int correct_password ( const struct passwd *pw )
{
char *unencrypted, *encrypted, *correct;
#ifdef CONFIG_FEATURE_SHADOWPASSWDS
if (( strcmp ( pw-> pw_passwd, "x" ) == 0 ) || ( strcmp ( pw-> pw_passwd, "*" ) == 0 )) {
struct spwd *sp = getspnam ( pw-> pw_name );
if ( !sp )
bb_error_msg_and_die ( "\nno valid shadow password" );
correct = sp-> sp_pwdp;
}
else
#endif
correct = pw-> pw_passwd;
if ( correct == 0 || correct[0] == '\0' )
return 1;
unencrypted = bb_askpass ( 0, "Password: " );
if ( !unencrypted )
{
return 0;
}
encrypted = crypt ( unencrypted, correct );
memset ( unencrypted, 0, bb_strlen ( unencrypted ));
return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0;
}
int correct_password(const struct passwd *pw)
{
char *unencrypted, *encrypted;
const char *correct;
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
struct spwd spw;
struct spwd *result;
char buffer[256];
#endif
correct = pw->pw_passwd;
#if ENABLE_FEATURE_SHADOWPASSWDS
if (LONE_CHAR(pw->pw_passwd, 'x') || LONE_CHAR(pw->pw_passwd, '*')) {
if (getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result))
bb_error_msg("no valid shadow password, checking ordinary one");
else
correct = spw.sp_pwdp;
}
#endif
if (!correct || correct[0] == '\0')
return 1;
unencrypted = bb_askpass(0, "Password: ");
if (!unencrypted) {
return 0;
}
encrypted = crypt(unencrypted, correct);
memset(unencrypted, 0, strlen(unencrypted));
return strcmp(encrypted, correct) == 0;
}
int correct_password(const struct passwd *pw)
{
char *unencrypted, *encrypted;
const char *correct;
int r;
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
struct spwd spw;
char buffer[256];
#endif
/* fake salt. crypt() can choke otherwise. */
correct = "aa";
if (!pw) {
/* "aa" will never match */
goto fake_it;
}
correct = pw->pw_passwd;
#if ENABLE_FEATURE_SHADOWPASSWDS
if ((correct[0] == 'x' || correct[0] == '*') && !correct[1]) {
/* getspnam_r may return 0 yet set result to NULL.
* At least glibc 2.4 does this. Be extra paranoid here. */
struct spwd *result = NULL;
r = getspnam_r(pw->pw_name, &spw, buffer, sizeof(buffer), &result);
correct = (r || !result) ? "aa" : result->sp_pwdp;
}
#endif
if (!correct[0]) /* empty password field? */
return 1;
fake_it:
unencrypted = bb_askpass(0, "Password: ");
if (!unencrypted) {
return 0;
}
encrypted = pw_encrypt(unencrypted, correct, 1);
r = (strcmp(encrypted, correct) == 0);
free(encrypted);
memset(unencrypted, 0, strlen(unencrypted));
return r;
}
int sulogin_main(int argc, char **argv)
{
char *cp;
char *device = NULL;
const char *name = "root";
int timeout = 0;
#define pass bb_common_bufsiz1
struct passwd pwent;
struct passwd *pwd;
const char * const *p;
#if ENABLE_FEATURE_SHADOWPASSWDS
struct spwd *spwd = NULL;
#endif
openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
if (argc > 1) {
if (strncmp(argv[1], "-t", 2) == 0) {
if (argv[1][2] == '\0') { /* -t NN */
if (argc > 2) {
timeout = atoi(argv[2]);
if (argc > 3) {
device = argv[3];
}
}
} else { /* -tNNN */
timeout = atoi(&argv[1][2]);
if (argc > 2) {
device = argv[2];
}
}
} else {
device = argv[1];
}
if (device) {
close(0);
close(1);
close(2);
if (open(device, O_RDWR) == 0) {
dup(0);
dup(0);
} else {
syslog(LOG_WARNING, "cannot open %s\n", device);
exit(EXIT_FAILURE);
}
}
}
if (access(bb_path_passwd_file, 0) == -1) {
syslog(LOG_WARNING, "No password file\n");
bb_error_msg_and_die("No password file\n");
}
if (!isatty(0) || !isatty(1) || !isatty(2)) {
exit(EXIT_FAILURE);
}
/* Clear out anything dangerous from the environment */
for (p = forbid; *p; p++)
unsetenv(*p);
signal(SIGALRM, catchalarm);
if (!(pwd = getpwnam(name))) {
syslog(LOG_WARNING, "No password entry for `root'\n");
bb_error_msg_and_die("No password entry for `root'\n");
}
pwent = *pwd;
#if ENABLE_FEATURE_SHADOWPASSWDS
spwd = NULL;
if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
|| (strcmp(pwd->pw_passwd, "*") == 0))) {
endspent();
spwd = getspnam(name);
if (spwd) {
pwent.pw_passwd = spwd->sp_pwdp;
}
}
#endif
while (1) {
cp = bb_askpass(timeout, SULOGIN_PROMPT);
if (!cp || !*cp) {
puts("\n");
fflush(stdout);
syslog(LOG_INFO, "Normal startup\n");
exit(EXIT_SUCCESS);
} else {
safe_strncpy(pass, cp, sizeof(pass));
memset(cp, 0, strlen(cp));
}
if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
break;
}
bb_do_delay(FAIL_DELAY);
puts("Login incorrect");
fflush(stdout);
syslog(LOG_WARNING, "Incorrect root password\n");
}
memset(pass, 0, strlen(pass));
signal(SIGALRM, SIG_DFL);
puts("Entering System Maintenance Mode\n");
fflush(stdout);
syslog(LOG_INFO, "System Maintenance Mode\n");
#if ENABLE_SELINUX
renew_current_security_context();
#endif
run_shell(pwent.pw_shell, 1, 0, 0);
return (0);
}
int sulogin_main(int argc, char **argv)
{
char *cp;
int timeout = 0;
char *timeout_arg;
const char * const *p;
struct passwd *pwd;
const char *shell;
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
char buffer[256];
struct spwd spw;
struct spwd *result;
#endif
logmode = LOGMODE_BOTH;
openlog(applet_name, 0, LOG_AUTH);
if (getopt32(argc, argv, "t:", &timeout_arg)) {
timeout = xatoi_u(timeout_arg);
}
if (argv[optind]) {
close(0);
close(1);
dup(xopen(argv[optind], O_RDWR));
close(2);
dup(0);
}
if (!isatty(0) || !isatty(1) || !isatty(2)) {
logmode = LOGMODE_SYSLOG;
bb_error_msg_and_die("not a tty");
}
/* Clear out anything dangerous from the environment */
for (p = forbid; *p; p++)
unsetenv(*p);
signal(SIGALRM, catchalarm);
pwd = getpwuid(0);
if (!pwd) {
goto auth_error;
}
#if ENABLE_FEATURE_SHADOWPASSWDS
if (getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result)) {
goto auth_error;
}
pwd->pw_passwd = spw.sp_pwdp;
#endif
while (1) {
/* cp points to a static buffer that is zeroed every time */
cp = bb_askpass(timeout,
"Give root password for system maintenance\n"
"(or type Control-D for normal startup):");
if (!cp || !*cp) {
bb_info_msg("Normal startup");
return 0;
}
if (strcmp(pw_encrypt(cp, pwd->pw_passwd), pwd->pw_passwd) == 0) {
break;
}
bb_do_delay(FAIL_DELAY);
bb_error_msg("login incorrect");
}
memset(cp, 0, strlen(cp));
signal(SIGALRM, SIG_DFL);
bb_info_msg("System Maintenance Mode");
USE_SELINUX(renew_current_security_context());
shell = getenv("SUSHELL");
if (!shell) shell = getenv("sushell");
if (!shell) {
shell = "/bin/sh";
if (pwd->pw_shell[0])
shell = pwd->pw_shell;
}
run_shell(shell, 1, 0, 0);
/* never returns */
auth_error:
bb_error_msg_and_die("no password entry for 'root'");
}
extern int sulogin_main(int argc, char **argv)
{
char *cp;
char *device = (char *) 0;
const char *name = "root";
int timeout = 0;
static char pass[BUFSIZ];
struct passwd pwent;
struct passwd *pwd;
time_t start, now;
const char **p;
#ifdef CONFIG_FEATURE_SHADOWPASSWDS
struct spwd *spwd = NULL;
#endif /* CONFIG_FEATURE_SHADOWPASSWDS */
rg_openlog("sulogin", LOG_PID | LOG_CONS | LOG_NOWAIT, LOG_AUTH);
if (argc > 1) {
if (strncmp(argv[1], "-t", 2) == 0) {
if (strcmp(argv[1], "-t") == 0) {
if (argc > 2) {
timeout = atoi(argv[2]);
if (argc > 3) {
device = argv[3];
}
}
} else {
if (argc > 2) {
device = argv[2];
}
}
} else {
device = argv[1];
}
if (device) {
close(0);
close(1);
close(2);
if (open(device, O_RDWR) >= 0) {
dup(0);
dup(0);
} else {
syslog(LOG_WARNING, "cannot open %s\n", device);
exit(EXIT_FAILURE);
}
}
}
if (access(bb_path_passwd_file, 0) == -1) {
syslog(LOG_WARNING, "No password file\n");
bb_error_msg_and_die("No password file\n");
}
if (!isatty(0) || !isatty(1) || !isatty(2)) {
exit(EXIT_FAILURE);
}
/* Clear out anything dangerous from the environment */
for (p = forbid; *p; p++)
unsetenv(*p);
signal(SIGALRM, catchalarm);
if (!(pwd = getpwnam(name))) {
syslog(LOG_WARNING, "No password entry for `root'\n");
bb_error_msg_and_die("No password entry for `root'\n");
}
pwent = *pwd;
#ifdef CONFIG_FEATURE_SHADOWPASSWDS
spwd = NULL;
if (pwd && ((strcmp(pwd->pw_passwd, "x") == 0)
|| (strcmp(pwd->pw_passwd, "*") == 0))) {
endspent();
spwd = getspnam(name);
if (spwd) {
pwent.pw_passwd = spwd->sp_pwdp;
}
}
#endif /* CONFIG_FEATURE_SHADOWPASSWDS */
while (1) {
cp = bb_askpass(timeout, SULOGIN_PROMPT);
if (!cp || !*cp) {
puts("\n");
fflush(stdout);
syslog(LOG_INFO, "Normal startup\n");
exit(EXIT_SUCCESS);
} else {
safe_strncpy(pass, cp, sizeof(pass));
bzero(cp, strlen(cp));
}
if (strcmp(pw_encrypt(pass, pwent.pw_passwd), pwent.pw_passwd) == 0) {
break;
}
time(&start);
now = start;
while (difftime(now, start) < FAIL_DELAY) {
sleep(FAIL_DELAY);
time(&now);
}
puts("Login incorrect");
fflush(stdout);
syslog(LOG_WARNING, "Incorrect root password\n");
}
bzero(pass, strlen(pass));
signal(SIGALRM, SIG_DFL);
puts("Entering System Maintenance Mode\n");
fflush(stdout);
syslog(LOG_INFO, "System Maintenance Mode\n");
run_shell(pwent.pw_shell, 1, 0, 0);
return (0);
}
int sulogin_main(int argc UNUSED_PARAM, char **argv)
{
char *cp;
int timeout = 0;
struct passwd *pwd;
const char *shell;
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
char buffer[256];
struct spwd spw;
#endif
logmode = LOGMODE_BOTH;
openlog(applet_name, 0, LOG_AUTH);
opt_complementary = "t+"; /* -t N */
getopt32(argv, "t:", &timeout);
if (argv[optind]) {
close(0);
close(1);
dup(xopen(argv[optind], O_RDWR));
close(2);
dup(0);
}
/* Malicious use like "sulogin /dev/sda"? */
if (!isatty(0) || !isatty(1) || !isatty(2)) {
logmode = LOGMODE_SYSLOG;
bb_error_msg_and_die("not a tty");
}
/* Clear dangerous stuff, set PATH */
sanitize_env_if_suid();
// bb_askpass() already handles this
// signal(SIGALRM, catchalarm);
pwd = getpwuid(0);
if (!pwd) {
goto auth_error;
}
#if ENABLE_FEATURE_SHADOWPASSWDS
{
/* getspnam_r may return 0 yet set result to NULL.
* At least glibc 2.4 does this. Be extra paranoid here. */
struct spwd *result = NULL;
int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
if (r || !result) {
goto auth_error;
}
pwd->pw_passwd = result->sp_pwdp;
}
#endif
while (1) {
char *encrypted;
int r;
/* cp points to a static buffer that is zeroed every time */
cp = bb_askpass(timeout,
"Give root password for system maintenance\n"
"(or type Control-D for normal startup):");
if (!cp || !*cp) {
bb_info_msg("Normal startup");
return 0;
}
encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
r = strcmp(encrypted, pwd->pw_passwd);
free(encrypted);
if (r == 0) {
break;
}
bb_do_delay(FAIL_DELAY);
bb_error_msg("login incorrect");
}
memset(cp, 0, strlen(cp));
// signal(SIGALRM, SIG_DFL);
bb_info_msg("System Maintenance Mode");
USE_SELINUX(renew_current_security_context());
shell = getenv("SUSHELL");
if (!shell)
shell = getenv("sushell");
if (!shell) {
shell = "/bin/sh";
if (pwd->pw_shell[0])
shell = pwd->pw_shell;
}
/* Exec login shell with no additional parameters. Never returns. */
run_shell(shell, 1, NULL, NULL);
auth_error:
bb_error_msg_and_die("no password entry for root");
}
