mirror of
https://github.com/sheumann/hush.git
synced 2024-12-22 14:30:31 +00:00
234 lines
5.3 KiB
C
234 lines
5.3 KiB
C
/* vi: set sw=4 ts=4: */
|
|
/*
|
|
* vlock implementation for busybox
|
|
*
|
|
* Copyright (C) 2000 by spoon <spoon@ix.netcom.com>
|
|
* Written by spoon <spon@ix.netcom.com>
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
*
|
|
*/
|
|
|
|
/* Shoutz to Michael K. Johnson <johnsonm@redhat.com>, author of the
|
|
* original vlock. I snagged a bunch of his code to write this
|
|
* minimalistic vlock.
|
|
*/
|
|
/* Fixed by Erik Andersen to do passwords the tinylogin way...
|
|
* It now works with md5, sha1, etc passwords. */
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <sys/vt.h>
|
|
#include <signal.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
#include <errno.h>
|
|
#include <sys/ioctl.h>
|
|
#include <termios.h>
|
|
|
|
#include "busybox.h"
|
|
|
|
static struct passwd *pw;
|
|
static struct vt_mode ovtm;
|
|
static struct termios oterm;
|
|
static int vfd;
|
|
static int o_lock_all = 0;
|
|
|
|
#ifdef CONFIG_FEATURE_SHADOWPASSWDS
|
|
static struct spwd *spw;
|
|
|
|
/* getspuid - get a shadow entry by uid */
|
|
struct spwd *getspuid(uid_t uid)
|
|
{
|
|
struct spwd *sp;
|
|
struct passwd *mypw;
|
|
|
|
if ((mypw = getpwuid(getuid())) == NULL) {
|
|
return (NULL);
|
|
}
|
|
setspent();
|
|
while ((sp = getspent()) != NULL) {
|
|
if (strcmp(mypw->pw_name, sp->sp_namp) == 0)
|
|
break;
|
|
}
|
|
endspent();
|
|
return (sp);
|
|
}
|
|
#endif
|
|
|
|
static void release_vt(int signo)
|
|
{
|
|
if (!o_lock_all)
|
|
ioctl(vfd, VT_RELDISP, 1);
|
|
else
|
|
ioctl(vfd, VT_RELDISP, 0);
|
|
}
|
|
|
|
static void acquire_vt(int signo)
|
|
{
|
|
ioctl(vfd, VT_RELDISP, VT_ACKACQ);
|
|
}
|
|
|
|
static void restore_terminal(void)
|
|
{
|
|
ioctl(vfd, VT_SETMODE, &ovtm);
|
|
tcsetattr(STDIN_FILENO, TCSANOW, &oterm);
|
|
}
|
|
|
|
extern int vlock_main(int argc, char **argv)
|
|
{
|
|
sigset_t sig;
|
|
struct sigaction sa;
|
|
struct vt_mode vtm;
|
|
int times = 0;
|
|
struct termios term;
|
|
|
|
if (argc > 2) {
|
|
bb_show_usage();
|
|
}
|
|
|
|
if (argc == 2) {
|
|
if (strncmp(argv[1], "-a", 2)) {
|
|
bb_show_usage();
|
|
} else {
|
|
o_lock_all = 1;
|
|
}
|
|
}
|
|
|
|
if ((pw = getpwuid(getuid())) == NULL) {
|
|
bb_error_msg_and_die("no password for uid %d\n", getuid());
|
|
}
|
|
#ifdef CONFIG_FEATURE_SHADOWPASSWDS
|
|
if ((strcmp(pw->pw_passwd, "x") == 0)
|
|
|| (strcmp(pw->pw_passwd, "*") == 0)) {
|
|
|
|
if ((spw = getspuid(getuid())) == NULL) {
|
|
bb_error_msg_and_die("could not read shadow password for uid %d: %s\n",
|
|
getuid(), strerror(errno));
|
|
}
|
|
if (spw->sp_pwdp) {
|
|
pw->pw_passwd = spw->sp_pwdp;
|
|
}
|
|
}
|
|
#endif /* CONFIG_FEATURE_SHADOWPASSWDS */
|
|
if (pw->pw_passwd[0] == '!' || pw->pw_passwd[0] == '*') {
|
|
bb_error_msg_and_die("Account disabled for uid %d\n", getuid());
|
|
}
|
|
|
|
/* we no longer need root privs */
|
|
setuid(getuid());
|
|
setgid(getgid());
|
|
|
|
if ((vfd = open("/dev/tty", O_RDWR)) < 0) {
|
|
bb_error_msg_and_die("/dev/tty");
|
|
};
|
|
|
|
if (ioctl(vfd, VT_GETMODE, &vtm) < 0) {
|
|
bb_error_msg_and_die("/dev/tty");
|
|
};
|
|
|
|
/* mask a bunch of signals */
|
|
sigprocmask(SIG_SETMASK, NULL, &sig);
|
|
sigdelset(&sig, SIGUSR1);
|
|
sigdelset(&sig, SIGUSR2);
|
|
sigaddset(&sig, SIGTSTP);
|
|
sigaddset(&sig, SIGTTIN);
|
|
sigaddset(&sig, SIGTTOU);
|
|
sigaddset(&sig, SIGHUP);
|
|
sigaddset(&sig, SIGCHLD);
|
|
sigaddset(&sig, SIGQUIT);
|
|
sigaddset(&sig, SIGINT);
|
|
|
|
sigemptyset(&(sa.sa_mask));
|
|
sa.sa_flags = SA_RESTART;
|
|
sa.sa_handler = release_vt;
|
|
sigaction(SIGUSR1, &sa, NULL);
|
|
sa.sa_handler = acquire_vt;
|
|
sigaction(SIGUSR2, &sa, NULL);
|
|
|
|
/* need to handle some signals so that we don't get killed by them */
|
|
sa.sa_handler = SIG_IGN;
|
|
sigaction(SIGHUP, &sa, NULL);
|
|
sigaction(SIGQUIT, &sa, NULL);
|
|
sigaction(SIGINT, &sa, NULL);
|
|
sigaction(SIGTSTP, &sa, NULL);
|
|
|
|
ovtm = vtm;
|
|
vtm.mode = VT_PROCESS;
|
|
vtm.relsig = SIGUSR1;
|
|
vtm.acqsig = SIGUSR2;
|
|
ioctl(vfd, VT_SETMODE, &vtm);
|
|
|
|
tcgetattr(STDIN_FILENO, &oterm);
|
|
term = oterm;
|
|
term.c_iflag &= ~BRKINT;
|
|
term.c_iflag |= IGNBRK;
|
|
term.c_lflag &= ~ISIG;
|
|
term.c_lflag &= ~(ECHO | ECHOCTL);
|
|
tcsetattr(STDIN_FILENO, TCSANOW, &term);
|
|
|
|
do {
|
|
char *pass, *crypt_pass;
|
|
char prompt[100];
|
|
|
|
if (o_lock_all) {
|
|
printf("All Virtual Consoles locked.\n");
|
|
} else {
|
|
printf("This Virtual Console locked.\n");
|
|
}
|
|
fflush(stdout);
|
|
|
|
snprintf(prompt, 100, "%s's password: ", pw->pw_name);
|
|
|
|
if ((pass = getpass(prompt)) == NULL) {
|
|
perror("getpass");
|
|
restore_terminal();
|
|
exit(1);
|
|
}
|
|
|
|
crypt_pass = pw_encrypt(pass, pw->pw_passwd);
|
|
if (strncmp(crypt_pass, pw->pw_passwd, sizeof(crypt_pass)) == 0) {
|
|
memset(pass, 0, strlen(pass));
|
|
memset(crypt_pass, 0, strlen(crypt_pass));
|
|
restore_terminal();
|
|
return 0;
|
|
}
|
|
memset(pass, 0, strlen(pass));
|
|
memset(crypt_pass, 0, strlen(crypt_pass));
|
|
|
|
if (isatty(STDIN_FILENO) == 0) {
|
|
perror("isatty");
|
|
restore_terminal();
|
|
exit(1);
|
|
}
|
|
|
|
sleep(++times);
|
|
printf("Password incorrect.\n");
|
|
if (times >= 3) {
|
|
sleep(15);
|
|
times = 2;
|
|
}
|
|
} while (1);
|
|
}
|
|
|
|
/*
|
|
Local Variables:
|
|
c-file-style: "linux"
|
|
c-basic-offset: 4
|
|
tab-width: 4
|
|
End:
|
|
*/
|