hush/loginutils/sulogin.c

/* vi: set sw=4 ts=4: */
/*
 * Mini sulogin implementation for busybox
 *
 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
 */
//config:config SULOGIN
//config:	bool "sulogin"
//config:	default y
//config:	select FEATURE_SYSLOG
//config:	help
//config:	  sulogin is invoked when the system goes into single user
//config:	  mode (this is done through an entry in inittab).

//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */
//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))

//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o

//usage:#define sulogin_trivial_usage
//usage:       "[-t N] [TTY]"
//usage:#define sulogin_full_usage "\n\n"
//usage:       "Single user login\n"
//usage:     "\n	-t N	Timeout"

#include "libbb.h"
#include <syslog.h>

int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
int sulogin_main(int argc UNUSED_PARAM, char **argv)
{
	int timeout = 0;
	struct passwd *pwd;
	const char *shell;

	logmode = LOGMODE_BOTH;
	openlog(applet_name, 0, LOG_AUTH);

	opt_complementary = "t+"; /* -t N */
	getopt32(argv, "t:", &timeout);
	argv += optind;

	if (argv[0]) {
		close(0);
		close(1);
		dup(xopen(argv[0], O_RDWR));
		close(2);
		dup(0);
	}

	/* Malicious use like "sulogin /dev/sda"? */
	if (!isatty(0) || !isatty(1) || !isatty(2)) {
		logmode = LOGMODE_SYSLOG;
		bb_error_msg_and_die("not a tty");
	}

	/* Clear dangerous stuff, set PATH */
	sanitize_env_if_suid();

	pwd = getpwuid(0);
	if (!pwd) {
		goto auth_error;
	}

	while (1) {
		int r;

		r = ask_and_check_password_extended(pwd, timeout,
			"Give root password for system maintenance\n"
			"(or type Control-D for normal startup):"
		);
		if (r < 0) {
			/* ^D, ^C, timeout, or read error */
			bb_info_msg("Normal startup");
			return 0;
		}
		if (r > 0) {
			break;
		}
		bb_do_delay(LOGIN_FAIL_DELAY);
		bb_info_msg("Login incorrect");
	}

	bb_info_msg("System Maintenance Mode");

	IF_SELINUX(renew_current_security_context());

	shell = getenv("SUSHELL");
	if (!shell)
		shell = getenv("sushell");
	if (!shell)
		shell = pwd->pw_shell;

	/* Exec login shell with no additional parameters. Never returns. */
	run_shell(shell, 1, NULL, NULL);

 auth_error:
	bb_error_msg_and_die("no password entry for root");
}
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`/* vi: set sw=4 ts=4: */`
Add one-line GPL boilerplate to numerous (but not all yet) source files. 2006-07-12 07:56:04 +00:00			`/*`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00			`* Mini sulogin implementation for busybox`
			`*`
*: make GNU licensing statement forms more regular This change retains "or later" state! No licensing _changes_ here, only form is adjusted (article, space between "GPL" and "v2" and so on). Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2010-08-16 18:14:46 +00:00			`* Licensed under GPLv2 or later, see file LICENSE in this source tree.`
Add one-line GPL boilerplate to numerous (but not all yet) source files. 2006-07-12 07:56:04 +00:00			`*/`
loginutils/*: convert to new-style "one file" applets Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2015-10-18 23:20:36 +00:00			`//config:config SULOGIN`
			`//config: bool "sulogin"`
			`//config: default y`
			`//config: select FEATURE_SYSLOG`
			`//config: help`
			`//config: sulogin is invoked when the system goes into single user`
			`//config: mode (this is done through an entry in inittab).`

			`//applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */`
			`//applet:IF_SULOGIN(APPLET(sulogin, BB_DIR_SBIN, BB_SUID_DROP))`

			`//kbuild:lib-$(CONFIG_SULOGIN) += sulogin.o`
Add one-line GPL boilerplate to numerous (but not all yet) source files. 2006-07-12 07:56:04 +00:00
move help text from include/usage.src.h to debianutils/.c e2fsprogs/.c editors/.c loginutils/.c mailutils/*.c Signed-off-by: Pere Orga <gotrunks@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-04-01 20:56:30 +00:00			`//usage:#define sulogin_trivial_usage`
			`//usage: "[-t N] [TTY]"`
			`//usage:#define sulogin_full_usage "\n\n"`
			`//usage: "Single user login\n"`
			`//usage: "\n -t N Timeout"`

usage.c: remove reference to busybox.h *: s/include "busybox.h"/include "libbb.h" 2007-05-26 19:00:18 +00:00			`#include "libbb.h"`
- fix conflicting decls of syslog related facilitynames and prioritynames tables 2008-01-27 12:50:12 +00:00			`#include <syslog.h>`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00
add -fvisibility=hidden to CC flags, mark XXX_main functions EXTERNALLY_VISIBLE. 5% size reduction of libbusybox.so 2007-10-11 10:05:36 +00:00			`int sulogin_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;`
*: rename ATTRIBUTE_XXX to just XXX. 2008-07-05 09:18:54 +00:00			`int sulogin_main(int argc UNUSED_PARAM, char **argv)`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`{`
			`int timeout = 0;`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00			`struct passwd *pwd;`
sulogin: add support for $SUSHELL & $sushell 2006-10-14 11:47:02 +00:00			`const char *shell;`
just whitespace 2006-01-25 00:08:53 +00:00
sulogin: minor cleanup. 2006-09-09 14:00:58 +00:00			`logmode = LOGMODE_BOTH;`
bb_applet_name -> applet_name 2006-10-03 21:00:43 +00:00			`openlog(applet_name, 0, LOG_AUTH);`
just whitespace 2006-01-25 00:08:53 +00:00
*: shrink: use Vladimir's "o+" specifier instead of xatou(opt_param) function old new delta getopt32 1370 1385 +15 sulogin_main 490 494 +4 realpath_main 84 86 +2 sleep_main 76 77 +1 mt_main 256 257 +1 printenv_main 75 74 -1 fdformat_main 546 545 -1 usleep_main 44 42 -2 setlogcons_main 77 75 -2 ed_main 2654 2649 -5 deallocvt_main 69 64 -5 addgroup_main 373 368 -5 mkfs_minix_main 2989 2982 -7 tail_main 1221 1213 -8 sv_main 1254 1241 -13 du_main 348 328 -20 tftp_main 325 302 -23 split_main 581 558 -23 nc_main 1000 977 -23 diff_main 891 868 -23 arping_main 1797 1770 -27 ls_main 893 847 -46 od_main 2797 2750 -47 readprofile_main 1944 1895 -49 tcpudpsvd_main 1973 1922 -51 udhcpc_main 2590 2513 -77 grep_main 824 722 -102 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 5/22 up/down: 23/-560) Total: -537 bytes text data bss dec hex filename 796973 658 7428 805059 c48c3 busybox_old 796479 662 7420 804561 c46d1 busybox_unstripped 2008-03-17 09:09:09 +00:00			`opt_complementary = "t+"; /* -t N */`
			`getopt32(argv, "t:", &timeout);`
*: a bit of code shrink function old new delta stop_handler 41 38 -3 sulogin_main 508 504 -4 got_cont 4 - -4 cont_handler 11 - -11 startservice 309 297 -12 processorstart 423 409 -14 tcpudpsvd_main 1861 1843 -18 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 0/5 up/down: 0/-66) Total: -66 bytes 2008-11-09 00:15:11 +00:00			`argv += optind;`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00
*: a bit of code shrink function old new delta stop_handler 41 38 -3 sulogin_main 508 504 -4 got_cont 4 - -4 cont_handler 11 - -11 startservice 309 297 -12 processorstart 423 409 -14 tcpudpsvd_main 1861 1843 -18 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 0/5 up/down: 0/-66) Total: -66 bytes 2008-11-09 00:15:11 +00:00			`if (argv[0]) {`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00			`close(0);`
			`close(1);`
*: a bit of code shrink function old new delta stop_handler 41 38 -3 sulogin_main 508 504 -4 got_cont 4 - -4 cont_handler 11 - -11 startservice 309 297 -12 processorstart 423 409 -14 tcpudpsvd_main 1861 1843 -18 ------------------------------------------------------------------------------ (add/remove: 0/2 grow/shrink: 0/5 up/down: 0/-66) Total: -66 bytes 2008-11-09 00:15:11 +00:00			`dup(xopen(argv[0], O_RDWR));`
Error reporting fix for sulogin, plus remove help entries for options we never implemented. (Plus a bit more of bbsh leaking in from my tree, but it shouldn't hurt anything and I'm lazy...) 2006-09-11 00:34:01 +00:00			`close(2);`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00			`dup(0);`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`}`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00
*: shrink: use Vladimir's "o+" specifier instead of xatou(opt_param) function old new delta getopt32 1370 1385 +15 sulogin_main 490 494 +4 realpath_main 84 86 +2 sleep_main 76 77 +1 mt_main 256 257 +1 printenv_main 75 74 -1 fdformat_main 546 545 -1 usleep_main 44 42 -2 setlogcons_main 77 75 -2 ed_main 2654 2649 -5 deallocvt_main 69 64 -5 addgroup_main 373 368 -5 mkfs_minix_main 2989 2982 -7 tail_main 1221 1213 -8 sv_main 1254 1241 -13 du_main 348 328 -20 tftp_main 325 302 -23 split_main 581 558 -23 nc_main 1000 977 -23 diff_main 891 868 -23 arping_main 1797 1770 -27 ls_main 893 847 -46 od_main 2797 2750 -47 readprofile_main 1944 1895 -49 tcpudpsvd_main 1973 1922 -51 udhcpc_main 2590 2513 -77 grep_main 824 722 -102 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 5/22 up/down: 23/-560) Total: -537 bytes text data bss dec hex filename 796973 658 7428 805059 c48c3 busybox_old 796479 662 7420 804561 c46d1 busybox_unstripped 2008-03-17 09:09:09 +00:00			`/* Malicious use like "sulogin /dev/sda"? */`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00			`if (!isatty(0) \|\| !isatty(1) \|\| !isatty(2)) {`
sulogin: minor cleanup. 2006-09-09 14:00:58 +00:00			`logmode = LOGMODE_SYSLOG;`
			`bb_error_msg_and_die("not a tty");`
getty, sulogin: convert to using bb_msg for syslog output 2006-09-07 16:20:03 +00:00			`}`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00
login: clear dangerous environment variables if started by non-root 2007-11-06 05:26:51 +00:00			`/* Clear dangerous stuff, set PATH */`
mount: recognize "dirsync" (closes bug 835) mount: sanitize environ if called by non-root *: adjust for slightly different sanitize routine 2008-02-18 11:08:33 +00:00			`sanitize_env_if_suid();`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00
sulogin: add support for $SUSHELL & $sushell 2006-10-14 11:47:02 +00:00			`pwd = getpwuid(0);`
			`if (!pwd) {`
sulogin: minor cleanup. 2006-09-09 14:00:58 +00:00			`goto auth_error;`
whitespace cleanup 2006-09-17 16:28:10 +00:00			`}`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`while (1) {`
make pw_encrypt() return malloc'ed string. text data bss dec hex filename 759802 604 6684 767090 bb472 busybox_old 759804 604 6676 767084 bb46c busybox_unstripped 2008-06-12 16:56:52 +00:00			`int r;`

sulogin: use common password-checking routine. This needed some extensions correct_passwd() function, which got renamed ask_and_check_password() to better describe what it does. function old new delta ask_and_check_password_extended - 215 +215 ask_and_check_password - 12 +12 vlock_main 394 397 +3 sulogin_main 494 326 -168 correct_password 207 - -207 ------------------------------------------------------------------------------ (add/remove: 2/1 grow/shrink: 1/1 up/down: 230/-375) Total: -145 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2013-11-19 12:09:06 +00:00			`r = ask_and_check_password_extended(pwd, timeout,`
			`"Give root password for system maintenance\n"`
			`"(or type Control-D for normal startup):"`
			`);`
			`if (r < 0) {`
sulogin: allow system maintenance login if root password is empty The current password checking is unable to distinguish between the user entering an empty password or pressing Control-D. As a result, an empty password always results in normal startup. We modify bb_ask to return NULL if Control-D is pressed without entering a password. The sulogin applet is then modified to only proceed to normal startup if bb_ask returns NULL. This covers EOF with no password, interrupt by timeout and ^C. Signed-off-by: Jonathan Liu <net147@gmail.com> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2013-05-21 15:01:55 +00:00			`/* ^D, ^C, timeout, or read error */`
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00			`bb_info_msg("Normal startup");`
sulogin: minor cleanup. 2006-09-09 14:00:58 +00:00			`return 0;`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`}`
sulogin: use common password-checking routine. This needed some extensions correct_passwd() function, which got renamed ask_and_check_password() to better describe what it does. function old new delta ask_and_check_password_extended - 215 +215 ask_and_check_password - 12 +12 vlock_main 394 397 +3 sulogin_main 494 326 -168 correct_password 207 - -207 ------------------------------------------------------------------------------ (add/remove: 2/1 grow/shrink: 1/1 up/down: 230/-375) Total: -145 bytes Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2013-11-19 12:09:06 +00:00			`if (r > 0) {`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`break;`
			`}`
s/FAIL_DELAY/LOGIN_FAIL_DELAY/ Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2011-03-08 20:07:05 +00:00			`bb_do_delay(LOGIN_FAIL_DELAY);`
			`bb_info_msg("Login incorrect");`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`}`
A patch from Takeharu KATO to update/fix SE-Linux support. 2005-05-03 06:25:50 +00:00
Shrinkage/cleanup from Tito. 2006-09-08 17:22:05 +00:00			`bb_info_msg("System Maintenance Mode");`
A patch from Takeharu KATO to update/fix SE-Linux support. 2005-05-03 06:25:50 +00:00
*: mass renaming of USE_XXXX to IF_XXXX and SKIP_XXXX to IF_NOT_XXXX - the second one was especially badly named. It was not skipping anything! 2009-04-21 11:09:40 +00:00			`IF_SELINUX(renew_current_security_context());`
A patch from Takeharu KATO to update/fix SE-Linux support. 2005-05-03 06:25:50 +00:00
sulogin: add support for $SUSHELL & $sushell 2006-10-14 11:47:02 +00:00			`shell = getenv("SUSHELL");`
setup_environment: code shrink run_shell: mark as NORETURN setup_environment, run_shell: add usage comments login: add FIXME :( function old new delta UNSPEC_print 64 66 +2 sulogin_main 509 506 -3 mkfs_minix_main 3070 3067 -3 login_main 1615 1612 -3 su_main 461 448 -13 setup_environment 261 206 -55 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/5 up/down: 2/-77) Total: -75 bytes text data bss dec hex filename 772578 1051 10724 784353 bf7e1 busybox_old 772502 1051 10724 784277 bf795 busybox_unstripped 2007-09-10 13:15:28 +00:00			`if (!shell)`
			`shell = getenv("sushell");`
*: s/"/bin/sh"/DEFAULT_SHELL, run_shell() API fix, remove unneeded strdup function old new delta run_shell 157 166 +9 su_main 477 470 -7 sulogin_main 515 503 -12 Signed-off-by: Ladislav Michl <Ladislav.Michl@seznam.cz> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com> 2010-06-27 01:23:31 +00:00			`if (!shell)`
			`shell = pwd->pw_shell;`

setup_environment: code shrink run_shell: mark as NORETURN setup_environment, run_shell: add usage comments login: add FIXME :( function old new delta UNSPEC_print 64 66 +2 sulogin_main 509 506 -3 mkfs_minix_main 3070 3067 -3 login_main 1615 1612 -3 su_main 461 448 -13 setup_environment 261 206 -55 ------------------------------------------------------------------------------ (add/remove: 0/0 grow/shrink: 1/5 up/down: 2/-77) Total: -75 bytes text data bss dec hex filename 772578 1051 10724 784353 bf7e1 busybox_old 772502 1051 10724 784277 bf795 busybox_unstripped 2007-09-10 13:15:28 +00:00			`/* Exec login shell with no additional parameters. Never returns. */`
			`run_shell(shell, 1, NULL, NULL);`
sulogin: minor cleanup. 2006-09-09 14:00:58 +00:00
bb_askpass: handle Ctrl-C, restore termoios on Ctrl-C. sulogin: remove alarm handling, as it is redundant there. code shrink. After all differences cancel out: text data bss dec hex filename 777543 1000 9532 788075 c066b busybox_old 777543 1000 9532 788075 c066b busybox_unstripped 2007-10-20 19:20:22 +00:00			`auth_error:`
			`bb_error_msg_and_die("no password entry for root");`
Port over the last of the tinylogin applets -Erik 2002-06-23 04:24:25 +00:00			`}`