_cflag |= CS7;
295 break;
296 }
297
298 /* Set line attributes */
299 (void)tcsetattr(fd, TCSANOW, tio);
300}
a74aeac6
PR
301
302/*
303 * Called at timeout.
304 */
c5b4c135
DWF
305static
306# ifdef __GNUC__
35ec6446 307__attribute__((__noinline__))
c5b4c135
DWF
308void alrm_handler(int sig __attribute__((unused)))
309# else
310void alrm_handler(int sig)
311# endif
a74aeac6 312{
82111852 313 alarm_rised++;
35ec6446 314}
82111852 315
35ec6446
DWF
316/*
317 * Called at timeout.
318 */
319static
320# ifdef __GNUC__
321__attribute__((__noinline__))
322void chld_handler(int sig __attribute__((unused)))
323# else
324void chld_handler(int sig)
325# endif
326{
327 sigchild++;
a74aeac6
PR
328}
329
330/*
331 * See if an encrypted password is valid. The encrypted
332 * password is checked for traditional-style DES and
333 * FreeBSD-style MD5 encryption.
334 */
c5b4c135 335static
22786b24 336int valid(const char *pass)
a74aeac6 337{
22786b24
DWF
338 const char *s;
339 char id[5];
340 size_t len;
341 off_t off;
a74aeac6
PR
342
343 if (pass[0] == 0) return 1;
344#if CHECK_MD5
22786b24
DWF
345 if (pass[0] != '$') goto check_des;
346
347 /*
348 * up to 4 bytes for the signature e.g. $1$
349 */
350 for(s = pass+1; *s && *s != '$'; s++)
351 ;
352 if (*s++ != '$') return 0;
353 if ((off = (off_t)(s-pass)) > 4 || off < 3) return 0;
354
355 memset(id, '\0', sizeof(id));
356 strncpy(id, pass, off);
357
358 /*
359 * up to 16 bytes for the salt
360 */
361 for(; *s && *s != '$'; s++)
362 ;
363 if (*s++ != '$') return 0;
364 if ((off_t)(s-pass) > 16) return 0;
365 len = strlen(s);
366
a74aeac6 367 /*
a74aeac6
PR
368 * the MD5 hash (128 bits or 16 bytes) encoded in base64 = 22 bytes
369 */
22786b24
DWF
370 if ((strcmp(id, "$1$") == 0) && (len < 22 || len > 24)) return 0;
371
372 /*
373 * the SHA-256 hash 43 bytes
374 */
375 if ((strcmp(id, "$5$") == 0) && (len < 42 || len > 44)) return 0;
376
377 /*
378 * the SHA-512 hash 86 bytes
379 */
380 if ((strcmp(id, "$6$") == 0) && (len < 85 || len > 87)) return 0;
381
382 /*
383 * e.g. Blowfish hash
384 */
385 return 1;
386check_des:
a74aeac6
PR
387#endif
388#if CHECK_DES
389 if (strlen(pass) != 13) return 0;
390 for (s = pass; *s; s++) {
391 if ((*s < '0' || *s > '9') &&
392 (*s < 'a' || *s > 'z') &&
393 (*s < 'A' || *s > 'Z') &&
394 *s != '.' && *s != '/') return 0;
395 }
396#endif
397 return 1;
398}
399
400/*
401 * Set a variable if the value is not NULL.
402 */
c5b4c135 403static
a74aeac6
PR
404void set(char **var, char *val)
405{
406 if (val) *var = val;
407}
408
409/*
410 * Get the root password entry.
411 */
c5b4c135 412static
a74aeac6
PR
413struct passwd *getrootpwent(int try_manually)
414{
415 static struct passwd pwd;
416 struct passwd *pw;
417 struct spwd *spw;
418 FILE *fp;
419 static char line[256];
420 static char sline[256];
421 char *p;
422
423 /*
424 * First, we try to get the password the standard
425 * way using normal library calls.
426 */
427 if ((pw = getpwnam("root")) &&
428 !strcmp(pw->pw_passwd, "x") &&
429 (spw = getspnam("root")))
430 pw->pw_passwd = spw->sp_pwdp;
431 if (pw || !try_manually) return pw;
432
433 /*
434 * If we come here, we could not retrieve the root
435 * password through library calls and we try to
436 * read the password and shadow files manually.
437 */
438 pwd.pw_name = "root";
439 pwd.pw_passwd = "";
440 pwd.pw_gecos = "Super User";
441 pwd.pw_dir = "/";
442 pwd.pw_shell = "";
443 pwd.pw_uid = 0;
444 pwd.pw_gid = 0;
445
446 if ((fp = fopen(F_PASSWD, "r")) == NULL) {
447 perror(F_PASSWD);
448 return &pwd;
449 }
450
451 /*
452 * Find root in the password file.
453 */
454 while((p = fgets(line, 256, fp)) != NULL) {
455 if (strncmp(line, "root:", 5) != 0)
456 continue;
457 p += 5;
458 set(&pwd.pw_passwd, strsep(&p, ":"));
459 (void)strsep(&p, ":");
460 (void)strsep(&p, ":");
461 set(&pwd.pw_gecos, strsep(&p, ":"));
462 set(&pwd.pw_dir, strsep(&p, ":"));
463 set(&pwd.pw_shell, strsep(&p, "\n"));
464 p = line;
465 break;
466 }
467 fclose(fp);
468
469 /*
470 * If the encrypted password is valid
471 * or not found, return.
472 */
473 if (p == NULL) {
35ec6446 474 fprintf(stderr, "sulogin: %s: no entry for root\n\r", F_PASSWD);
a74aeac6
PR
475 return &pwd;
476 }
477 if (valid(pwd.pw_passwd)) return &pwd;
478
479 /*
480 * The password is invalid. If there is a
481 * shadow password, try it.
482 */
483 strcpy(pwd.pw_passwd, "");
484 if ((fp = fopen(F_SHADOW, "r")) == NULL) {
35ec6446 485 fprintf(stderr, "sulogin: %s: root password garbled\n\r", F_PASSWD);
a74aeac6
PR
486 return &pwd;
487 }
488 while((p = fgets(sline, 256, fp)) != NULL) {
489 if (strncmp(sline, "root:", 5) != 0)
490 continue;
491 p += 5;
492 set(&pwd.pw_passwd, strsep(&p, ":"));
493 break;
494 }
495 fclose(fp);
496
497 /*
498 * If the password is still invalid,
499 * NULL it, and return.
500 */
501 if (p == NULL) {
35ec6446 502 fprintf(stderr, "sulogin: %s: no entry for root\n\r", F_SHADOW);
a74aeac6
PR
503 strcpy(pwd.pw_passwd, "");
504 }
505 if (!valid(pwd.pw_passwd)) {
35ec6446 506 fprintf(stderr, "sulogin: %s: root password garbled\n\r", F_SHADOW);
a74aeac6
PR
507 strcpy(pwd.pw_passwd, ""); }
508 return &pwd;
509}
510
511/*
35ec6446 512 * Ask by prompt for the password.
a74aeac6 513 */
c5b4c135 514static
35ec6446 515void doprompt(const char *crypted, struct console *con)
a74aeac6 516{
35ec6446
DWF
517 struct termios tty;
518
519 if (con->flags & CON_SERIAL) {
520 tty = con->tio;
521 /*
522 * For prompting: map NL in output to CR-NL
523 * otherwise we may see stairs in the output.
524 */
525 tty.c_oflag |= (ONLCR | OPOST);
526 (void) tcsetattr(con->fd, TCSADRAIN, &tty);
527 }
528 if (con->file == (FILE*)0) {
529 if ((con->file = fdopen(con->fd, "r+")) == (FILE*)0)
530 goto err;
531 }
ad6831b9
DWF
532#if defined(USE_ONELINE)
533 if (crypted[0])
35ec6446 534 fprintf(con->file, "Give root password for login: ");
ad6831b9 535 else
35ec6446 536 fprintf(con->file, "Press enter for login: ");
ad6831b9
DWF
537#else
538 if (crypted[0])
35ec6446 539 fprintf(con->file, "Give root password for maintenance\n\r");
ad6831b9 540 else
35ec6446
DWF
541 fprintf(con->file, "Press enter for maintenance");
542 fprintf(con->file, "(or type Control-D to continue): ");
ad6831b9 543#endif
35ec6446
DWF
544 fflush(con->file);
545err:
546 if (con->flags & CON_SERIAL)
547 (void) tcsetattr(con->fd, TCSADRAIN, &con->tio);
548}
a74aeac6 549
35ec6446
DWF
550/*
551 * Make sure to have an own session and controlling terminal
552 */
553static
554void setup(struct console *con)
555{
556 pid_t pid, pgrp, ppgrp, ttypgrp;
557 int fd;
a74aeac6 558
35ec6446
DWF
559 if (con->flags & CON_NOTTY)
560 return;
561 fd = con->fd;
562
563 /*
564 * Only go through this trouble if the new
565 * tty doesn't fall in this process group.
566 */
567 pid = getpid();
568 pgrp = getpgid(0);
569 ppgrp = getpgid(getppid());
570 ttypgrp = tcgetpgrp(fd);
571
572 if (pgrp != ttypgrp && ppgrp != ttypgrp) {
573 if (pid != getsid(0)) {
574 if (pid == getpgid(0))
575 setpgid(0, getpgid(getppid()));
576 setsid();
577 }
578
579 signal(SIGHUP, SIG_IGN);
580 if (ttypgrp > 0)
581 ioctl(0, TIOCNOTTY, (char *)1);
582 signal(SIGHUP, saved_sighup);
583 if (fd > 0) close(0);
584 if (fd > 1) close(1);
585 if (fd > 2) close(2);
586
587 ioctl(fd, TIOCSCTTY, (char *)1);
588 tcsetpgrp(fd, ppgrp);
589 }
590 dup2(fd, 0);
591 dup2(fd, 1);
592 dup2(fd, 2);
593 con->fd = 0;
594
595 for (fd = 3; fd < 32; fd++) {
596 if (openfd & (1<<fd)) {
597 close(fd);
598 openfd &= ~(1<<fd);
599 }
600 }
601}
602
603/*
604 * Fetch the password. Note that there is no
605 * default timeout as we normally skip this during boot.
606 */
607static
608char *getpasswd(struct console *con)
609{
610 static char pass[128], *ptr;
611 struct sigaction sa;
612 struct chardata *cp;
613 struct termios tty;
614 char *ret = pass;
615 unsigned char tc;
d32c9251 616 char c, ascval;
35ec6446 617 int eightbit;
d32c9251 618 int fd;
35ec6446
DWF
619
620 if (con->flags & CON_NOTTY)
621 goto out;
622 fd = con->fd;
623 cp = &con->cp;
624
625 tty = con->tio;
626 tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
627 tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP|ISIG);
628 tc = (tcsetattr(fd, TCSAFLUSH, &tty) == 0);
a74aeac6
PR
629
630 sa.sa_handler = alrm_handler;
631 sa.sa_flags = 0;
632 sigaction(SIGALRM, &sa, NULL);
633 if (timeout) alarm(timeout);
634
35ec6446
DWF
635 ptr = &pass[0];
636 cp->eol = *ptr = '\0';
637
638 eightbit = ((con->flags & CON_SERIAL) == 0 || (tty.c_cflag & (PARODD|PARENB)) == 0);
e114010a 639 while (cp->eol == '\0') {
35ec6446
DWF
640 if (read(fd, &c, 1) < 1) {
641 if (errno == EINTR || errno == EAGAIN) {
642 usleep(1000);
643 continue;
644 }
645 ret = (char*)0;
646 switch (errno) {
647 case 0:
648 case EIO:
649 case ESRCH:
650 case EINVAL:
651 case ENOENT:
652 break;
653 default:
654 fprintf(stderr, "sulogin: read(%s): %m\n\r", con->tty);
a74aeac6
PR
655 break;
656 }
35ec6446
DWF
657 goto quit;
658 }
659
660 if (eightbit)
661 ascval = c;
662 else if (c != (ascval = (c & 0177))) {
663 uint32_t bits, mask;
664 for (bits = 1, mask = 1; mask & 0177; mask <<= 1) {
665 if (mask & ascval)
666 bits++;
667 }
668 cp->parity |= ((bits & 1) ? 1 : 2);
669 }
670
671 switch (ascval) {
e114010a
DWF
672 case 0:
673 *ptr = '\0';
674 goto quit;
35ec6446
DWF
675 case CR:
676 case NL:
677 *ptr = '\0';
678 cp->eol = ascval;
679 break;
680 case BS:
681 case CERASE:
682 cp->erase = ascval;
683 if (ptr > &pass[0])
684 ptr--;
685 break;
686 case CKILL:
687 cp->kill = ascval;
688 while (ptr > &pass[0])
689 ptr--;
690 break;
691 case CEOF:
692 goto quit;
693 default:
694 if ((size_t)(ptr - &pass[0]) >= (sizeof(pass) -1 )) {
695 fprintf(stderr, "sulogin: input overrun at %s\n\r", con->tty);
696 ret = (char*)0;
697 goto quit;
698 }
699 *ptr++ = ascval;
700 break;
701 }
a74aeac6 702 }
35ec6446 703quit:
a74aeac6 704 alarm(0);
35ec6446
DWF
705 if (tc)
706 (void)tcsetattr(fd, TCSAFLUSH, &con->tio);
707 if (ret && *ret != '\0')
708 tcfinal(con);
709 printf("\r\n");
710out:
a74aeac6
PR
711 return ret;
712}
713
714/*
715 * Password was OK, execute a shell.
716 */
c5b4c135 717static
a74aeac6
PR
718void sushell(struct passwd *pwd)
719{
720 char shell[128];
721 char home[128];
722 char *p;
723 char *sushell;
724
725 /*
726 * Set directory and shell.
727 */
35ec6446
DWF
728 if (chdir(pwd->pw_dir) < 0) {
729 if (chdir("/") < 0)
730 fprintf(stderr, "sulogin: change of working directory failed: %m\n\r");
731 }
a74aeac6
PR
732 if ((p = getenv("SUSHELL")) != NULL)
733 sushell = p;
734 else if ((p = getenv("sushell")) != NULL)
735 sushell = p;
736 else {
737 if (pwd->pw_shell[0])
738 sushell = pwd->pw_shell;
739 else
740 sushell = BINSH;
741 }
742 if ((p = strrchr(sushell, '/')) == NULL)
743 p = sushell;
744 else
745 p++;
746 snprintf(shell, sizeof(shell), profile ? "-%s" : "%s", p);
747
748 /*
749 * Set some important environment variables.
750 */
35ec6446
DWF
751 if (getcwd(home, sizeof(home)) == (char*)0)
752 strcpy(home, "/");
a74aeac6
PR
753 setenv("HOME", home, 1);
754 setenv("LOGNAME", "root", 1);
755 setenv("USER", "root", 1);
756 if (!profile)
757 setenv("SHLVL","0",1);
758
759 /*
760 * Try to execute a shell.
761 */
762 setenv("SHELL", sushell, 1);
c5b4c135
DWF
763 signal(SIGINT, saved_sigint);
764 signal(SIGTSTP, saved_sigtstp);
765 signal(SIGQUIT, saved_sigquit);
35ec6446 766 signal(SIGHUP, SIG_DFL);
a74aeac6 767#ifdef WITH_SELINUX
9af2d863 768 if (is_selinux_enabled() > 0) {
35ec6446
DWF
769 security_context_t scon=NULL;
770 char *seuser=NULL;
771 char *level=NULL;
772 if (getseuserbyname("root", &seuser, &level) == 0)
773 if (get_default_context_with_level(seuser, level, 0, &scon) == 0) {
774 if (setexeccon(scon) != 0)
775 fprintf(stderr, "sulogin: setexeccon failed\n\r");
776 freecon(scon);
777 }
a74aeac6
PR
778 free(seuser);
779 free(level);
780 }
781#endif
782 execl(sushell, shell, NULL);
783 perror(sushell);
784
785 setenv("SHELL", BINSH, 1);
786 execl(BINSH, profile ? "-sh" : "sh", NULL);
787 perror(BINSH);
788
789 /* Fall back to staticly linked shell if both the users shell
790 and /bin/sh failed to execute. */
791 setenv("SHELL", STATICSH, 1);
792 execl(STATICSH, STATICSH, NULL);
793 perror(STATICSH);
794}
795
35ec6446
DWF
796#ifdef __linux__
797/*
798 * Make C library standard calls like ttyname(3) work.
799 */
800static uint32_t mounts;
801#define MNT_PROCFS 0x0001
802#define MNT_DEVTMPFS 0x0002
803
804static __attribute__((__noinline__))
805void putmounts(void)
806{
807 if (mounts & MNT_DEVTMPFS)
808 umount2("/dev", MNT_DETACH);
809 if (mounts & MNT_PROCFS)
810 umount2("/proc", MNT_DETACH);
811}
812
813static __attribute__((__constructor__))
814void getmounts(void)
815{
816 struct statfs st;
817 if (statfs("/proc", &st) == 0 && st.f_type != PROC_SUPER_MAGIC) {
818 if (mount("proc", "/proc", "proc", MS_RELATIME, NULL) == 0)
819 mounts |= MNT_PROCFS;
820 }
821 if (statfs("/dev", &st) == 0 && st.f_type != TMPFS_MAGIC) {
822 if (mount("devtmpfs", "/dev", "devtmpfs", MS_RELATIME, "mode=0755,nr_inodes=0") == 0) {
823 mounts |= MNT_DEVTMPFS;
824 (void)mknod("/dev/console", S_IFCHR|S_IRUSR|S_IWUSR, makedev(TTYAUX_MAJOR, 1));
825 if (symlink("/proc/self/fd", "/dev/fd") == 0) {
826 dovoid(symlink("fd/0", "/dev/stdin"));
827 dovoid(symlink("fd/1", "/dev/stdout"));
828 dovoid(symlink("fd/2", "/dev/stderr"));
829 }
830 }
831 }
832 if (mounts) atexit(putmounts);
833}
834#endif
835
c5b4c135 836static
a74aeac6
PR
837void usage(void)
838{
35ec6446 839 fprintf(stderr, "Usage: sulogin [-e] [-p] [-t timeout] [tty device]\n\r");
a74aeac6
PR
840}
841
842int main(int argc, char **argv)
843{
844 char *tty = NULL;
a74aeac6 845 struct passwd *pwd;
35ec6446 846 int c, status = 0;
05f2c1ad 847 int reconnect = 0;
a74aeac6 848 int opt_e = 0;
35ec6446
DWF
849 struct console *con;
850 pid_t pid;
851
852 /*
853 * We are init. We hence need to set uo a session.
854 */
855 if ((pid = getpid()) == 1) {
856 setsid();
857 (void)ioctl(0, TIOCSCTTY, (char *)1);
858 }
a74aeac6
PR
859
860 /*
05f2c1ad 861 * See if we have a timeout flag.
a74aeac6
PR
862 */
863 opterr = 0;
864 while((c = getopt(argc, argv, "ept:")) != EOF) switch(c) {
865 case 't':
866 timeout = atoi(optarg);
867 break;
868 case 'p':
869 profile = 1;
870 break;
871 case 'e':
872 opt_e = 1;
873 break;
874 default:
875 usage();
876 /* Do not exit! */
877 break;
878 }
879
880 if (geteuid() != 0) {
35ec6446 881 fprintf(stderr, "sulogin: only root can run sulogin.\n\r");
a74aeac6
PR
882 exit(1);
883 }
884
c5b4c135 885 saved_sigint = signal(SIGINT, SIG_IGN);
82111852
DWF
886 saved_sigquit = signal(SIGQUIT, SIG_IGN);
887 saved_sigtstp = signal(SIGTSTP, SIG_IGN);
35ec6446 888 saved_sighup = signal(SIGHUP, SIG_IGN);
c5b4c135 889
35ec6446 890 /*
05f2c1ad 891 * See if we need to open an other tty device.
35ec6446
DWF
892 */
893 if (optind < argc)
894 tty = argv[optind];
895 if (!tty || *tty == '\0')
896 tty = getenv("CONSOLE");
a74aeac6 897
35ec6446 898 /*
05f2c1ad
DWF
899 * Detect possible consoles, use stdin as fallback.
900 * If an optional tty is given, reconnect it to stdin.
35ec6446 901 */
05f2c1ad 902 reconnect = detect_consoles(tty, 0);
a74aeac6 903
35ec6446
DWF
904 /*
905 * Should not happen
906 */
907 if (!consoles) {
908 if (!errno)
909 errno = ENOMEM;
910 fprintf(stderr, "sulogin: cannot open console: %m\n\r");
911 exit(1);
a74aeac6
PR
912 }
913
05f2c1ad
DWF
914 /*
915 * If previous stdin was not the speified tty and therefore reconnected
916 * to the specified tty also reconnect stdout and stderr.
917 */
918 if (reconnect) {
919 if (isatty(1) == 0)
920 dup2(0, 1);
921 if (isatty(2) == 0)
922 dup2(0, 2);
923 }
924
a74aeac6
PR
925 /*
926 * Get the root password.
927 */
928 if ((pwd = getrootpwent(opt_e)) == NULL) {
35ec6446 929 fprintf(stderr, "sulogin: cannot open password database!\n\r");
a74aeac6
PR
930 sleep(2);
931 }
932
933 /*
35ec6446 934 * Prompt for input on the consoles
a74aeac6 935 */
35ec6446
DWF
936 for (con = consoles; con && con->id < CONMAX; con = con->next) {
937 if (con->fd >= 0) {
938 openfd |= (1<<con->fd);
939 tcinit(con);
940 continue;
82111852 941 }
35ec6446
DWF
942 if ((con->fd = open(con->tty, O_RDWR | O_NOCTTY | O_NONBLOCK)) < 0)
943 continue;
944 openfd |= (1<<con->fd);
945 tcinit(con);
a74aeac6 946 }
35ec6446
DWF
947 con = consoles;
948 usemask = (uint32_t*)mmap(NULL, sizeof(uint32_t), PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_SHARED, -1, 0);
949
950 if (con->next == (struct console*)0)
951 goto nofork;
952
953 signal(SIGCHLD, chld_handler);
954 do {
955 switch ((con->pid = fork())) {
956 case 0:
957 signal(SIGCHLD, SIG_DFL);
958 /* fall through */
959 nofork:
960 setup(con);
961 while (1) {
962 char *passwd = pwd->pw_passwd;
963 char *answer;
9e94f6aa 964 int failed = 0, doshell = 0;
35ec6446
DWF
965
966 doprompt(passwd, con);
967 if ((answer = getpasswd(con)) == NULL)
968 break;
969
9e94f6aa
DWF
970 if (passwd[0] == '\0')
971 doshell++;
972 else {
973 char *cryptbuf;
974 cryptbuf = crypt(answer, passwd);
975 if (cryptbuf == NULL)
976 fprintf(stderr, "sulogin: crypt failed: %m\n\r");
977 else if (strcmp(cryptbuf, pwd->pw_passwd) == 0)
978 doshell++;
979 }
980
981 if (doshell) {
35ec6446
DWF
982 *usemask |= (1<<con->id);
983 sushell(pwd);
984 *usemask &= ~(1<<con->id);
985 failed++;
986 }
9e94f6aa 987
35ec6446
DWF
988 signal(SIGQUIT, SIG_IGN);
989 signal(SIGTSTP, SIG_IGN);
990 signal(SIGINT, SIG_IGN);
a74aeac6 991
35ec6446
DWF
992 if (failed) {
993 fprintf(stderr, "sulogin: can not execute su shell.\n\r");
994 break;
995 }
996 fprintf(stderr, "Login incorrect.\n\r");
05f2c1ad 997 sleep(3);
35ec6446
DWF
998 }
999 if (alarm_rised) {
1000 tcfinal(con);
9e94f6aa 1001 fprintf(stderr, "Timed out.\n\r");
35ec6446
DWF
1002 }
1003 /*
1004 * User may pressed Control-D.
1005 */
1006 exit(0);
1007 case -1:
1008 fprintf(stderr, "sulogin: can not fork: %m\n\r");
1009 /* fall through */
1010 default:
1011 break;
1012 }
1013 } while ((con = con->next) && (con->id < CONMAX));
1014
1015 while ((pid = wait(&status))) {
1016 if (errno == ECHILD)
1017 break;
1018 if (pid < 0)
1019 continue;
1020 for (con = consoles; con && con->id < CONMAX; con = con->next) {
1021 if (con->pid == pid) {
1022 *usemask &= ~(1<<con->id);
1023 continue;
1024 }
1025 if (kill(con->pid, 0) < 0) {
1026 *usemask &= ~(1<<con->id);
1027 continue;
1028 }
1029 if (*usemask & (1<<con->id))
1030 continue;
1031 kill(con->pid, SIGHUP);
1032 usleep(5000);
1033 kill(con->pid, SIGKILL);
1034 }
1035 }
1036 signal(SIGCHLD, SIG_DFL);
82111852 1037
a74aeac6
PR
1038 return 0;
1039}