2007-10-07 11:44:02 +00:00
|
|
|
/*
|
2021-12-05 09:35:27 -06:00
|
|
|
* SPDX-FileCopyrightText: 1991 , Julianne Frances Haugh
|
|
|
|
* SPDX-FileCopyrightText: 1991 , Chip Rosenthal
|
|
|
|
* SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
|
|
|
|
* SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
|
|
|
|
* SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
|
2007-10-07 11:44:02 +00:00
|
|
|
*
|
2021-12-05 09:35:27 -06:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
2007-10-07 11:44:02 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
#include "defines.h"
|
|
|
|
#include <stdio.h>
|
|
|
|
#include "getdef.h"
|
* libmisc/console.c, libmisc/ulimit.c, lib/sgetgrent.c,
lib/sgetpwent.c: Include "prototypes.h" to make
sure the exported prototypes are the ones used for the definition
of functions.
* lib/prototypes.h: Added prototypes for __gr_del_entry(),
__gr_get_db(), __gr_get_head(), __gr_set_changed(), __gr_dup(),
__pw_del_entry(), __pw_get_db(), __pw_get_head(), __pw_dup(),
sgetgrent(), sgetpwent(), __sgr_del_entry(), __sgr_dup(),
__sgr_get_head(), __sgr_set_changed(), __spw_get_head(),
__spw_del_entry(), __spw_dup().
* lib/prototypes.h: Removed prototype for is_listed().
* lib/prototypes.h: Added name of the check_su_auth()'s parameters.
* lib/groupio.h: Removed prototypes for __gr_dup() and
__gr_set_changed().
* lib/sgroupio.c: Removed prototypes for putsgent(), sgetsgent(),
and __gr_get_db().
* lib/sgroupio.h: Removed prototypes for __sgr_dup() and
__sgr_set_changed().
* lib/shadowio.c: Removed prototype for __pw_get_db().
* lib/pwio.c: Removed prototype for sgetpwent() and putpwent().
* lib/shadowio.h: Removed prototypes for __spw_dup() and
__spw_set_changed().
* lib/pwio.h: Removed prototypes for __pw_dup() and
__pw_set_changed().
* lib/commonio.h: Add protection against multiple inclusions.
* lib/prototypes.h: Include commonio.h (needed for the
__xx_del_entry() functions).
2008-01-06 11:59:01 +00:00
|
|
|
#include "prototypes.h"
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2007-11-10 23:46:11 +00:00
|
|
|
#ident "$Id$"
|
2007-10-07 11:47:01 +00:00
|
|
|
|
2007-10-07 11:44:02 +00:00
|
|
|
/*
|
|
|
|
* This is now rather generic function which decides if "tty" is listed
|
|
|
|
* under "cfgin" in config (directly or indirectly). Fallback to default if
|
|
|
|
* something is bad.
|
|
|
|
*/
|
2008-06-09 18:11:20 +00:00
|
|
|
static bool is_listed (const char *cfgin, const char *tty, bool def)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
|
|
|
FILE *fp;
|
2018-10-10 12:22:04 +02:00
|
|
|
char buf[1024], *s;
|
* libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c,
libmisc/sulog.c, libmisc/hushed.c, libmisc/failure.c,
libmisc/loginprompt.c, libmisc/ttytype.c,
libmisc/pam_pass_non_interractive.c, src/userdel.c, src/login.c,
lib/commonio.c, lib/commonio.h: Fix some const issues.
* libmisc/motd.c: Avoid multi-statements lines.
* libmisc/motd.c: Support long MOTD_FILE.
* libmisc/list.c, lib/prototypes.h: Revert previous change.
dup_list and is_on_list are used with members as defined for the
group structure, and thus even if the list is not modified, the
list elements cannot be constant strings.
* libmisc/system.c: Avoid C++ comments.
* src/vipw.c: WITH_TCB cannot be tested inside a gettextized
string. Split the Usage string.
* lib/commonio.h: Re-indent.
2010-08-21 15:32:53 +00:00
|
|
|
const char *cons;
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If the CONSOLE configuration definition isn't given,
|
|
|
|
* fallback to default.
|
|
|
|
*/
|
|
|
|
|
2008-06-09 18:11:20 +00:00
|
|
|
cons = getdef_str (cfgin);
|
|
|
|
if (NULL == cons) {
|
2007-10-07 11:44:02 +00:00
|
|
|
return def;
|
2008-06-09 18:11:20 +00:00
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* If this isn't a filename, then it is a ":" delimited list of
|
|
|
|
* console devices upon which root logins are allowed.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (*cons != '/') {
|
2010-11-19 21:54:41 +00:00
|
|
|
char *pbuf;
|
Use strlcpy(3) instead of its pattern
- Since strncpy(3) is not designed to write strings, but rather
(null-padded) character sequences (a.k.a. unterminated strings), we
had to manually append a '\0'. strlcpy(3) creates strings, so they
are always terminated. This removes dependencies between lines, and
also removes chances of accidents.
- Repurposing strncpy(3) to create strings requires calculating the
location of the terminating null byte, which involves a '-1'
calculation. This is a source of off-by-one bugs. The new code has
no '-1' calculations, so there's almost-zero chance of these bugs.
- strlcpy(3) doesn't padd with null bytes. Padding is relevant when
writing fixed-width buffers to binary files, when interfacing certain
APIs (I believe utmpx requires null padding at lease in some
systems), or when sending them to other processes or through the
network. This is not the case, so padding is effectively ignored.
- strlcpy(3) requires that the input string is really a string;
otherwise it crashes (SIGSEGV). Let's check if the input strings are
really strings:
- lib/fields.c:
- 'cp' was assigned from 'newft', and 'newft' comes from fgets(3).
- lib/gshadow.c:
- strlen(string) is calculated a few lines above.
- libmisc/console.c:
- 'cons' comes from getdef_str, which is a bit cryptic, but seems
to generate strings, I guess.1
- libmisc/date_to_str.c:
- It receives a string literal. :)
- libmisc/utmp.c:
- 'tname' comes from ttyname(3), which returns a string.
- src/su.c:
- 'tmp_name' has been passed to strcmp(3) a few lines above.
Signed-off-by: Alejandro Colomar <alx@kernel.org>
2022-12-16 04:13:53 +01:00
|
|
|
strlcpy (buf, cons, sizeof (buf));
|
2010-11-19 21:54:41 +00:00
|
|
|
pbuf = &buf[0];
|
|
|
|
while ((s = strtok (pbuf, ":")) != NULL) {
|
2008-06-09 18:11:20 +00:00
|
|
|
if (strcmp (s, tty) == 0) {
|
|
|
|
return true;
|
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
|
2010-11-19 21:54:41 +00:00
|
|
|
pbuf = NULL;
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2008-06-09 18:11:20 +00:00
|
|
|
return false;
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* If we can't open the console list, then call everything a
|
|
|
|
* console - otherwise root will never be allowed to login.
|
|
|
|
*/
|
|
|
|
|
2008-06-09 18:11:20 +00:00
|
|
|
fp = fopen (cons, "r");
|
|
|
|
if (NULL == fp) {
|
2007-10-07 11:44:02 +00:00
|
|
|
return def;
|
2008-06-09 18:11:20 +00:00
|
|
|
}
|
2007-10-07 11:44:02 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* See if this tty is listed in the console file.
|
|
|
|
*/
|
|
|
|
|
2023-02-01 13:50:48 +01:00
|
|
|
while (fgets (buf, sizeof (buf), fp) != NULL) {
|
2023-01-30 11:53:47 +00:00
|
|
|
/* Remove optional trailing '\n'. */
|
|
|
|
buf[strcspn (buf, "\n")] = '\0';
|
2007-10-07 11:45:23 +00:00
|
|
|
if (strcmp (buf, tty) == 0) {
|
|
|
|
(void) fclose (fp);
|
2008-06-09 18:11:20 +00:00
|
|
|
return true;
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This tty isn't a console.
|
|
|
|
*/
|
|
|
|
|
2007-10-07 11:45:23 +00:00
|
|
|
(void) fclose (fp);
|
2008-06-09 18:11:20 +00:00
|
|
|
return false;
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* console - return 1 if the "tty" is a console device, else 0.
|
|
|
|
*
|
|
|
|
* Note - we need to take extreme care here to avoid locking out root logins
|
|
|
|
* if something goes awry. That's why we do things like call everything a
|
|
|
|
* console if the consoles file can't be opened. Because of this, we must
|
|
|
|
* warn the user to protect against the remove of the consoles file since
|
|
|
|
* that would allow an unauthorized root login.
|
|
|
|
*/
|
|
|
|
|
2008-06-09 18:11:20 +00:00
|
|
|
bool console (const char *tty)
|
2007-10-07 11:44:02 +00:00
|
|
|
{
|
2009-05-16 18:19:24 +00:00
|
|
|
if (strncmp (tty, "/dev/", 5) == 0) {
|
|
|
|
tty += 5;
|
|
|
|
}
|
|
|
|
|
2008-06-09 18:11:20 +00:00
|
|
|
return is_listed ("CONSOLE", tty, true);
|
2007-10-07 11:44:02 +00:00
|
|
|
}
|
2008-06-09 18:11:20 +00:00
|
|
|
|