*
* Copyright (C) 1998-2003 Miquel van Smoorenburg.
* Copyright (C) 2012 Karel Zak <kzak@redhat.com>
+ * Copyright (C) 2012 Werner Fink <werner@suse.de>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
+#include <sys/mman.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/wait.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
# include <selinux/get_context_list.h>
#endif
+#ifdef __linux__
+# include <sys/kd.h>
+# include <sys/param.h>
+#endif
+
#include "c.h"
#include "closestream.h"
+#include "env.h"
#include "nls.h"
#include "pathnames.h"
+#ifdef USE_PLYMOUTH_SUPPORT
+# include "plymouth-ctrl.h"
+#endif
#include "strutils.h"
#include "ttyutils.h"
+#include "sulogin-consoles.h"
+#define CONMAX 16
static unsigned int timeout;
static int profile;
+static volatile uint32_t openfd; /* Remember higher file descriptors */
+
+static struct sigaction saved_sigint;
+static struct sigaction saved_sigtstp;
+static struct sigaction saved_sigquit;
+static struct sigaction saved_sighup;
+static struct sigaction saved_sigchld;
+
+static volatile sig_atomic_t alarm_rised;
+static volatile sig_atomic_t sigchild;
+
+#ifndef IUCLC
+# define IUCLC 0
+#endif
+
+#ifndef WEXITED
+# warning "WEXITED is missing, sulogin may not work as expected"
+# define WEXITED 0
+#endif
+
+static int locked_account_password(const char * const passwd)
+{
+ if (passwd && (*passwd == '*' || *passwd == '!'))
+ return 1;
+ return 0;
+}
+
+/*
+ * Fix the tty modes and set reasonable defaults.
+ */
+static void tcinit(struct console *con)
+{
+ int flags = 0, mode = 0;
+ struct termios *tio = &con->tio;
+ const int fd = con->fd;
+#ifdef USE_PLYMOUTH_SUPPORT
+ struct termios lock;
+ int i = (plymouth_command(MAGIC_PING)) ? PLYMOUTH_TERMIOS_FLAGS_DELAY : 0;
+ if (i)
+ plymouth_command(MAGIC_QUIT);
+ while (i-- > 0) {
+ /*
+ * With plymouth the termios flags become changed after this
+ * function had changed the termios.
+ */
+ memset(&lock, 0, sizeof(struct termios));
+ if (ioctl(fd, TIOCGLCKTRMIOS, &lock) < 0)
+ break;
+ if (!lock.c_iflag && !lock.c_oflag && !lock.c_cflag && !lock.c_lflag)
+ break;
+ sleep(1);
+ }
+ memset(&lock, 0, sizeof(struct termios));
+ ioctl(fd, TIOCSLCKTRMIOS, &lock);
+#endif
+ errno = 0;
+
+ if (tcgetattr(fd, tio) < 0) {
+ warn(_("tcgetattr failed"));
+ con->flags |= CON_NOTTY;
+ return;
+ }
+
+ /* Handle lines other than virtual consoles here */
+#if defined(KDGKBMODE)
+ if (ioctl(fd, KDGKBMODE, &mode) < 0)
+#endif
+ {
+ speed_t ispeed, ospeed;
+ struct winsize ws;
+ errno = 0;
+
+ /* this is a modem line */
+ con->flags |= CON_SERIAL;
+
+ /* Flush input and output queues on modem lines */
+ tcflush(fd, TCIOFLUSH);
+
+ ispeed = cfgetispeed(tio);
+ ospeed = cfgetospeed(tio);
+
+ if (!ispeed) ispeed = TTYDEF_SPEED;
+ if (!ospeed) ospeed = TTYDEF_SPEED;
+
+ tio->c_cflag = CREAD | CS8 | HUPCL | (tio->c_cflag & CLOCAL);
+ tio->c_iflag = 0;
+ tio->c_lflag = 0;
+ tio->c_oflag &= OPOST | ONLCR;
+
+ cfsetispeed(tio, ispeed);
+ cfsetospeed(tio, ospeed);
+
+#ifdef HAVE_STRUCT_TERMIOS_C_LINE
+ tio->c_line = 0;
+#endif
+ tio->c_cc[VTIME] = 0;
+ tio->c_cc[VMIN] = 1;
+
+ if (ioctl(fd, TIOCGWINSZ, &ws) == 0) {
+ int set = 0;
+ if (ws.ws_row == 0) {
+ ws.ws_row = 24;
+ set++;
+ }
+ if (ws.ws_col == 0) {
+ ws.ws_col = 80;
+ set++;
+ }
+ if (set)
+ ignore_result( ioctl(fd, TIOCSWINSZ, &ws) );
+ }
+
+ setlocale(LC_CTYPE, "POSIX");
+ goto setattr;
+ }
+#if defined(IUTF8) && defined(KDGKBMODE)
+ /* Handle mode of current keyboard setup, e.g. for UTF-8 */
+ switch(mode) {
+ case K_UNICODE:
+ setlocale(LC_CTYPE, "C.UTF-8");
+ flags |= UL_TTY_UTF8;
+ break;
+ case K_RAW:
+ case K_MEDIUMRAW:
+ case K_XLATE:
+ default:
+ setlocale(LC_CTYPE, "POSIX");
+ break;
+ }
+#else
+ setlocale(LC_CTYPE, "POSIX");
+#endif
+ reset_virtual_console(tio, flags);
+setattr:
+ if (tcsetattr(fd, TCSANOW, tio))
+ warn(_("tcsetattr failed"));
+
+ /* Enable blocking mode for read and write */
+ if ((flags = fcntl(fd, F_GETFL, 0)) != -1)
+ ignore_result( fcntl(fd, F_SETFL, flags & ~O_NONBLOCK) );
+}
+
+/*
+ * Finalize the tty modes on modem lines.
+ */
+static void tcfinal(struct console *con)
+{
+ struct termios *tio = &con->tio;
+ const int fd = con->fd;
+
+ if ((con->flags & CON_SERIAL) == 0) {
+ xsetenv("TERM", "linux", 1);
+ return;
+ }
+ if (con->flags & CON_NOTTY) {
+ xsetenv("TERM", "dumb", 1);
+ return;
+ }
-struct sigaction saved_sigint;
-struct sigaction saved_sigtstp;
-struct sigaction saved_sigquit;
+#if defined (__s390__) || defined (__s390x__)
+ xsetenv("TERM", "dumb", 1);
+#else
+ xsetenv("TERM", "vt102", 1);
+#endif
+ tio->c_iflag |= (IXON | IXOFF);
+ tio->c_lflag |= (ICANON | ISIG | ECHO|ECHOE|ECHOK|ECHOKE);
+ tio->c_oflag |= OPOST;
+
+ tio->c_cc[VINTR] = CINTR;
+ tio->c_cc[VQUIT] = CQUIT;
+ tio->c_cc[VERASE] = con->cp.erase;
+ tio->c_cc[VKILL] = con->cp.kill;
+ tio->c_cc[VEOF] = CEOF;
+#ifdef VSWTC
+ tio->c_cc[VSWTC] = _POSIX_VDISABLE;
+#elif defined(VSWTCH)
+ tio->c_cc[VSWTCH] = _POSIX_VDISABLE;
+#endif
+ tio->c_cc[VSTART] = CSTART;
+ tio->c_cc[VSTOP] = CSTOP;
+ tio->c_cc[VSUSP] = CSUSP;
+ tio->c_cc[VEOL] = _POSIX_VDISABLE;
+
+ if (con->cp.eol == CR) {
+ tio->c_iflag |= ICRNL;
+ tio->c_iflag &= ~(INLCR|IGNCR);
+ tio->c_oflag |= ONLCR;
+ tio->c_oflag &= ~(OCRNL|ONLRET);
+ }
+
+ switch (con->cp.parity) {
+ default:
+ case 0:
+ tio->c_cflag &= ~(PARODD | PARENB);
+ tio->c_iflag &= ~(INPCK | ISTRIP);
+ break;
+ case 1: /* odd parity */
+ tio->c_cflag |= PARODD;
+ /* fallthrough */
+ case 2: /* even parity */
+ tio->c_cflag |= PARENB;
+ tio->c_iflag |= (INPCK | ISTRIP);
+ /* fallthrough */
+ case (1 | 2): /* no parity bit */
+ tio->c_cflag &= ~CSIZE;
+ tio->c_cflag |= CS7;
+ break;
+ }
+
+ /* Set line attributes */
+ tcsetattr(fd, TCSANOW, tio);
+}
/*
* Called at timeout.
*/
static void alrm_handler(int sig __attribute__((unused)))
{
- return;
+ /* Timeout expired */
+ alarm_rised++;
+}
+
+static void chld_handler(int sig __attribute__((unused)))
+{
+ sigchild++;
}
static void mask_signal(int signal, void (*handler)(int),
sigemptyset(&newaction.sa_mask);
newaction.sa_flags = 0;
- sigaction(signal, NULL, origaction);
- sigaction(signal, &newaction, NULL);
+ sigaction(signal, &newaction, origaction);
}
static void unmask_signal(int signal, struct sigaction *sa)
struct passwd *pw;
struct spwd *spw;
FILE *fp;
- static char line[256];
- static char sline[256];
+ static char line[2 * BUFSIZ];
+ static char sline[2 * BUFSIZ];
char *p;
/*
/*
* Find root in the password file.
*/
- while ((p = fgets(line, 256, fp)) != NULL) {
+ while ((p = fgets(line, sizeof(line), fp)) != NULL) {
if (strncmp(line, "root:", 5) != 0)
continue;
p += 5;
p = line;
break;
}
-
fclose(fp);
/*
/*
* The password is invalid. If there is a shadow password, try it.
*/
- strcpy(pwd.pw_passwd, "");
+ *pwd.pw_passwd = '\0';
if ((fp = fopen(_PATH_SHADOW_PASSWD, "r")) == NULL) {
warn(_("cannot open %s"), _PATH_PASSWD);
return &pwd;
}
- while ((p = fgets(sline, 256, fp)) != NULL) {
+ while ((p = fgets(sline, sizeof(sline), fp)) != NULL) {
if (strncmp(sline, "root:", 5) != 0)
continue;
p += 5;
*/
if (p == NULL) {
warnx(_("%s: no entry for root"), _PATH_SHADOW_PASSWD);
- strcpy(pwd.pw_passwd, "");
+ *pwd.pw_passwd = '\0';
}
- if (!valid(pwd.pw_passwd)) {
+ /* locked account passwords are valid too */
+ if (!locked_account_password(pwd.pw_passwd) && !valid(pwd.pw_passwd)) {
warnx(_("%s: root password garbled"), _PATH_SHADOW_PASSWD);
- strcpy(pwd.pw_passwd, "");
+ *pwd.pw_passwd = '\0';
}
return &pwd;
}
+/*
+ * Ask by prompt for the password.
+ */
+static void doprompt(const char *crypted, struct console *con, int deny)
+{
+ struct termios tty;
+
+ if (con->flags & CON_SERIAL) {
+ tty = con->tio;
+ /*
+ * For prompting: map NL in output to CR-NL
+ * otherwise we may see stairs in the output.
+ */
+ tty.c_oflag |= (ONLCR | OPOST);
+ tcsetattr(con->fd, TCSADRAIN, &tty);
+ }
+ if (!con->file) {
+ con->file = fdopen(con->fd, "r+");
+ if (!con->file)
+ goto err;
+ }
+
+ if (deny)
+ fprintf(con->file, _("\nCannot open access to console, the root account is locked.\n"
+ "See sulogin(8) man page for more details.\n\n"
+ "Press Enter to continue.\n"));
+ else {
+#if defined(USE_ONELINE)
+ if (crypted[0] && !locked_account_password(crypted))
+ fprintf(con->file, _("Give root password for login: "));
+ else
+ fprintf(con->file, _("Press Enter for login: "));
+#else
+ if (crypted[0] && !locked_account_password(crypted))
+ fprintf(con->file, _("Give root password for maintenance\n"));
+ else
+ fprintf(con->file, _("Press Enter for maintenance\n"));
+ fprintf(con->file, _("(or press Control-D to continue): "));
+#endif
+ }
+ fflush(con->file);
+err:
+ if (con->flags & CON_SERIAL)
+ tcsetattr(con->fd, TCSADRAIN, &con->tio);
+}
+
+/*
+ * Make sure to have an own session and controlling terminal
+ */
+static void setup(struct console *con)
+{
+ int fd = con->fd;
+ const pid_t pid = getpid(), pgrp = getpgid(0), ppgrp =
+ getpgid(getppid()), ttypgrp = tcgetpgrp(fd);
+
+ if (con->flags & CON_NOTTY)
+ return;
+
+ /*
+ * Only go through this trouble if the new
+ * tty doesn't fall in this process group.
+ */
+ if (pgrp != ttypgrp && ppgrp != ttypgrp) {
+ if (pid != getsid(0)) {
+ if (pid == getpgid(0))
+ setpgid(0, getpgid(getppid()));
+ setsid();
+ }
+
+ mask_signal(SIGHUP, SIG_IGN, &saved_sighup);
+ if (ttypgrp > 0)
+ ioctl(STDIN_FILENO, TIOCNOTTY, (char *)1);
+ unmask_signal(SIGHUP, &saved_sighup);
+ if (fd > STDIN_FILENO) close(STDIN_FILENO);
+ if (fd > STDOUT_FILENO) close(STDOUT_FILENO);
+ if (fd > STDERR_FILENO) close(STDERR_FILENO);
+
+ ioctl(fd, TIOCSCTTY, (char *)1);
+ tcsetpgrp(fd, ppgrp);
+ }
+ dup2(fd, STDIN_FILENO);
+ dup2(fd, STDOUT_FILENO);
+ dup2(fd, STDERR_FILENO);
+ con->fd = STDIN_FILENO;
+
+ for (fd = STDERR_FILENO+1; fd < 32; fd++) {
+ if (openfd & (1<<fd)) {
+ close(fd);
+ openfd &= ~(1<<fd);
+ }
+ }
+}
+
/*
* Ask for the password. Note that there is no default timeout as we normally
* skip this during boot.
*/
-static char *getpasswd(char *crypted)
+static const char *getpasswd(struct console *con)
{
struct sigaction sa;
- struct termios old, tty;
- static char pass[128];
- char *ret = pass;
- size_t i;
-
- if (crypted[0])
- printf(_("Give root password for maintenance\n"));
- else
- printf(_("Press enter for maintenance"));
- printf(_("(or type Control-D to continue): "));
- fflush(stdout);
+ struct termios tty;
+ static char pass[128], *ptr;
+ struct chardata *cp;
+ const char *ret = pass;
+ unsigned char tc;
+ char c, ascval;
+ int eightbit;
+ const int fd = con->fd;
+
+ if (con->flags & CON_NOTTY)
+ goto out;
+ cp = &con->cp;
+ tty = con->tio;
- tcgetattr(0, &old);
- tcgetattr(0, &tty);
tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY);
- tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP);
- tcsetattr(0, TCSANOW, &tty);
-
- pass[sizeof(pass) - 1] = 0;
+ tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP|ISIG);
+ tc = (tcsetattr(fd, TCSAFLUSH, &tty) == 0);
+ sigemptyset(&sa.sa_mask);
sa.sa_handler = alrm_handler;
sa.sa_flags = 0;
sigaction(SIGALRM, &sa, NULL);
+
if (timeout)
alarm(timeout);
- if (read(0, pass, sizeof(pass) - 1) <= 0)
- ret = NULL;
- else {
- for (i = 0; i < sizeof(pass) && pass[i]; i++)
- if (pass[i] == '\r' || pass[i] == '\n') {
- pass[i] = 0;
+ ptr = &pass[0];
+ cp->eol = *ptr = '\0';
+
+ eightbit = ((con->flags & CON_SERIAL) == 0 || (tty.c_cflag & (PARODD|PARENB)) == 0);
+ while (cp->eol == '\0') {
+ if (read(fd, &c, 1) < 1) {
+ if (errno == EINTR || errno == EAGAIN) {
+ if (alarm_rised) {
+ ret = NULL;
+ goto quit;
+ }
+ xusleep(250000);
+ continue;
+ }
+ ret = NULL;
+ switch (errno) {
+ case 0:
+ case EIO:
+ case ESRCH:
+ case EINVAL:
+ case ENOENT:
+ break;
+ default:
+ warn(_("cannot read %s"), con->tty);
break;
}
+ goto quit;
+ }
+
+ if (eightbit)
+ ascval = c;
+ else if (c != (ascval = (c & 0177))) {
+ uint32_t bits, mask;
+ for (bits = 1, mask = 1; mask & 0177; mask <<= 1) {
+ if (mask & ascval)
+ bits++;
+ }
+ cp->parity |= ((bits & 1) ? 1 : 2);
+ }
+
+ switch (ascval) {
+ case 0:
+ *ptr = '\0';
+ goto quit;
+ case CR:
+ case NL:
+ *ptr = '\0';
+ cp->eol = ascval;
+ break;
+ case BS:
+ case CERASE:
+ cp->erase = ascval;
+ if (ptr > &pass[0])
+ ptr--;
+ break;
+ case CKILL:
+ cp->kill = ascval;
+ while (ptr > &pass[0])
+ ptr--;
+ break;
+ case CEOF:
+ ret = NULL;
+ goto quit;
+ default:
+ if ((size_t)(ptr - &pass[0]) >= (sizeof(pass) -1 )) {
+ fprintf(stderr, "sulogin: input overrun at %s\n\r", con->tty);
+ ret = NULL;
+ goto quit;
+ }
+ *ptr++ = ascval;
+ break;
+ }
}
+quit:
alarm(0);
- tcsetattr(0, TCSANOW, &old);
- printf("\n");
-
+ if (tc)
+ tcsetattr(fd, TCSAFLUSH, &con->tio);
+ tcfinal(con);
+ printf("\r\n");
+out:
return ret;
}
{
char shell[PATH_MAX];
char home[PATH_MAX];
- char *p;
- char *sushell;
+ char const *p;
+ char const *su_shell;
/*
* Set directory and shell.
}
if ((p = getenv("SUSHELL")) != NULL)
- sushell = p;
+ su_shell = p;
else if ((p = getenv("sushell")) != NULL)
- sushell = p;
+ su_shell = p;
else {
if (pwd->pw_shell[0])
- sushell = pwd->pw_shell;
+ su_shell = pwd->pw_shell;
else
- sushell = "/bin/sh";
+ su_shell = "/bin/sh";
}
- if ((p = strrchr(sushell, '/')) == NULL)
- p = sushell;
+ if ((p = strrchr(su_shell, '/')) == NULL)
+ p = su_shell;
else
p++;
/*
* Set some important environment variables.
*/
- if (getcwd(home, sizeof(home)) != NULL)
- setenv("HOME", home, 1);
+ if (getcwd(home, sizeof(home)) == NULL)
+ strcpy(home, "/");
- setenv("LOGNAME", "root", 1);
- setenv("USER", "root", 1);
+ xsetenv("HOME", home, 1);
+ xsetenv("LOGNAME", "root", 1);
+ xsetenv("USER", "root", 1);
if (!profile)
- setenv("SHLVL","0",1);
+ xsetenv("SHLVL","0",1);
/*
* Try to execute a shell.
*/
- setenv("SHELL", sushell, 1);
+ xsetenv("SHELL", su_shell, 1);
unmask_signal(SIGINT, &saved_sigint);
unmask_signal(SIGTSTP, &saved_sigtstp);
unmask_signal(SIGQUIT, &saved_sigquit);
+ mask_signal(SIGHUP, SIG_DFL, NULL);
#ifdef HAVE_LIBSELINUX
if (is_selinux_enabled() > 0) {
free(level);
}
#endif
- execl(sushell, shell, NULL);
- warn(_("%s: exec failed"), sushell);
+ execl(su_shell, shell, NULL);
+ warn(_("failed to execute %s"), su_shell);
- setenv("SHELL", "/bin/sh", 1);
+ xsetenv("SHELL", "/bin/sh", 1);
execl("/bin/sh", profile ? "-sh" : "sh", NULL);
- warn(_("%s: exec failed"), "/bin/sh");
-}
-
-static void fixtty(void)
-{
- struct termios tp;
- int x = 0, fl = 0;
-
- /* Skip serial console */
- if (ioctl(STDIN_FILENO, TIOCMGET, (char *) &x) == 0)
- return;
-
-#if defined(IUTF8) && defined(KDGKBMODE)
- /* Detect mode of current keyboard setup, e.g. for UTF-8 */
- if (ioctl(STDIN_FILENO, KDGKBMODE, &x) == 0 && x == K_UNICODE) {
- setlocale(LC_CTYPE, "C.UTF-8");
- fl |= UL_TTY_UTF8;
- }
-#else
- setlocale(LC_CTYPE, "POSIX");
-#endif
- memset(&tp, 0, sizeof(struct termios));
- if (tcgetattr(STDIN_FILENO, &tp) < 0) {
- warn(_("tcgetattr failed"));
- return;
- }
-
- reset_virtual_console(&tp, fl);
-
- if (tcsetattr(0, TCSADRAIN, &tp))
- warn(_("tcsetattr failed"));
+ warn(_("failed to execute %s"), "/bin/sh");
}
-static void usage(FILE *out)
+static void usage(void)
{
+ FILE *out = stdout;
fputs(USAGE_HEADER, out);
fprintf(out, _(
" %s [options] [tty device]\n"), program_invocation_short_name);
+ fputs(USAGE_SEPARATOR, out);
+ fputs(_("Single-user login.\n"), out);
+
fputs(USAGE_OPTIONS, out);
fputs(_(" -p, --login-shell start a login shell\n"
" -t, --timeout <seconds> max time to wait for a password (default: no limit)\n"
out);
fputs(USAGE_SEPARATOR, out);
- fputs(USAGE_HELP, out);
- fputs(USAGE_VERSION, out);
- fprintf(out, USAGE_MAN_TAIL("sulogin(8)"));
+ printf(USAGE_HELP_OPTIONS(26));
+ printf(USAGE_MAN_TAIL("sulogin(8)"));
}
int main(int argc, char **argv)
{
+ struct list_head *ptr, consoles;
+ struct console *con;
char *tty = NULL;
- char *p;
struct passwd *pwd;
- int c, fd = -1;
+ const struct timespec sigwait = { .tv_sec = 0, .tv_nsec = 50000000 };
+ siginfo_t status = { 0 };
+ sigset_t set;
+ int c, reconnect = 0;
int opt_e = 0;
- pid_t pid, pgrp, ppgrp, ttypgrp;
- struct sigaction saved_sighup;
+ int wait = 0;
+ pid_t pid;
static const struct option longopts[] = {
- { "login-shell", 0, 0, 'p' },
- { "timeout", 1, 0, 't' },
- { "force", 0, 0, 'e' },
- { "help", 0, 0, 'h' },
- { "version", 0, 0, 'V' },
- { NULL, 0, 0, 0 }
+ { "login-shell", no_argument, NULL, 'p' },
+ { "timeout", required_argument, NULL, 't' },
+ { "force", no_argument, NULL, 'e' },
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, 'V' },
+ { NULL, 0, NULL, 0 }
};
+ INIT_LIST_HEAD(&consoles);
+
+ /*
+ * If we are init we need to set up a own session.
+ */
+ if ((pid = getpid()) == 1) {
+ setsid();
+ ignore_result( ioctl(STDIN_FILENO, TIOCSCTTY, (char *) 1) );
+ }
+
setlocale(LC_ALL, "");
bindtextdomain(PACKAGE, LOCALEDIR);
textdomain(PACKAGE);
- atexit(close_stdout);
+ atexit(close_stdout); /* XXX */
/*
* See if we have a timeout flag.
printf(UTIL_LINUX_VERSION);
return EXIT_SUCCESS;
case 'h':
- usage(stdout);
+ usage();
return EXIT_SUCCESS;
default:
- usage(stderr);
- /* Do not exit! */
+ /* Do not exit! getopt prints a warning. */
break;
}
}
if (geteuid() != 0)
- errx(EXIT_FAILURE, _("only root can run this program."));
+ errx(EXIT_FAILURE, _("only superuser can run this program"));
- /*
- * See if we need to open an other tty device.
- */
mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit);
mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp);
mask_signal(SIGINT, SIG_IGN, &saved_sigint);
- if (optind < argc)
- tty = argv[optind];
+ mask_signal(SIGHUP, SIG_IGN, &saved_sighup);
- if (tty || (tty = getenv("CONSOLE"))) {
- if ((fd = open(tty, O_RDWR)) < 0) {
- warn(_("cannot open %s"), tty);
- fd = dup(0);
- }
+ emergency_do_mounts();
+ atexit( emergency_do_umounts );
- if (!isatty(fd)) {
- warn(_("%s: not a tty"), tty);
- close(fd);
- } else {
+ /*
+ * See if we need to open an other tty device.
+ */
+ if (optind < argc)
+ tty = argv[optind];
- /*
- * Only go through this trouble if the new tty doesn't
- * fall in this process group.
- */
- pid = getpid();
- pgrp = getpgid(0);
- ppgrp = getpgid(getppid());
- ttypgrp = tcgetpgrp(fd);
-
- if (pgrp != ttypgrp && ppgrp != ttypgrp) {
- if (pid != getsid(0)) {
- if (pid == getpgid(0))
- setpgid(0, getpgid(getppid()));
- setsid();
- }
+ if (!tty || *tty == '\0')
+ tty = getenv("CONSOLE");
- sigaction(SIGHUP, NULL, &saved_sighup);
- if (ttypgrp > 0)
- ioctl(0, TIOCNOTTY, (char *)1);
- sigaction(SIGHUP, &saved_sighup, NULL);
- close(0);
- close(1);
- close(2);
- if (fd > 2)
- close(fd);
- if ((fd = open(tty, O_RDWR|O_NOCTTY)) < 0)
- warn(_("cannot open %s"), tty);
- else {
- ioctl(0, TIOCSCTTY, (char *)1);
- tcsetpgrp(fd, ppgrp);
- dup2(fd, 0);
- dup2(fd, 1);
- dup2(fd, 2);
- if (fd > 2)
- close(fd);
- }
- } else
- if (fd > 2)
- close(fd);
- }
- } else if (getpid() == 1) {
- /* We are init. We hence need to set a session anyway */
- setsid();
- if (ioctl(0, TIOCSCTTY, (char *)1))
- warn(_("TIOCSCTTY: ioctl failed"));
+ /*
+ * Detect possible consoles, use stdin as fallback.
+ * If an optional tty is given, reconnect it to stdin.
+ */
+ reconnect = detect_consoles(tty, STDIN_FILENO, &consoles);
+
+ /*
+ * If previous stdin was not the specified tty and therefore reconnected
+ * to the specified tty also reconnect stdout and stderr.
+ */
+ if (reconnect) {
+ if (isatty(STDOUT_FILENO) == 0)
+ dup2(STDOUT_FILENO, STDIN_FILENO);
+ if (isatty(STDERR_FILENO) == 0)
+ dup2(STDOUT_FILENO, STDERR_FILENO);
}
- fixtty();
+ /*
+ * Should not happen
+ */
+ if (list_empty(&consoles)) {
+ if (!errno)
+ errno = ENOENT;
+ err(EXIT_FAILURE, _("cannot open console"));
+ }
/*
* Get the root password.
*/
if ((pwd = getrootpwent(opt_e)) == NULL) {
- warnx(_("cannot open password database."));
+ warnx(_("cannot open password database"));
sleep(2);
+ return EXIT_FAILURE;
}
/*
- * Ask for the password.
+ * Ask for the password on the consoles.
*/
- while (pwd) {
- if ((p = getpasswd(pwd->pw_passwd)) == NULL)
+ list_for_each(ptr, &consoles) {
+ con = list_entry(ptr, struct console, entry);
+ if (con->id >= CONMAX)
break;
- if (pwd->pw_passwd[0] == 0 ||
- strcmp(crypt(p, pwd->pw_passwd), pwd->pw_passwd) == 0)
- sushell(pwd);
- mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit);
- mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp);
- mask_signal(SIGINT, SIG_IGN, &saved_sigint);
- fprintf(stderr, _("Login incorrect\n\n"));
+ if (con->fd >= 0) {
+ openfd |= (1 << con->fd);
+ tcinit(con);
+ continue;
+ }
+ if ((con->fd = open(con->tty, O_RDWR | O_NOCTTY | O_NONBLOCK)) < 0)
+ continue;
+ openfd |= (1 << con->fd);
+ tcinit(con);
}
+ ptr = (&consoles)->next;
- /*
- * User pressed Control-D.
- */
+ if (ptr->next == &consoles) {
+ con = list_entry(ptr, struct console, entry);
+ goto nofork;
+ }
+
+
+ mask_signal(SIGCHLD, chld_handler, &saved_sigchld);
+ do {
+ con = list_entry(ptr, struct console, entry);
+ if (con->id >= CONMAX)
+ break;
+
+ switch ((con->pid = fork())) {
+ case 0:
+ mask_signal(SIGCHLD, SIG_DFL, NULL);
+ nofork:
+ setup(con);
+ while (1) {
+ const char *passwd = pwd->pw_passwd;
+ const char *answer;
+ int doshell = 0;
+ int deny = !opt_e && locked_account_password(pwd->pw_passwd);
+
+ doprompt(passwd, con, deny);
+
+ if ((answer = getpasswd(con)) == NULL)
+ break;
+ if (deny)
+ exit(EXIT_FAILURE);
+
+ /* no password or locked account */
+ if (!passwd[0] || locked_account_password(passwd))
+ doshell++;
+ else {
+ const char *cryptbuf;
+ cryptbuf = crypt(answer, passwd);
+ if (cryptbuf == NULL)
+ warn(_("crypt failed"));
+ else if (strcmp(cryptbuf, pwd->pw_passwd) == 0)
+ doshell++;
+ }
+
+ if (doshell) {
+ /* sushell() unmask signals */
+ sushell(pwd);
+
+ mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit);
+ mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp);
+ mask_signal(SIGINT, SIG_IGN, &saved_sigint);
+
+ fprintf(stderr, _("cannot execute su shell\n\n"));
+ break;
+ }
+ fprintf(stderr, _("Login incorrect\n\n"));
+ }
+ if (alarm_rised) {
+ tcfinal(con);
+ warnx(_("Timed out\n\n"));
+ }
+ /*
+ * User pressed Control-D.
+ */
+ exit(0);
+ case -1:
+ warn(_("fork failed"));
+ /* fallthrough */
+ default:
+ break;
+ }
+
+ ptr = ptr->next;
+
+ } while (ptr != &consoles);
+
+ do {
+ int ret;
+
+ status.si_pid = 0;
+ ret = waitid(P_ALL, 0, &status, WEXITED);
+
+ if (ret == 0)
+ break;
+ if (ret < 0) {
+ if (errno == ECHILD)
+ break;
+ if (errno == EINTR)
+ continue;
+ }
+
+ errx(EXIT_FAILURE, _("cannot wait on su shell\n\n"));
+
+ } while (1);
+
+ list_for_each(ptr, &consoles) {
+ con = list_entry(ptr, struct console, entry);
+
+ if (con->fd < 0)
+ continue;
+ if (con->pid < 0)
+ continue;
+ if (con->pid == status.si_pid)
+ con->pid = -1;
+ else {
+ kill(con->pid, SIGTERM);
+ wait++;
+ }
+ }
+
+ sigemptyset(&set);
+ sigaddset(&set, SIGCHLD);
+
+ do {
+ int signum, ret;
+
+ if (!wait)
+ break;
+
+ status.si_pid = 0;
+ ret = waitid(P_ALL, 0, &status, WEXITED|WNOHANG);
+
+ if (ret < 0) {
+ if (errno == ECHILD)
+ break;
+ if (errno == EINTR)
+ continue;
+ }
+
+ if (!ret && status.si_pid > 0) {
+ list_for_each(ptr, &consoles) {
+ con = list_entry(ptr, struct console, entry);
+
+ if (con->fd < 0)
+ continue;
+ if (con->pid < 0)
+ continue;
+ if (con->pid == status.si_pid) {
+ con->pid = -1;
+ wait--;
+ }
+ }
+ continue;
+ }
+
+ signum = sigtimedwait(&set, NULL, &sigwait);
+ if (signum != SIGCHLD && signum < 0 && errno == EAGAIN)
+ break;
+
+ } while (1);
+
+ mask_signal(SIGCHLD, SIG_DFL, NULL);
return EXIT_SUCCESS;
}