]>
Commit | Line | Data |
---|---|---|
7d8a8d2c | 1 | /* |
adfbaecf | 2 | * sulogin |
7d8a8d2c | 3 | * |
adfbaecf KZ |
4 | * This program gives Linux machines a reasonable secure way to boot single |
5 | * user. It forces the user to supply the root password before a shell is | |
6 | * started. If there is a shadow password file and the encrypted root password | |
7 | * is "x" the shadow password will be used. | |
7d8a8d2c DR |
8 | * |
9 | * Copyright (C) 1998-2003 Miquel van Smoorenburg. | |
7c6bc22b | 10 | * Copyright (C) 2012 Karel Zak <kzak@redhat.com> |
729bfb80 | 11 | * Copyright (C) 2012 Werner Fink <werner@suse.de> |
7d8a8d2c DR |
12 | * |
13 | * This program is free software; you can redistribute it and/or modify | |
14 | * it under the terms of the GNU General Public License as published by | |
15 | * the Free Software Foundation; either version 2 of the License, or | |
16 | * (at your option) any later version. | |
17 | * | |
18 | * This program is distributed in the hope that it will be useful, | |
19 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
20 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
21 | * GNU General Public License for more details. | |
22 | * | |
23 | * You should have received a copy of the GNU General Public License | |
24 | * along with this program; if not, write to the Free Software | |
25 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA | |
7d8a8d2c | 26 | */ |
dfbc7c89 | 27 | #include <sys/mman.h> |
7d8a8d2c DR |
28 | #include <sys/types.h> |
29 | #include <sys/stat.h> | |
dfbc7c89 | 30 | #include <sys/wait.h> |
7d8a8d2c DR |
31 | #include <stdio.h> |
32 | #include <string.h> | |
33 | #include <stdlib.h> | |
34 | #include <unistd.h> | |
35 | #include <fcntl.h> | |
36 | #include <signal.h> | |
37 | #include <pwd.h> | |
38 | #include <shadow.h> | |
39 | #include <termios.h> | |
7d8a8d2c | 40 | #include <errno.h> |
8614335f | 41 | #include <getopt.h> |
7d8a8d2c | 42 | #include <sys/ioctl.h> |
5fe090d8 | 43 | #ifdef HAVE_CRYPT_H |
adfbaecf | 44 | # include <crypt.h> |
7d8a8d2c DR |
45 | #endif |
46 | ||
47 | #ifdef HAVE_LIBSELINUX | |
adfbaecf KZ |
48 | # include <selinux/selinux.h> |
49 | # include <selinux/get_context_list.h> | |
7d8a8d2c DR |
50 | #endif |
51 | ||
b9c73909 WF |
52 | #ifdef __linux__ |
53 | # include <sys/kd.h> | |
54 | # include <sys/param.h> | |
55 | #endif | |
56 | ||
9211be30 | 57 | #include "c.h" |
439cdf1e | 58 | #include "closestream.h" |
984a6096 | 59 | #include "env.h" |
9211be30 | 60 | #include "nls.h" |
97e04909 | 61 | #include "pathnames.h" |
1eb16fd7 KZ |
62 | #ifdef USE_PLYMOUTH_SUPPORT |
63 | # include "plymouth-ctrl.h" | |
64 | #endif | |
1d28b828 | 65 | #include "strutils.h" |
59ef660f | 66 | #include "ttyutils.h" |
a73f59fa | 67 | #include "sulogin-consoles.h" |
dfbc7c89 WF |
68 | #define CONMAX 16 |
69 | ||
1d28b828 | 70 | static unsigned int timeout; |
7d8a8d2c | 71 | static int profile; |
dfbc7c89 | 72 | static volatile uint32_t openfd; /* Remember higher file descriptors */ |
7d8a8d2c | 73 | |
2ba641e5 SK |
74 | static struct sigaction saved_sigint; |
75 | static struct sigaction saved_sigtstp; | |
76 | static struct sigaction saved_sigquit; | |
77 | static struct sigaction saved_sighup; | |
78 | static struct sigaction saved_sigchld; | |
7d8a8d2c | 79 | |
729bfb80 | 80 | static volatile sig_atomic_t alarm_rised; |
dfbc7c89 WF |
81 | static volatile sig_atomic_t sigchild; |
82 | ||
83 | #ifndef IUCLC | |
84 | # define IUCLC 0 | |
85 | #endif | |
86 | ||
36f12008 RM |
87 | #ifndef WEXITED |
88 | # warning "WEXITED is missing, sulogin may not work as expected" | |
89 | # define WEXITED 0 | |
90 | #endif | |
91 | ||
71f207a5 | 92 | static int locked_account_password(const char * const passwd) |
7ff1162e KZ |
93 | { |
94 | if (passwd && (*passwd == '*' || *passwd == '!')) | |
95 | return 1; | |
96 | return 0; | |
97 | } | |
98 | ||
dfbc7c89 WF |
99 | /* |
100 | * Fix the tty modes and set reasonable defaults. | |
101 | */ | |
102 | static void tcinit(struct console *con) | |
103 | { | |
71f207a5 | 104 | int flags = 0, mode = 0; |
dfbc7c89 | 105 | struct termios *tio = &con->tio; |
626aa651 | 106 | const int fd = con->fd; |
1eb16fd7 KZ |
107 | #ifdef USE_PLYMOUTH_SUPPORT |
108 | struct termios lock; | |
fe3f7e17 WF |
109 | int i = (plymouth_command(MAGIC_PING)) ? PLYMOUTH_TERMIOS_FLAGS_DELAY : 0; |
110 | if (i) | |
111 | plymouth_command(MAGIC_QUIT); | |
bb280f79 WF |
112 | while (i-- > 0) { |
113 | /* | |
114 | * With plymouth the termios flags become changed after this | |
115 | * function had changed the termios. | |
116 | */ | |
117 | memset(&lock, 0, sizeof(struct termios)); | |
118 | if (ioctl(fd, TIOCGLCKTRMIOS, &lock) < 0) | |
119 | break; | |
120 | if (!lock.c_iflag && !lock.c_oflag && !lock.c_cflag && !lock.c_lflag) | |
121 | break; | |
bb280f79 WF |
122 | sleep(1); |
123 | } | |
124 | memset(&lock, 0, sizeof(struct termios)); | |
125 | ioctl(fd, TIOCSLCKTRMIOS, &lock); | |
88e0f3df | 126 | #endif |
dfbc7c89 WF |
127 | errno = 0; |
128 | ||
129 | if (tcgetattr(fd, tio) < 0) { | |
130 | warn(_("tcgetattr failed")); | |
131 | con->flags |= CON_NOTTY; | |
132 | return; | |
133 | } | |
134 | ||
b9c73909 WF |
135 | /* Handle lines other than virtual consoles here */ |
136 | #if defined(KDGKBMODE) | |
137 | if (ioctl(fd, KDGKBMODE, &mode) < 0) | |
138 | #endif | |
139 | { | |
dfbc7c89 WF |
140 | speed_t ispeed, ospeed; |
141 | struct winsize ws; | |
b9c73909 | 142 | errno = 0; |
dfbc7c89 WF |
143 | |
144 | /* this is a modem line */ | |
145 | con->flags |= CON_SERIAL; | |
146 | ||
147 | /* Flush input and output queues on modem lines */ | |
cba09b5f | 148 | tcflush(fd, TCIOFLUSH); |
dfbc7c89 WF |
149 | |
150 | ispeed = cfgetispeed(tio); | |
151 | ospeed = cfgetospeed(tio); | |
152 | ||
153 | if (!ispeed) ispeed = TTYDEF_SPEED; | |
154 | if (!ospeed) ospeed = TTYDEF_SPEED; | |
155 | ||
dfbc7c89 | 156 | tio->c_cflag = CREAD | CS8 | HUPCL | (tio->c_cflag & CLOCAL); |
84ece698 KZ |
157 | tio->c_iflag = 0; |
158 | tio->c_lflag = 0; | |
159 | tio->c_oflag &= OPOST | ONLCR; | |
dfbc7c89 WF |
160 | |
161 | cfsetispeed(tio, ispeed); | |
162 | cfsetospeed(tio, ospeed); | |
163 | ||
e4544ec1 | 164 | #ifdef HAVE_STRUCT_TERMIOS_C_LINE |
dfbc7c89 | 165 | tio->c_line = 0; |
e4544ec1 | 166 | #endif |
dfbc7c89 WF |
167 | tio->c_cc[VTIME] = 0; |
168 | tio->c_cc[VMIN] = 1; | |
169 | ||
170 | if (ioctl(fd, TIOCGWINSZ, &ws) == 0) { | |
ff09a512 SK |
171 | int update = 0; |
172 | ||
dfbc7c89 WF |
173 | if (ws.ws_row == 0) { |
174 | ws.ws_row = 24; | |
ff09a512 | 175 | update++; |
dfbc7c89 WF |
176 | } |
177 | if (ws.ws_col == 0) { | |
178 | ws.ws_col = 80; | |
ff09a512 | 179 | update++; |
dfbc7c89 | 180 | } |
ff09a512 | 181 | if (update) |
cba09b5f | 182 | ignore_result( ioctl(fd, TIOCSWINSZ, &ws) ); |
dfbc7c89 WF |
183 | } |
184 | ||
185 | setlocale(LC_CTYPE, "POSIX"); | |
186 | goto setattr; | |
187 | } | |
188 | #if defined(IUTF8) && defined(KDGKBMODE) | |
b9c73909 | 189 | /* Handle mode of current keyboard setup, e.g. for UTF-8 */ |
dfbc7c89 WF |
190 | switch(mode) { |
191 | case K_UNICODE: | |
192 | setlocale(LC_CTYPE, "C.UTF-8"); | |
193 | flags |= UL_TTY_UTF8; | |
194 | break; | |
195 | case K_RAW: | |
196 | case K_MEDIUMRAW: | |
197 | case K_XLATE: | |
198 | default: | |
199 | setlocale(LC_CTYPE, "POSIX"); | |
200 | break; | |
201 | } | |
202 | #else | |
203 | setlocale(LC_CTYPE, "POSIX"); | |
204 | #endif | |
205 | reset_virtual_console(tio, flags); | |
206 | setattr: | |
207 | if (tcsetattr(fd, TCSANOW, tio)) | |
208 | warn(_("tcsetattr failed")); | |
209 | ||
210 | /* Enable blocking mode for read and write */ | |
211 | if ((flags = fcntl(fd, F_GETFL, 0)) != -1) | |
cba09b5f | 212 | ignore_result( fcntl(fd, F_SETFL, flags & ~O_NONBLOCK) ); |
dfbc7c89 WF |
213 | } |
214 | ||
215 | /* | |
216 | * Finalize the tty modes on modem lines. | |
217 | */ | |
218 | static void tcfinal(struct console *con) | |
219 | { | |
71f207a5 SK |
220 | struct termios *tio = &con->tio; |
221 | const int fd = con->fd; | |
dfbc7c89 WF |
222 | |
223 | if ((con->flags & CON_SERIAL) == 0) { | |
984a6096 | 224 | xsetenv("TERM", "linux", 1); |
dfbc7c89 WF |
225 | return; |
226 | } | |
f2bcda51 | 227 | if (con->flags & CON_NOTTY) { |
984a6096 | 228 | xsetenv("TERM", "dumb", 1); |
dfbc7c89 | 229 | return; |
f2bcda51 | 230 | } |
dfbc7c89 | 231 | |
f2bcda51 | 232 | #if defined (__s390__) || defined (__s390x__) |
984a6096 | 233 | xsetenv("TERM", "dumb", 1); |
f2bcda51 | 234 | #else |
984a6096 | 235 | xsetenv("TERM", "vt102", 1); |
f2bcda51 | 236 | #endif |
dfbc7c89 WF |
237 | tio->c_iflag |= (IXON | IXOFF); |
238 | tio->c_lflag |= (ICANON | ISIG | ECHO|ECHOE|ECHOK|ECHOKE); | |
239 | tio->c_oflag |= OPOST; | |
240 | ||
241 | tio->c_cc[VINTR] = CINTR; | |
242 | tio->c_cc[VQUIT] = CQUIT; | |
243 | tio->c_cc[VERASE] = con->cp.erase; | |
244 | tio->c_cc[VKILL] = con->cp.kill; | |
245 | tio->c_cc[VEOF] = CEOF; | |
246 | #ifdef VSWTC | |
247 | tio->c_cc[VSWTC] = _POSIX_VDISABLE; | |
e4544ec1 | 248 | #elif defined(VSWTCH) |
dfbc7c89 WF |
249 | tio->c_cc[VSWTCH] = _POSIX_VDISABLE; |
250 | #endif | |
251 | tio->c_cc[VSTART] = CSTART; | |
252 | tio->c_cc[VSTOP] = CSTOP; | |
253 | tio->c_cc[VSUSP] = CSUSP; | |
254 | tio->c_cc[VEOL] = _POSIX_VDISABLE; | |
255 | ||
256 | if (con->cp.eol == CR) { | |
257 | tio->c_iflag |= ICRNL; | |
258 | tio->c_iflag &= ~(INLCR|IGNCR); | |
259 | tio->c_oflag |= ONLCR; | |
260 | tio->c_oflag &= ~(OCRNL|ONLRET); | |
261 | } | |
262 | ||
263 | switch (con->cp.parity) { | |
264 | default: | |
265 | case 0: | |
266 | tio->c_cflag &= ~(PARODD | PARENB); | |
267 | tio->c_iflag &= ~(INPCK | ISTRIP); | |
268 | break; | |
269 | case 1: /* odd parity */ | |
270 | tio->c_cflag |= PARODD; | |
b1557fe9 | 271 | /* fallthrough */ |
dfbc7c89 WF |
272 | case 2: /* even parity */ |
273 | tio->c_cflag |= PARENB; | |
274 | tio->c_iflag |= (INPCK | ISTRIP); | |
b1557fe9 | 275 | /* fallthrough */ |
dfbc7c89 WF |
276 | case (1 | 2): /* no parity bit */ |
277 | tio->c_cflag &= ~CSIZE; | |
278 | tio->c_cflag |= CS7; | |
279 | break; | |
280 | } | |
281 | ||
282 | /* Set line attributes */ | |
cba09b5f | 283 | tcsetattr(fd, TCSANOW, tio); |
dfbc7c89 | 284 | } |
729bfb80 | 285 | |
7d8a8d2c | 286 | /* |
adfbaecf | 287 | * Called at timeout. |
7d8a8d2c | 288 | */ |
97795a73 | 289 | static void alrm_handler(int sig __attribute__((unused))) |
7d8a8d2c | 290 | { |
729bfb80 WF |
291 | /* Timeout expired */ |
292 | alarm_rised++; | |
97795a73 DR |
293 | } |
294 | ||
dfbc7c89 WF |
295 | static void chld_handler(int sig __attribute__((unused))) |
296 | { | |
297 | sigchild++; | |
298 | } | |
299 | ||
97795a73 DR |
300 | static void mask_signal(int signal, void (*handler)(int), |
301 | struct sigaction *origaction) | |
302 | { | |
303 | struct sigaction newaction; | |
304 | ||
305 | newaction.sa_handler = handler; | |
306 | sigemptyset(&newaction.sa_mask); | |
307 | newaction.sa_flags = 0; | |
308 | ||
dfbc7c89 | 309 | sigaction(signal, &newaction, origaction); |
97795a73 DR |
310 | } |
311 | ||
312 | static void unmask_signal(int signal, struct sigaction *sa) | |
313 | { | |
314 | sigaction(signal, sa, NULL); | |
7d8a8d2c DR |
315 | } |
316 | ||
317 | /* | |
adfbaecf KZ |
318 | * See if an encrypted password is valid. The encrypted password is checked for |
319 | * traditional-style DES and FreeBSD-style MD5 encryption. | |
7d8a8d2c | 320 | */ |
60706626 | 321 | static int valid(const char *pass) |
7d8a8d2c DR |
322 | { |
323 | const char *s; | |
324 | char id[5]; | |
325 | size_t len; | |
326 | off_t off; | |
327 | ||
60706626 DR |
328 | if (pass[0] == 0) |
329 | return 1; | |
60706626 DR |
330 | if (pass[0] != '$') |
331 | goto check_des; | |
7d8a8d2c DR |
332 | |
333 | /* | |
adfbaecf | 334 | * up to 4 bytes for the signature e.g. $1$ |
7d8a8d2c | 335 | */ |
60706626 DR |
336 | for (s = pass+1; *s && *s != '$'; s++); |
337 | ||
338 | if (*s++ != '$') | |
339 | return 0; | |
340 | ||
341 | if ((off = (off_t)(s-pass)) > 4 || off < 3) | |
342 | return 0; | |
7d8a8d2c DR |
343 | |
344 | memset(id, '\0', sizeof(id)); | |
345 | strncpy(id, pass, off); | |
346 | ||
347 | /* | |
adfbaecf | 348 | * up to 16 bytes for the salt |
7d8a8d2c | 349 | */ |
60706626 DR |
350 | for (; *s && *s != '$'; s++); |
351 | ||
352 | if (*s++ != '$') | |
353 | return 0; | |
354 | ||
355 | if ((off_t)(s-pass) > 16) | |
356 | return 0; | |
357 | ||
7d8a8d2c DR |
358 | len = strlen(s); |
359 | ||
360 | /* | |
adfbaecf | 361 | * the MD5 hash (128 bits or 16 bytes) encoded in base64 = 22 bytes |
7d8a8d2c | 362 | */ |
60706626 DR |
363 | if ((strcmp(id, "$1$") == 0) && (len < 22 || len > 24)) |
364 | return 0; | |
7d8a8d2c DR |
365 | |
366 | /* | |
adfbaecf | 367 | * the SHA-256 hash 43 bytes |
7d8a8d2c | 368 | */ |
60706626 DR |
369 | if ((strcmp(id, "$5$") == 0) && (len < 42 || len > 44)) |
370 | return 0; | |
7d8a8d2c DR |
371 | |
372 | /* | |
adfbaecf | 373 | * the SHA-512 hash 86 bytes |
7d8a8d2c | 374 | */ |
60706626 DR |
375 | if ((strcmp(id, "$6$") == 0) && (len < 85 || len > 87)) |
376 | return 0; | |
7d8a8d2c DR |
377 | |
378 | /* | |
adfbaecf | 379 | * e.g. Blowfish hash |
7d8a8d2c DR |
380 | */ |
381 | return 1; | |
382 | check_des: | |
60706626 DR |
383 | if (strlen(pass) != 13) |
384 | return 0; | |
385 | ||
7d8a8d2c DR |
386 | for (s = pass; *s; s++) { |
387 | if ((*s < '0' || *s > '9') && | |
388 | (*s < 'a' || *s > 'z') && | |
389 | (*s < 'A' || *s > 'Z') && | |
60706626 DR |
390 | *s != '.' && *s != '/') |
391 | return 0; | |
7d8a8d2c | 392 | } |
7d8a8d2c DR |
393 | return 1; |
394 | } | |
395 | ||
396 | /* | |
adfbaecf | 397 | * Set a variable if the value is not NULL. |
7d8a8d2c | 398 | */ |
24ff2f57 | 399 | static inline void set(char **var, char *val) |
7d8a8d2c | 400 | { |
60706626 DR |
401 | if (val) |
402 | *var = val; | |
7d8a8d2c DR |
403 | } |
404 | ||
405 | /* | |
adfbaecf | 406 | * Get the root password entry. |
7d8a8d2c | 407 | */ |
60706626 | 408 | static struct passwd *getrootpwent(int try_manually) |
7d8a8d2c DR |
409 | { |
410 | static struct passwd pwd; | |
411 | struct passwd *pw; | |
412 | struct spwd *spw; | |
413 | FILE *fp; | |
d681e095 KZ |
414 | static char line[2 * BUFSIZ]; |
415 | static char sline[2 * BUFSIZ]; | |
7d8a8d2c DR |
416 | char *p; |
417 | ||
418 | /* | |
adfbaecf KZ |
419 | * First, we try to get the password the standard way using normal |
420 | * library calls. | |
7d8a8d2c DR |
421 | */ |
422 | if ((pw = getpwnam("root")) && | |
423 | !strcmp(pw->pw_passwd, "x") && | |
424 | (spw = getspnam("root"))) | |
425 | pw->pw_passwd = spw->sp_pwdp; | |
adfbaecf | 426 | |
60706626 DR |
427 | if (pw || !try_manually) |
428 | return pw; | |
7d8a8d2c DR |
429 | |
430 | /* | |
adfbaecf KZ |
431 | * If we come here, we could not retrieve the root password through |
432 | * library calls and we try to read the password and shadow files | |
433 | * manually. | |
7d8a8d2c DR |
434 | */ |
435 | pwd.pw_name = "root"; | |
436 | pwd.pw_passwd = ""; | |
437 | pwd.pw_gecos = "Super User"; | |
438 | pwd.pw_dir = "/"; | |
439 | pwd.pw_shell = ""; | |
440 | pwd.pw_uid = 0; | |
441 | pwd.pw_gid = 0; | |
442 | ||
97e04909 | 443 | if ((fp = fopen(_PATH_PASSWD, "r")) == NULL) { |
289dcc90 | 444 | warn(_("cannot open %s"), _PATH_PASSWD); |
7d8a8d2c DR |
445 | return &pwd; |
446 | } | |
447 | ||
448 | /* | |
adfbaecf | 449 | * Find root in the password file. |
7d8a8d2c | 450 | */ |
d681e095 | 451 | while ((p = fgets(line, sizeof(line), fp)) != NULL) { |
7d8a8d2c DR |
452 | if (strncmp(line, "root:", 5) != 0) |
453 | continue; | |
454 | p += 5; | |
455 | set(&pwd.pw_passwd, strsep(&p, ":")); | |
60706626 DR |
456 | strsep(&p, ":"); |
457 | strsep(&p, ":"); | |
7d8a8d2c DR |
458 | set(&pwd.pw_gecos, strsep(&p, ":")); |
459 | set(&pwd.pw_dir, strsep(&p, ":")); | |
460 | set(&pwd.pw_shell, strsep(&p, "\n")); | |
461 | p = line; | |
462 | break; | |
463 | } | |
464 | fclose(fp); | |
465 | ||
466 | /* | |
adfbaecf | 467 | * If the encrypted password is valid or not found, return. |
7d8a8d2c DR |
468 | */ |
469 | if (p == NULL) { | |
b6506dc9 | 470 | warnx(_("%s: no entry for root\n"), _PATH_PASSWD); |
7d8a8d2c DR |
471 | return &pwd; |
472 | } | |
60706626 DR |
473 | if (valid(pwd.pw_passwd)) |
474 | return &pwd; | |
7d8a8d2c DR |
475 | |
476 | /* | |
adfbaecf | 477 | * The password is invalid. If there is a shadow password, try it. |
7d8a8d2c | 478 | */ |
d681e095 | 479 | *pwd.pw_passwd = '\0'; |
97e04909 | 480 | if ((fp = fopen(_PATH_SHADOW_PASSWD, "r")) == NULL) { |
289dcc90 | 481 | warn(_("cannot open %s"), _PATH_PASSWD); |
7d8a8d2c DR |
482 | return &pwd; |
483 | } | |
d681e095 | 484 | while ((p = fgets(sline, sizeof(sline), fp)) != NULL) { |
7d8a8d2c DR |
485 | if (strncmp(sline, "root:", 5) != 0) |
486 | continue; | |
487 | p += 5; | |
488 | set(&pwd.pw_passwd, strsep(&p, ":")); | |
489 | break; | |
490 | } | |
491 | fclose(fp); | |
492 | ||
493 | /* | |
adfbaecf | 494 | * If the password is still invalid, NULL it, and return. |
7d8a8d2c DR |
495 | */ |
496 | if (p == NULL) { | |
d45e5dff | 497 | warnx(_("%s: no entry for root"), _PATH_SHADOW_PASSWD); |
d681e095 | 498 | *pwd.pw_passwd = '\0'; |
7d8a8d2c | 499 | } |
9e930041 | 500 | /* locked account passwords are valid too */ |
7ff1162e | 501 | if (!locked_account_password(pwd.pw_passwd) && !valid(pwd.pw_passwd)) { |
d45e5dff | 502 | warnx(_("%s: root password garbled"), _PATH_SHADOW_PASSWD); |
d681e095 | 503 | *pwd.pw_passwd = '\0'; |
60706626 | 504 | } |
7d8a8d2c DR |
505 | return &pwd; |
506 | } | |
507 | ||
dfbc7c89 WF |
508 | /* |
509 | * Ask by prompt for the password. | |
510 | */ | |
7ff1162e | 511 | static void doprompt(const char *crypted, struct console *con, int deny) |
dfbc7c89 WF |
512 | { |
513 | struct termios tty; | |
514 | ||
515 | if (con->flags & CON_SERIAL) { | |
516 | tty = con->tio; | |
517 | /* | |
518 | * For prompting: map NL in output to CR-NL | |
519 | * otherwise we may see stairs in the output. | |
520 | */ | |
521 | tty.c_oflag |= (ONLCR | OPOST); | |
cba09b5f | 522 | tcsetattr(con->fd, TCSADRAIN, &tty); |
dfbc7c89 | 523 | } |
f9915d6d KZ |
524 | if (!con->file) { |
525 | con->file = fdopen(con->fd, "r+"); | |
526 | if (!con->file) | |
dfbc7c89 WF |
527 | goto err; |
528 | } | |
7ff1162e KZ |
529 | |
530 | if (deny) | |
531 | fprintf(con->file, _("\nCannot open access to console, the root account is locked.\n" | |
532 | "See sulogin(8) man page for more details.\n\n" | |
533 | "Press Enter to continue.\n")); | |
534 | else { | |
dfbc7c89 | 535 | #if defined(USE_ONELINE) |
7ff1162e KZ |
536 | if (crypted[0] && !locked_account_password(crypted)) |
537 | fprintf(con->file, _("Give root password for login: ")); | |
538 | else | |
539 | fprintf(con->file, _("Press Enter for login: ")); | |
dfbc7c89 | 540 | #else |
7ff1162e KZ |
541 | if (crypted[0] && !locked_account_password(crypted)) |
542 | fprintf(con->file, _("Give root password for maintenance\n")); | |
543 | else | |
544 | fprintf(con->file, _("Press Enter for maintenance\n")); | |
545 | fprintf(con->file, _("(or press Control-D to continue): ")); | |
dfbc7c89 | 546 | #endif |
7ff1162e | 547 | } |
dfbc7c89 WF |
548 | fflush(con->file); |
549 | err: | |
550 | if (con->flags & CON_SERIAL) | |
cba09b5f | 551 | tcsetattr(con->fd, TCSADRAIN, &con->tio); |
dfbc7c89 WF |
552 | } |
553 | ||
554 | /* | |
555 | * Make sure to have an own session and controlling terminal | |
556 | */ | |
557 | static void setup(struct console *con) | |
558 | { | |
71f207a5 SK |
559 | int fd = con->fd; |
560 | const pid_t pid = getpid(), pgrp = getpgid(0), ppgrp = | |
561 | getpgid(getppid()), ttypgrp = tcgetpgrp(fd); | |
dfbc7c89 WF |
562 | |
563 | if (con->flags & CON_NOTTY) | |
564 | return; | |
dfbc7c89 WF |
565 | |
566 | /* | |
567 | * Only go through this trouble if the new | |
568 | * tty doesn't fall in this process group. | |
569 | */ | |
dfbc7c89 WF |
570 | if (pgrp != ttypgrp && ppgrp != ttypgrp) { |
571 | if (pid != getsid(0)) { | |
572 | if (pid == getpgid(0)) | |
573 | setpgid(0, getpgid(getppid())); | |
574 | setsid(); | |
575 | } | |
576 | ||
577 | mask_signal(SIGHUP, SIG_IGN, &saved_sighup); | |
578 | if (ttypgrp > 0) | |
579 | ioctl(STDIN_FILENO, TIOCNOTTY, (char *)1); | |
580 | unmask_signal(SIGHUP, &saved_sighup); | |
581 | if (fd > STDIN_FILENO) close(STDIN_FILENO); | |
582 | if (fd > STDOUT_FILENO) close(STDOUT_FILENO); | |
583 | if (fd > STDERR_FILENO) close(STDERR_FILENO); | |
584 | ||
585 | ioctl(fd, TIOCSCTTY, (char *)1); | |
586 | tcsetpgrp(fd, ppgrp); | |
587 | } | |
588 | dup2(fd, STDIN_FILENO); | |
589 | dup2(fd, STDOUT_FILENO); | |
590 | dup2(fd, STDERR_FILENO); | |
591 | con->fd = STDIN_FILENO; | |
592 | ||
593 | for (fd = STDERR_FILENO+1; fd < 32; fd++) { | |
594 | if (openfd & (1<<fd)) { | |
595 | close(fd); | |
596 | openfd &= ~(1<<fd); | |
597 | } | |
598 | } | |
599 | } | |
600 | ||
7d8a8d2c | 601 | /* |
adfbaecf KZ |
602 | * Ask for the password. Note that there is no default timeout as we normally |
603 | * skip this during boot. | |
7d8a8d2c | 604 | */ |
71f207a5 | 605 | static const char *getpasswd(struct console *con) |
7d8a8d2c DR |
606 | { |
607 | struct sigaction sa; | |
dfbc7c89 WF |
608 | struct termios tty; |
609 | static char pass[128], *ptr; | |
610 | struct chardata *cp; | |
71f207a5 | 611 | const char *ret = pass; |
dfbc7c89 WF |
612 | unsigned char tc; |
613 | char c, ascval; | |
614 | int eightbit; | |
71f207a5 | 615 | const int fd = con->fd; |
5ec4a799 | 616 | |
dfbc7c89 WF |
617 | if (con->flags & CON_NOTTY) |
618 | goto out; | |
dfbc7c89 WF |
619 | cp = &con->cp; |
620 | tty = con->tio; | |
7d8a8d2c | 621 | |
7d8a8d2c | 622 | tty.c_iflag &= ~(IUCLC|IXON|IXOFF|IXANY); |
dfbc7c89 WF |
623 | tty.c_lflag &= ~(ECHO|ECHOE|ECHOK|ECHONL|TOSTOP|ISIG); |
624 | tc = (tcsetattr(fd, TCSAFLUSH, &tty) == 0); | |
7d8a8d2c | 625 | |
fa936c9f | 626 | sigemptyset(&sa.sa_mask); |
7d8a8d2c DR |
627 | sa.sa_handler = alrm_handler; |
628 | sa.sa_flags = 0; | |
629 | sigaction(SIGALRM, &sa, NULL); | |
cba09b5f KZ |
630 | |
631 | if (timeout) | |
632 | alarm(timeout); | |
7d8a8d2c | 633 | |
dfbc7c89 WF |
634 | ptr = &pass[0]; |
635 | cp->eol = *ptr = '\0'; | |
636 | ||
637 | eightbit = ((con->flags & CON_SERIAL) == 0 || (tty.c_cflag & (PARODD|PARENB)) == 0); | |
638 | while (cp->eol == '\0') { | |
639 | if (read(fd, &c, 1) < 1) { | |
640 | if (errno == EINTR || errno == EAGAIN) { | |
1c4b2d43 AH |
641 | if (alarm_rised) { |
642 | ret = NULL; | |
643 | goto quit; | |
644 | } | |
a5bd7939 | 645 | xusleep(250000); |
dfbc7c89 WF |
646 | continue; |
647 | } | |
f9915d6d | 648 | ret = NULL; |
dfbc7c89 WF |
649 | switch (errno) { |
650 | case 0: | |
651 | case EIO: | |
652 | case ESRCH: | |
653 | case EINVAL: | |
654 | case ENOENT: | |
7d8a8d2c | 655 | break; |
dfbc7c89 | 656 | default: |
47481cbd | 657 | warn(_("cannot read %s"), con->tty); |
dfbc7c89 WF |
658 | break; |
659 | } | |
660 | goto quit; | |
661 | } | |
662 | ||
663 | if (eightbit) | |
664 | ascval = c; | |
665 | else if (c != (ascval = (c & 0177))) { | |
666 | uint32_t bits, mask; | |
667 | for (bits = 1, mask = 1; mask & 0177; mask <<= 1) { | |
668 | if (mask & ascval) | |
669 | bits++; | |
670 | } | |
671 | cp->parity |= ((bits & 1) ? 1 : 2); | |
672 | } | |
673 | ||
674 | switch (ascval) { | |
675 | case 0: | |
676 | *ptr = '\0'; | |
677 | goto quit; | |
678 | case CR: | |
679 | case NL: | |
680 | *ptr = '\0'; | |
681 | cp->eol = ascval; | |
682 | break; | |
683 | case BS: | |
684 | case CERASE: | |
685 | cp->erase = ascval; | |
686 | if (ptr > &pass[0]) | |
687 | ptr--; | |
688 | break; | |
689 | case CKILL: | |
690 | cp->kill = ascval; | |
691 | while (ptr > &pass[0]) | |
692 | ptr--; | |
693 | break; | |
694 | case CEOF: | |
60dea9d1 | 695 | ret = NULL; |
dfbc7c89 WF |
696 | goto quit; |
697 | default: | |
698 | if ((size_t)(ptr - &pass[0]) >= (sizeof(pass) -1 )) { | |
699 | fprintf(stderr, "sulogin: input overrun at %s\n\r", con->tty); | |
f9915d6d | 700 | ret = NULL; |
dfbc7c89 | 701 | goto quit; |
7d8a8d2c | 702 | } |
dfbc7c89 WF |
703 | *ptr++ = ascval; |
704 | break; | |
705 | } | |
7d8a8d2c | 706 | } |
dfbc7c89 | 707 | quit: |
7d8a8d2c | 708 | alarm(0); |
dfbc7c89 | 709 | if (tc) |
cba09b5f | 710 | tcsetattr(fd, TCSAFLUSH, &con->tio); |
6988998b | 711 | tcfinal(con); |
dfbc7c89 WF |
712 | printf("\r\n"); |
713 | out: | |
7d8a8d2c DR |
714 | return ret; |
715 | } | |
716 | ||
717 | /* | |
adfbaecf | 718 | * Password was OK, execute a shell. |
7d8a8d2c | 719 | */ |
60706626 | 720 | static void sushell(struct passwd *pwd) |
7d8a8d2c | 721 | { |
adf97f07 KZ |
722 | char shell[PATH_MAX]; |
723 | char home[PATH_MAX]; | |
71f207a5 SK |
724 | char const *p; |
725 | char const *su_shell; | |
7d8a8d2c DR |
726 | |
727 | /* | |
adfbaecf | 728 | * Set directory and shell. |
7d8a8d2c | 729 | */ |
adf97f07 KZ |
730 | if (chdir(pwd->pw_dir) != 0) { |
731 | warn(_("%s: change directory failed"), pwd->pw_dir); | |
732 | printf(_("Logging in with home = \"/\".\n")); | |
733 | ||
734 | if (chdir("/") != 0) | |
735 | warn(_("change directory to system root failed")); | |
736 | } | |
737 | ||
7d8a8d2c | 738 | if ((p = getenv("SUSHELL")) != NULL) |
9f94bdce | 739 | su_shell = p; |
7d8a8d2c | 740 | else if ((p = getenv("sushell")) != NULL) |
9f94bdce | 741 | su_shell = p; |
7d8a8d2c DR |
742 | else { |
743 | if (pwd->pw_shell[0]) | |
9f94bdce | 744 | su_shell = pwd->pw_shell; |
7d8a8d2c | 745 | else |
9f94bdce | 746 | su_shell = "/bin/sh"; |
7d8a8d2c | 747 | } |
9f94bdce SK |
748 | if ((p = strrchr(su_shell, '/')) == NULL) |
749 | p = su_shell; | |
7d8a8d2c DR |
750 | else |
751 | p++; | |
adfbaecf | 752 | |
7d8a8d2c DR |
753 | snprintf(shell, sizeof(shell), profile ? "-%s" : "%s", p); |
754 | ||
755 | /* | |
adfbaecf | 756 | * Set some important environment variables. |
7d8a8d2c | 757 | */ |
dfbc7c89 WF |
758 | if (getcwd(home, sizeof(home)) == NULL) |
759 | strcpy(home, "/"); | |
adf97f07 | 760 | |
984a6096 SK |
761 | xsetenv("HOME", home, 1); |
762 | xsetenv("LOGNAME", "root", 1); | |
763 | xsetenv("USER", "root", 1); | |
7d8a8d2c | 764 | if (!profile) |
984a6096 | 765 | xsetenv("SHLVL","0",1); |
7d8a8d2c DR |
766 | |
767 | /* | |
adfbaecf | 768 | * Try to execute a shell. |
7d8a8d2c | 769 | */ |
984a6096 | 770 | xsetenv("SHELL", su_shell, 1); |
97795a73 DR |
771 | unmask_signal(SIGINT, &saved_sigint); |
772 | unmask_signal(SIGTSTP, &saved_sigtstp); | |
773 | unmask_signal(SIGQUIT, &saved_sigquit); | |
dfbc7c89 | 774 | mask_signal(SIGHUP, SIG_DFL, NULL); |
c3e706a9 KZ |
775 | |
776 | #ifdef HAVE_LIBSELINUX | |
7d8a8d2c | 777 | if (is_selinux_enabled() > 0) { |
60706626 DR |
778 | security_context_t scon=NULL; |
779 | char *seuser=NULL; | |
780 | char *level=NULL; | |
781 | if (getseuserbyname("root", &seuser, &level) == 0) { | |
782 | if (get_default_context_with_level(seuser, level, 0, &scon) == 0) { | |
783 | if (setexeccon(scon) != 0) | |
d45e5dff | 784 | warnx(_("setexeccon failed")); |
60706626 DR |
785 | freecon(scon); |
786 | } | |
787 | } | |
7d8a8d2c DR |
788 | free(seuser); |
789 | free(level); | |
790 | } | |
791 | #endif | |
9f94bdce | 792 | execl(su_shell, shell, NULL); |
07ff972e | 793 | warn(_("failed to execute %s"), su_shell); |
7d8a8d2c | 794 | |
984a6096 | 795 | xsetenv("SHELL", "/bin/sh", 1); |
97e04909 | 796 | execl("/bin/sh", profile ? "-sh" : "sh", NULL); |
07ff972e | 797 | warn(_("failed to execute %s"), "/bin/sh"); |
7d8a8d2c DR |
798 | } |
799 | ||
9325dbfd | 800 | static void usage(void) |
7d8a8d2c | 801 | { |
9325dbfd | 802 | FILE *out = stdout; |
8614335f | 803 | fputs(USAGE_HEADER, out); |
9211be30 | 804 | fprintf(out, _( |
8614335f KZ |
805 | " %s [options] [tty device]\n"), program_invocation_short_name); |
806 | ||
451dbcfa BS |
807 | fputs(USAGE_SEPARATOR, out); |
808 | fputs(_("Single-user login.\n"), out); | |
809 | ||
8614335f KZ |
810 | fputs(USAGE_OPTIONS, out); |
811 | fputs(_(" -p, --login-shell start a login shell\n" | |
812 | " -t, --timeout <seconds> max time to wait for a password (default: no limit)\n" | |
813 | " -e, --force examine password files directly if getpwnam(3) fails\n"), | |
814 | out); | |
815 | ||
816 | fputs(USAGE_SEPARATOR, out); | |
f45f3ec3 RM |
817 | printf(USAGE_HELP_OPTIONS(26)); |
818 | printf(USAGE_MAN_TAIL("sulogin(8)")); | |
2c308875 KZ |
819 | |
820 | exit(EXIT_SUCCESS); | |
7d8a8d2c DR |
821 | } |
822 | ||
823 | int main(int argc, char **argv) | |
824 | { | |
5d74cf00 | 825 | struct list_head *ptr, consoles; |
dfbc7c89 | 826 | struct console *con; |
7d8a8d2c | 827 | char *tty = NULL; |
7d8a8d2c | 828 | struct passwd *pwd; |
71f207a5 SK |
829 | const struct timespec sigwait = { .tv_sec = 0, .tv_nsec = 50000000 }; |
830 | siginfo_t status = { 0 }; | |
3d0cf042 | 831 | sigset_t set; |
cde7699c | 832 | int c, reconnect = 0; |
7d8a8d2c | 833 | int opt_e = 0; |
cde7699c | 834 | int wait = 0; |
dfbc7c89 | 835 | pid_t pid; |
7d8a8d2c | 836 | |
8614335f | 837 | static const struct option longopts[] = { |
87918040 SK |
838 | { "login-shell", no_argument, NULL, 'p' }, |
839 | { "timeout", required_argument, NULL, 't' }, | |
840 | { "force", no_argument, NULL, 'e' }, | |
841 | { "help", no_argument, NULL, 'h' }, | |
842 | { "version", no_argument, NULL, 'V' }, | |
843 | { NULL, 0, NULL, 0 } | |
8614335f KZ |
844 | }; |
845 | ||
5d74cf00 KZ |
846 | INIT_LIST_HEAD(&consoles); |
847 | ||
dfbc7c89 WF |
848 | /* |
849 | * If we are init we need to set up a own session. | |
850 | */ | |
851 | if ((pid = getpid()) == 1) { | |
852 | setsid(); | |
cba09b5f | 853 | ignore_result( ioctl(STDIN_FILENO, TIOCSCTTY, (char *) 1) ); |
dfbc7c89 WF |
854 | } |
855 | ||
24ff2f57 KZ |
856 | setlocale(LC_ALL, ""); |
857 | bindtextdomain(PACKAGE, LOCALEDIR); | |
858 | textdomain(PACKAGE); | |
2c308875 | 859 | close_stdout_atexit(); |
24ff2f57 | 860 | |
7d8a8d2c | 861 | /* |
adfbaecf | 862 | * See if we have a timeout flag. |
7d8a8d2c | 863 | */ |
8614335f | 864 | while ((c = getopt_long(argc, argv, "ehpt:V", longopts, NULL)) != -1) { |
60706626 | 865 | switch(c) { |
7d8a8d2c | 866 | case 't': |
92bb28a4 | 867 | timeout = strtou32_or_err(optarg, _("invalid timeout argument")); |
7d8a8d2c DR |
868 | break; |
869 | case 'p': | |
870 | profile = 1; | |
871 | break; | |
872 | case 'e': | |
873 | opt_e = 1; | |
874 | break; | |
8614335f | 875 | case 'V': |
2c308875 | 876 | print_version(EXIT_SUCCESS); |
9211be30 | 877 | case 'h': |
9325dbfd | 878 | usage(); |
7d8a8d2c | 879 | default: |
9325dbfd | 880 | /* Do not exit! getopt prints a warning. */ |
7d8a8d2c | 881 | break; |
60706626 | 882 | } |
7d8a8d2c DR |
883 | } |
884 | ||
d45e5dff | 885 | if (geteuid() != 0) |
1d231190 | 886 | errx(EXIT_FAILURE, _("only superuser can run this program")); |
7d8a8d2c | 887 | |
97795a73 DR |
888 | mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit); |
889 | mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp); | |
890 | mask_signal(SIGINT, SIG_IGN, &saved_sigint); | |
dfbc7c89 WF |
891 | mask_signal(SIGHUP, SIG_IGN, &saved_sighup); |
892 | ||
4226f910 KZ |
893 | |
894 | emergency_do_mounts(); | |
895 | atexit( emergency_do_umounts ); | |
896 | ||
dfbc7c89 WF |
897 | /* |
898 | * See if we need to open an other tty device. | |
899 | */ | |
60706626 DR |
900 | if (optind < argc) |
901 | tty = argv[optind]; | |
7d8a8d2c | 902 | |
dfbc7c89 WF |
903 | if (!tty || *tty == '\0') |
904 | tty = getenv("CONSOLE"); | |
7d8a8d2c | 905 | |
dfbc7c89 WF |
906 | /* |
907 | * Detect possible consoles, use stdin as fallback. | |
908 | * If an optional tty is given, reconnect it to stdin. | |
909 | */ | |
910 | reconnect = detect_consoles(tty, STDIN_FILENO, &consoles); | |
7d8a8d2c | 911 | |
dfbc7c89 | 912 | /* |
9e930041 | 913 | * If previous stdin was not the specified tty and therefore reconnected |
dfbc7c89 WF |
914 | * to the specified tty also reconnect stdout and stderr. |
915 | */ | |
916 | if (reconnect) { | |
917 | if (isatty(STDOUT_FILENO) == 0) | |
918 | dup2(STDOUT_FILENO, STDIN_FILENO); | |
919 | if (isatty(STDERR_FILENO) == 0) | |
920 | dup2(STDOUT_FILENO, STDERR_FILENO); | |
7d8a8d2c DR |
921 | } |
922 | ||
dfbc7c89 WF |
923 | /* |
924 | * Should not happen | |
925 | */ | |
926 | if (list_empty(&consoles)) { | |
927 | if (!errno) | |
928 | errno = ENOENT; | |
4b3624ca | 929 | err(EXIT_FAILURE, _("cannot open console")); |
dfbc7c89 | 930 | } |
59ef660f | 931 | |
7d8a8d2c | 932 | /* |
adfbaecf | 933 | * Get the root password. |
7d8a8d2c DR |
934 | */ |
935 | if ((pwd = getrootpwent(opt_e)) == NULL) { | |
1d231190 | 936 | warnx(_("cannot open password database")); |
7d8a8d2c | 937 | sleep(2); |
ad85c7ba | 938 | return EXIT_FAILURE; |
7d8a8d2c DR |
939 | } |
940 | ||
941 | /* | |
dfbc7c89 | 942 | * Ask for the password on the consoles. |
7d8a8d2c | 943 | */ |
dfbc7c89 WF |
944 | list_for_each(ptr, &consoles) { |
945 | con = list_entry(ptr, struct console, entry); | |
946 | if (con->id >= CONMAX) | |
60706626 | 947 | break; |
dfbc7c89 | 948 | if (con->fd >= 0) { |
cba09b5f | 949 | openfd |= (1 << con->fd); |
dfbc7c89 WF |
950 | tcinit(con); |
951 | continue; | |
729bfb80 | 952 | } |
dfbc7c89 WF |
953 | if ((con->fd = open(con->tty, O_RDWR | O_NOCTTY | O_NONBLOCK)) < 0) |
954 | continue; | |
cba09b5f | 955 | openfd |= (1 << con->fd); |
dfbc7c89 | 956 | tcinit(con); |
7d8a8d2c | 957 | } |
dfbc7c89 | 958 | ptr = (&consoles)->next; |
7d8a8d2c | 959 | |
dfbc7c89 WF |
960 | if (ptr->next == &consoles) { |
961 | con = list_entry(ptr, struct console, entry); | |
962 | goto nofork; | |
963 | } | |
729bfb80 | 964 | |
7ff1162e | 965 | |
dfbc7c89 WF |
966 | mask_signal(SIGCHLD, chld_handler, &saved_sigchld); |
967 | do { | |
968 | con = list_entry(ptr, struct console, entry); | |
969 | if (con->id >= CONMAX) | |
970 | break; | |
971 | ||
972 | switch ((con->pid = fork())) { | |
973 | case 0: | |
974 | mask_signal(SIGCHLD, SIG_DFL, NULL); | |
dfbc7c89 WF |
975 | nofork: |
976 | setup(con); | |
977 | while (1) { | |
978 | const char *passwd = pwd->pw_passwd; | |
979 | const char *answer; | |
a8224e8e | 980 | int doshell = 0; |
7ff1162e KZ |
981 | int deny = !opt_e && locked_account_password(pwd->pw_passwd); |
982 | ||
983 | doprompt(passwd, con, deny); | |
dfbc7c89 | 984 | |
dfbc7c89 WF |
985 | if ((answer = getpasswd(con)) == NULL) |
986 | break; | |
7ff1162e KZ |
987 | if (deny) |
988 | exit(EXIT_FAILURE); | |
dfbc7c89 | 989 | |
7ff1162e KZ |
990 | /* no password or locked account */ |
991 | if (!passwd[0] || locked_account_password(passwd)) | |
dfbc7c89 WF |
992 | doshell++; |
993 | else { | |
994 | const char *cryptbuf; | |
995 | cryptbuf = crypt(answer, passwd); | |
996 | if (cryptbuf == NULL) | |
4b3624ca | 997 | warn(_("crypt failed")); |
dfbc7c89 WF |
998 | else if (strcmp(cryptbuf, pwd->pw_passwd) == 0) |
999 | doshell++; | |
1000 | } | |
1001 | ||
1002 | if (doshell) { | |
a8224e8e | 1003 | /* sushell() unmask signals */ |
dfbc7c89 | 1004 | sushell(pwd); |
dfbc7c89 | 1005 | |
a8224e8e KZ |
1006 | mask_signal(SIGQUIT, SIG_IGN, &saved_sigquit); |
1007 | mask_signal(SIGTSTP, SIG_IGN, &saved_sigtstp); | |
1008 | mask_signal(SIGINT, SIG_IGN, &saved_sigint); | |
dfbc7c89 | 1009 | |
223939d9 | 1010 | fprintf(stderr, _("cannot execute su shell\n\n")); |
dfbc7c89 WF |
1011 | break; |
1012 | } | |
1013 | fprintf(stderr, _("Login incorrect\n\n")); | |
1014 | } | |
1015 | if (alarm_rised) { | |
1016 | tcfinal(con); | |
1017 | warnx(_("Timed out\n\n")); | |
1018 | } | |
1019 | /* | |
1020 | * User pressed Control-D. | |
1021 | */ | |
1022 | exit(0); | |
1023 | case -1: | |
4b3624ca | 1024 | warn(_("fork failed")); |
b1557fe9 | 1025 | /* fallthrough */ |
dfbc7c89 WF |
1026 | default: |
1027 | break; | |
1028 | } | |
1029 | ||
1030 | ptr = ptr->next; | |
1031 | ||
1032 | } while (ptr != &consoles); | |
1033 | ||
cde7699c WF |
1034 | do { |
1035 | int ret; | |
1036 | ||
1037 | status.si_pid = 0; | |
1038 | ret = waitid(P_ALL, 0, &status, WEXITED); | |
1039 | ||
1040 | if (ret == 0) | |
dfbc7c89 | 1041 | break; |
cde7699c WF |
1042 | if (ret < 0) { |
1043 | if (errno == ECHILD) | |
1044 | break; | |
1045 | if (errno == EINTR) | |
dfbc7c89 | 1046 | continue; |
cde7699c WF |
1047 | } |
1048 | ||
223939d9 | 1049 | errx(EXIT_FAILURE, _("cannot wait on su shell\n\n")); |
cde7699c WF |
1050 | |
1051 | } while (1); | |
1052 | ||
1053 | list_for_each(ptr, &consoles) { | |
1054 | con = list_entry(ptr, struct console, entry); | |
1055 | ||
1056 | if (con->fd < 0) | |
1057 | continue; | |
1058 | if (con->pid < 0) | |
1059 | continue; | |
1060 | if (con->pid == status.si_pid) | |
1061 | con->pid = -1; | |
1062 | else { | |
1063 | kill(con->pid, SIGTERM); | |
1064 | wait++; | |
1065 | } | |
1066 | } | |
1067 | ||
1068 | sigemptyset(&set); | |
1069 | sigaddset(&set, SIGCHLD); | |
1070 | ||
1071 | do { | |
1072 | int signum, ret; | |
1073 | ||
1074 | if (!wait) | |
1075 | break; | |
1076 | ||
1077 | status.si_pid = 0; | |
1078 | ret = waitid(P_ALL, 0, &status, WEXITED|WNOHANG); | |
1079 | ||
1080 | if (ret < 0) { | |
1081 | if (errno == ECHILD) | |
1082 | break; | |
1083 | if (errno == EINTR) | |
dfbc7c89 | 1084 | continue; |
cde7699c WF |
1085 | } |
1086 | ||
1087 | if (!ret && status.si_pid > 0) { | |
1088 | list_for_each(ptr, &consoles) { | |
1089 | con = list_entry(ptr, struct console, entry); | |
1090 | ||
1091 | if (con->fd < 0) | |
1092 | continue; | |
1093 | if (con->pid < 0) | |
1094 | continue; | |
1095 | if (con->pid == status.si_pid) { | |
1096 | con->pid = -1; | |
1097 | wait--; | |
1098 | } | |
dfbc7c89 | 1099 | } |
cde7699c | 1100 | continue; |
dfbc7c89 | 1101 | } |
cde7699c WF |
1102 | |
1103 | signum = sigtimedwait(&set, NULL, &sigwait); | |
74ce680a SK |
1104 | if (signum != SIGCHLD && signum < 0 && errno == EAGAIN) |
1105 | break; | |
cde7699c WF |
1106 | |
1107 | } while (1); | |
dfbc7c89 WF |
1108 | |
1109 | mask_signal(SIGCHLD, SIG_DFL, NULL); | |
cd8703ad | 1110 | return EXIT_SUCCESS; |
7d8a8d2c | 1111 | } |