1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2013 Nexenta Systems, Inc. All rights reserved.
24 * Copyright (c) 2016 by Delphix. All rights reserved.
25 */
26
27 /*
28 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
29 * Use is subject to license terms.
30 */
31
32 /*
33 * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
34 * All rights reserved.
35 *
36 * Copyright (c) 1987, 1988 Microsoft Corporation.
37 * All rights reserved.
38 */
39
40 /*
41 * sulogin - special login program exec'd from init to let user
42 * come up single user, or go to default init state straight away.
43 *
44 * Explain the scoop to the user, prompt for an authorized user
45 * name or ^D and then prompt for password or ^D. If the password
46 * is correct, check if the user is authorized, if so enter
47 * single user. ^D exits sulogin, and init will go to default init state.
48 *
49 * If /etc/passwd is missing, or there's no entry for root,
50 * go single user, no questions asked.
51 */
52
53 #include <sys/types.h>
54 #include <sys/stat.h>
55 #include <sys/param.h>
56 #include <sys/sysmsg_impl.h>
57 #include <sys/mkdev.h>
58 #include <sys/resource.h>
59 #include <sys/uadmin.h>
60 #include <sys/wait.h>
61 #include <sys/stermio.h>
62 #include <fcntl.h>
63 #include <termio.h>
64 #include <pwd.h>
65 #include <shadow.h>
66 #include <stdlib.h>
67 #include <stdio.h>
68 #include <signal.h>
69 #include <siginfo.h>
70 #include <utmpx.h>
71 #include <unistd.h>
72 #include <ucontext.h>
73 #include <string.h>
74 #include <strings.h>
75 #include <deflt.h>
76 #include <limits.h>
77 #include <errno.h>
78 #include <crypt.h>
79 #include <auth_attr.h>
80 #include <auth_list.h>
81 #include <nss_dbdefs.h>
82 #include <user_attr.h>
83 #include <sys/vt.h>
84 #include <sys/kd.h>
85
86 /*
87 * Intervals to sleep after failed login
88 */
89 #ifndef SLEEPTIME
90 #define SLEEPTIME 4 /* sleeptime before login incorrect msg */
91 #endif
92
93 #define SLEEPTIME_MAX 5 /* maximum sleeptime */
94
95 /*
96 * the name of the file containing the login defaults we deliberately
97 * use the same file as login(1)
98 */
99
100 #define DEFAULT_LOGIN "/etc/default/login"
101 #define DEFAULT_SULOGIN "/etc/default/sulogin"
102 #define DEFAULT_CONSOLE "/dev/console"
103
104 static char shell[] = "/sbin/sh";
105 static char su[] = "/sbin/su.static";
106 static int sleeptime = SLEEPTIME;
107 static int nchild = 0;
108 static pid_t pidlist[10];
109 static pid_t masterpid = 0;
110 static pid_t originalpid = 0;
111 static struct sigaction sa;
112 static struct termio ttymodes;
113
114 static char *findttyname(int fd);
115 static char *stripttyname(char *);
116 static char *sulogin_getinput(char *, int);
117 static void noop(int);
118 static void single(const char *, char *);
119 static void main_loop(char *, boolean_t);
120 static void parenthandler();
121 static void termhandler(int);
122 static void setupsigs(void);
123 static int pathcmp(char *, char *);
124 static void doit(char *, char *);
125 static void childcleanup(int);
126
127 #define ECHOON 0
128 #define ECHOOFF 1
129
130 /* ARGSUSED */
131 int
main(int argc,char ** argv)132 main(int argc, char **argv)
133 {
134 struct spwd *shpw;
135 int passreq = B_TRUE;
136 int flags;
137 int fd;
138 char *infop, *ptr, *p;
139 pid_t pid;
140 int bufsize;
141 struct stat st;
142 char cttyname[100];
143 char namedlist[500];
144 char scratchlist[500];
145 dev_t cttyd;
146
147 if (geteuid() != 0) {
148 (void) fprintf(stderr, "%s: must be root\n", argv[0]);
149 return (EXIT_FAILURE);
150 }
151
152 /* Do the magic to determine the children */
153 if ((fd = open(SYSMSG, 0)) < 0)
154 return (EXIT_FAILURE);
155
156 /*
157 * If the console supports the CIOCTTYCONSOLE ioctl, then fetch
158 * its console device list. If not, then we use the default
159 * console name.
160 */
161 if (ioctl(fd, CIOCTTYCONSOLE, &cttyd) == 0) {
162 if ((bufsize = ioctl(fd, CIOCGETCONSOLE, NULL)) < 0)
163 return (EXIT_FAILURE);
164
165 if (bufsize > 0) {
166 if ((infop = calloc(bufsize, sizeof (char))) == NULL)
167 return (EXIT_FAILURE);
168
169 if (ioctl(fd, CIOCGETCONSOLE, infop) < 0)
170 return (EXIT_FAILURE);
171
172 (void) snprintf(namedlist, sizeof (namedlist), "%s %s",
173 DEFAULT_CONSOLE, infop);
174 } else
175 (void) snprintf(namedlist, sizeof (namedlist), "%s",
176 DEFAULT_CONSOLE);
177 } else {
178 (void) snprintf(namedlist, sizeof (namedlist), "%s",
179 DEFAULT_CONSOLE);
180 cttyd = NODEV;
181 }
182
183 /*
184 * The attempt to turn the controlling terminals dev_t into a string
185 * may not be successful, thus leaving the variable cttyname as a
186 * NULL. This occurs if during boot we find
187 * the root partition (or some other partition)
188 * requires manual fsck, thus resulting in sulogin
189 * getting invoked. The ioctl for CIOCTTYCONSOLE
190 * called above returned NODEV for cttyd
191 * in these cases. NODEV gets returned when the vnode pointer
192 * in our session structure is NULL. In these cases it
193 * must be assumed that the default console is used.
194 *
195 * See uts/common/os/session.c:cttydev().
196 */
197 (void) strcpy(cttyname, DEFAULT_CONSOLE);
198 (void) strcpy(scratchlist, namedlist);
199 ptr = scratchlist;
200 while (ptr != NULL) {
201 p = strchr(ptr, ' ');
202 if (p == NULL) {
203 if (stat(ptr, &st))
204 return (EXIT_FAILURE);
205 if (st.st_rdev == cttyd)
206 (void) strcpy(cttyname, ptr);
207 break;
208 }
209 *p++ = '\0';
210 if (stat(ptr, &st))
211 return (EXIT_FAILURE);
212 if (st.st_rdev == cttyd) {
213 (void) strcpy(cttyname, ptr);
214 break;
215 }
216 ptr = p;
217 }
218
219 /*
220 * Use the same value of SLEEPTIME that login(1) uses. This
221 * is obtained by reading the file /etc/default/login using
222 * the def*() functions.
223 */
224
225 if (defopen(DEFAULT_LOGIN) == 0) {
226
227 /* ignore case */
228
229 flags = defcntl(DC_GETFLAGS, 0);
230 TURNOFF(flags, DC_CASE);
231 (void) defcntl(DC_SETFLAGS, flags);
232
233 if ((ptr = defread("SLEEPTIME=")) != NULL)
234 sleeptime = atoi(ptr);
235
236 if (sleeptime < 0 || sleeptime > SLEEPTIME_MAX)
237 sleeptime = SLEEPTIME;
238
239 (void) defopen(NULL); /* closes DEFAULT_LOGIN */
240 }
241
242 /*
243 * Use our own value of PASSREQ, separate from the one login(1) uses.
244 * This is obtained by reading the file /etc/default/sulogin using
245 * the def*() functions.
246 */
247
248 if (defopen(DEFAULT_SULOGIN) == 0) {
249 if ((ptr = defread("PASSREQ=")) != NULL)
250 if (strcmp("NO", ptr) == 0)
251 passreq = B_FALSE;
252
253 (void) defopen(NULL); /* closes DEFAULT_SULOGIN */
254 }
255
256 if (passreq == B_FALSE)
257 single(shell, NULL);
258
259 /*
260 * if no 'root' entry in /etc/shadow, give maint. mode single
261 * user shell prompt
262 */
263 setspent();
264 if ((shpw = getspnam("root")) == NULL) {
265 (void) fprintf(stderr, "\n*** Unable to retrieve `root' entry "
266 "in shadow password file ***\n\n");
267 single(shell, NULL);
268 }
269 endspent();
270 /*
271 * if no 'root' entry in /etc/passwd, give maint. mode single
272 * user shell prompt
273 */
274 setpwent();
275 if (getpwnam("root") == NULL) {
276 (void) fprintf(stderr, "\n*** Unable to retrieve `root' entry "
277 "in password file ***\n\n");
278 single(shell, NULL);
279 }
280 endpwent();
281 /* process with controlling tty treated special */
282 if ((pid = fork()) != (pid_t)0) {
283 if (pid == -1)
284 return (EXIT_FAILURE);
285 else {
286 setupsigs();
287 masterpid = pid;
288 originalpid = getpid();
289 /*
290 * init() was invoked from a console that was not
291 * the default console, nor was it an auxiliary.
292 */
293 if (cttyname[0] == '\0')
294 termhandler(0);
295 /* Never returns */
296
297 main_loop(cttyname, B_TRUE);
298 /* Never returns */
299 }
300 }
301 masterpid = getpid();
302 originalpid = getppid();
303 pidlist[nchild++] = originalpid;
304
305 sa.sa_handler = childcleanup;
306 sa.sa_flags = 0;
307 (void) sigemptyset(&sa.sa_mask);
308 (void) sigaction(SIGTERM, &sa, NULL);
309 (void) sigaction(SIGHUP, &sa, NULL);
310 sa.sa_handler = parenthandler;
311 sa.sa_flags = SA_SIGINFO;
312 (void) sigemptyset(&sa.sa_mask);
313 (void) sigaction(SIGUSR1, &sa, NULL);
314
315 sa.sa_handler = SIG_IGN;
316 sa.sa_flags = 0;
317 (void) sigemptyset(&sa.sa_mask);
318 (void) sigaction(SIGCHLD, &sa, NULL);
319 /*
320 * If there isn't a password on root, then don't permit
321 * the fanout capability of sulogin.
322 */
323 if (*shpw->sp_pwdp != '\0') {
324 ptr = namedlist;
325 while (ptr != NULL) {
326 p = strchr(ptr, ' ');
327 if (p == NULL) {
328 doit(ptr, cttyname);
329 break;
330 }
331 *p++ = '\0';
332 doit(ptr, cttyname);
333 ptr = p;
334 }
335 }
336 if (pathcmp(cttyname, DEFAULT_CONSOLE) != 0) {
337 if ((pid = fork()) == (pid_t)0) {
338 setupsigs();
339 main_loop(DEFAULT_CONSOLE, B_FALSE);
340 } else if (pid == -1)
341 return (EXIT_FAILURE);
342 pidlist[nchild++] = pid;
343 }
344 /*
345 * When parent is all done, it pauses until one of its children
346 * signals that its time to kill the underpriviledged.
347 */
348 (void) wait(NULL);
349
350 return (0);
351 }
352
353 /*
354 * These flags are taken from stty's "sane" table entries in
355 * usr/src/cmd/ttymon/sttytable.c
356 */
357 #define SET_IFLAG (BRKINT|IGNPAR|ISTRIP|ICRNL|IXON|IMAXBEL)
358 #define RESET_IFLAG (IGNBRK|PARMRK|INPCK|INLCR|IGNCR|IUCLC|IXOFF|IXANY)
359 #define SET_OFLAG (OPOST|ONLCR)
360 #define RESET_OFLAG (OLCUC|OCRNL|ONOCR|ONLRET|OFILL|OFDEL| \
361 NLDLY|CRDLY|TABDLY|BSDLY|VTDLY|FFDLY)
362 #define SET_LFLAG (ISIG|ICANON|IEXTEN|ECHO|ECHOK|ECHOE|ECHOKE|ECHOCTL)
363 #define RESET_LFLAG (XCASE|ECHONL|NOFLSH|STFLUSH|STWRAP|STAPPL)
364
365 /*
366 * Do the equivalent of 'stty sane' on the terminal since we don't know
367 * what state it was in on startup.
368 */
369 static void
sanitize_tty(int fd)370 sanitize_tty(int fd)
371 {
372 (void) ioctl(fd, TCGETA, &ttymodes);
373 ttymodes.c_iflag &= ~RESET_IFLAG;
374 ttymodes.c_iflag |= SET_IFLAG;
375 ttymodes.c_oflag &= ~RESET_OFLAG;
376 ttymodes.c_oflag |= SET_OFLAG;
377 ttymodes.c_lflag &= ~RESET_LFLAG;
378 ttymodes.c_lflag |= SET_LFLAG;
379 ttymodes.c_cc[VERASE] = CERASE;
380 ttymodes.c_cc[VKILL] = CKILL;
381 ttymodes.c_cc[VQUIT] = CQUIT;
382 ttymodes.c_cc[VINTR] = CINTR;
383 ttymodes.c_cc[VEOF] = CEOF;
384 ttymodes.c_cc[VEOL] = CNUL;
385 (void) ioctl(fd, TCSETAF, &ttymodes);
386 }
387
388 /*
389 * Fork a child of sulogin for each of the auxiliary consoles.
390 */
391 static void
doit(char * ptr,char * cttyname)392 doit(char *ptr, char *cttyname)
393 {
394 pid_t pid;
395
396 if (pathcmp(ptr, DEFAULT_CONSOLE) != 0 &&
397 pathcmp(ptr, cttyname) != 0) {
398 if ((pid = fork()) == (pid_t)0) {
399 setupsigs();
400 main_loop(ptr, B_FALSE);
401 } else if (pid == -1)
402 exit(EXIT_FAILURE);
403 pidlist[nchild++] = pid;
404 }
405 }
406
407 static int
pathcmp(char * adev,char * bdev)408 pathcmp(char *adev, char *bdev)
409 {
410 struct stat st1;
411 struct stat st2;
412
413 if (adev == NULL || bdev == NULL)
414 return (1);
415
416 if (strcmp(adev, bdev) == 0)
417 return (0);
418
419 if (stat(adev, &st1) || !S_ISCHR(st1.st_mode))
420 return (1);
421
422 if (stat(bdev, &st2) || !S_ISCHR(st2.st_mode))
423 return (1);
424
425 if (st1.st_rdev == st2.st_rdev)
426 return (0);
427
428 return (1);
429 }
430
431 /* Handlers for the children at initialization */
432 static void
setupsigs()433 setupsigs()
434 {
435 sa.sa_handler = noop;
436 sa.sa_flags = 0;
437 (void) sigemptyset(&sa.sa_mask);
438 (void) sigaction(SIGINT, &sa, NULL);
439 (void) sigaction(SIGQUIT, &sa, NULL);
440
441 sa.sa_handler = termhandler;
442 sa.sa_flags = 0;
443 (void) sigemptyset(&sa.sa_mask);
444 (void) sigaction(SIGTERM, &sa, NULL);
445 (void) sigaction(SIGKILL, &sa, NULL);
446 (void) sigaction(SIGHUP, &sa, NULL);
447 }
448
449 static void
main_loop(char * devname,boolean_t cttyflag)450 main_loop(char *devname, boolean_t cttyflag)
451 {
452 int fd, fb, i;
453 char *user = NULL; /* authorized user */
454 char *pass; /* password from user */
455 char *cpass; /* crypted password */
456 struct spwd spwd;
457 struct spwd *lshpw; /* local shadow */
458 char shadow[NSS_BUFLEN_SHADOW];
459 FILE *sysmsgfd;
460
461 for (i = 0; i < 3; i++)
462 (void) close(i);
463 if (cttyflag == B_FALSE) {
464 if (setsid() == -1)
465 exit(EXIT_FAILURE);
466 }
467 if ((fd = open(devname, O_RDWR)) < 0)
468 exit(EXIT_FAILURE);
469
470 /*
471 * In system maintenance mode, all virtual console instances
472 * of the svc:/system/console-login service are not available
473 * any more, and only the system console is available. So here
474 * we always switch to the system console in case at the moment
475 * the active console isn't it.
476 */
477 (void) ioctl(fd, VT_ACTIVATE, 1);
478
479 if (fd != 0)
480 (void) dup2(fd, STDIN_FILENO);
481 if (fd != 1)
482 (void) dup2(fd, STDOUT_FILENO);
483 if (fd != 2)
484 (void) dup2(fd, STDERR_FILENO);
485 if (fd > 2)
486 (void) close(fd);
487
488 /* Stop progress bar and reset console mode to text */
489 if ((fb = open("/dev/fb", O_RDONLY)) >= 0) {
490 (void) ioctl(fb, KDSETMODE, KD_RESETTEXT);
491 (void) close(fb);
492 }
493
494 sysmsgfd = fopen("/dev/sysmsg", "w");
495
496 sanitize_tty(fileno(stdin));
497
498 for (;;) {
499 do {
500 (void) printf("\nEnter user name for system "
501 "maintenance (control-d to bypass): ");
502 user = sulogin_getinput(devname, ECHOON);
503 if (user == NULL) {
504 /* signal other children to exit */
505 (void) sigsend(P_PID, masterpid, SIGUSR1);
506 /* ^D, so straight to default init state */
507 exit(EXIT_FAILURE);
508 }
509 } while (user[0] == '\0');
510 (void) printf("Enter %s password (control-d to bypass): ",
511 user);
512
513 if ((pass = sulogin_getinput(devname, ECHOOFF)) == NULL) {
514 /* signal other children to exit */
515 (void) sigsend(P_PID, masterpid, SIGUSR1);
516 /* ^D, so straight to default init state */
517 free(user);
518 exit(EXIT_FAILURE);
519 }
520 lshpw = getspnam_r(user, &spwd, shadow, sizeof (shadow));
521 if (lshpw == NULL) {
522 /*
523 * the user entered doesn't exist, too bad.
524 */
525 goto sorry;
526 }
527
528 /*
529 * There is a special case error to catch here:
530 * If the password is hashed with an algorithm
531 * other than the old unix crypt the call to crypt(3c)
532 * could fail if /usr is corrupt or not available
533 * since by default /etc/security/crypt.conf will
534 * have the crypt_ modules located under /usr/lib.
535 * Or it could happen if /etc/security/crypt.conf
536 * is corrupted.
537 *
538 * If this happens crypt(3c) will return NULL and
539 * set errno to ELIBACC for the former condition or
540 * EINVAL for the latter, in this case we bypass
541 * authentication and just verify that the user is
542 * authorized.
543 */
544
545 errno = 0;
546 cpass = crypt(pass, lshpw->sp_pwdp);
547 if (((cpass == NULL) && (lshpw->sp_pwdp[0] == '$')) &&
548 ((errno == ELIBACC) || (errno == EINVAL))) {
549 goto checkauth;
550 } else if ((cpass == NULL) ||
551 (strcmp(cpass, lshpw->sp_pwdp) != 0)) {
552 goto sorry;
553 }
554
555 checkauth:
556 /*
557 * There is a special case error here as well.
558 * If /etc/user_attr is corrupt, getusernam("root")
559 * returns NULL.
560 * In this case, we just give access because this is similar
561 * to the case of root not existing in /etc/passwd.
562 */
563
564 if ((getusernam("root") != NULL) &&
565 (chkauthattr(MAINTENANCE_AUTH, user) != 1)) {
566 goto sorry;
567 }
568 (void) fprintf(sysmsgfd, "\nsingle-user privilege "
569 "assigned to %s on %s.\n", user, devname);
570 (void) sigsend(P_PID, masterpid, SIGUSR1);
571 (void) wait(NULL);
572 free(user);
573 free(pass);
574 single(su, devname);
575 /* single never returns */
576
577 sorry:
578 (void) printf("\nLogin incorrect or user %s not authorized\n",
579 user);
580 free(user);
581 free(pass);
582 (void) sleep(sleeptime);
583 }
584 }
585
586 /*
587 * single() - exec shell for single user mode
588 */
589
590 static void
single(const char * cmd,char * ttyn)591 single(const char *cmd, char *ttyn)
592 {
593 struct utmpx *u;
594 char found = B_FALSE;
595
596 if (ttyn == NULL)
597 ttyn = findttyname(STDIN_FILENO);
598
599 /*
600 * utmpx records on the console device are expected to be "console"
601 * by other processes, such as dtlogin.
602 */
603 ttyn = stripttyname(ttyn);
604
605 /* update the utmpx file. */
606 while ((u = getutxent()) != NULL) {
607 if (strcmp(u->ut_line, ttyn) == 0) {
608 u->ut_tv.tv_sec = time(NULL);
609 u->ut_type = USER_PROCESS;
610 u->ut_pid = getpid();
611 if (strcmp(u->ut_user, "root") != 0)
612 (void) strcpy(u->ut_user, "root");
613 (void) pututxline(u);
614 found = B_TRUE;
615 break;
616 }
617 }
618 if (!found) {
619 struct utmpx entryx;
620
621 entryx.ut_tv.tv_sec = time(NULL);
622 entryx.ut_type = USER_PROCESS;
623 entryx.ut_pid = getpid();
624 (void) strcpy(entryx.ut_user, "root");
625 (void) strcpy(entryx.ut_line, ttyn);
626 entryx.ut_tv.tv_usec = 0;
627 entryx.ut_session = 0;
628 entryx.ut_id[0] = 'c';
629 entryx.ut_id[1] = 'o';
630 entryx.ut_id[2] = 's';
631 entryx.ut_id[3] = 'u';
632 entryx.ut_syslen = 1;
633 entryx.ut_host[0] = '\0';
634 entryx.ut_exit.e_termination = WTERMSIG(0);
635 entryx.ut_exit.e_exit = WEXITSTATUS(0);
636 (void) pututxline(&entryx);
637 }
638 endutxent();
639 (void) printf("Entering System Maintenance Mode\n\n");
640
641 if (execl(cmd, cmd, "-", (char *)0) < 0)
642 exit(EXIT_FAILURE);
643 }
644
645 /*
646 * sulogin_getinput() - hacked from the standard PAM tty conversation
647 * function getpassphrase() library version
648 * so we can distinguish newline and EOF.
649 * also don't need this routine to give a prompt.
650 *
651 * returns the password string, or NULL if the used typed EOF.
652 */
653
654 static char *
sulogin_getinput(char * devname,int echooff)655 sulogin_getinput(char *devname, int echooff)
656 {
657 struct termio ttyb;
658 int c;
659 FILE *fi;
660 static char input[PASS_MAX + 1];
661 void (*saved_handler)();
662 char *rval = input;
663 int i = 0;
664
665 if ((fi = fopen(devname, "r")) == NULL) {
666 fi = stdin;
667 }
668
669 saved_handler = signal(SIGINT, SIG_IGN);
670
671 if (echooff) {
672 ttyb = ttymodes;
673 ttyb.c_lflag &= ~(ECHO | ECHOE | ECHONL);
674 (void) ioctl(fileno(fi), TCSETAF, &ttyb);
675 }
676
677 /* get characters up to PASS_MAX, but don't overflow */
678 while ((c = getc(fi)) != '\n' && (c != '\r')) {
679 if (c == EOF && i == 0) { /* ^D, no input */
680 rval = NULL;
681 break;
682 }
683 if (i < PASS_MAX) {
684 input[i++] = (char)c;
685 }
686 }
687 input[i] = '\0';
688 (void) fputc('\n', fi);
689 if (echooff) {
690 (void) ioctl(fileno(fi), TCSETAW, &ttymodes);
691 }
692
693 if (saved_handler != SIG_ERR)
694 (void) signal(SIGINT, saved_handler);
695 return (rval == NULL ? NULL : strdup(rval));
696 }
697
698 static char *
findttyname(int fd)699 findttyname(int fd)
700 {
701 char *ttyn = ttyname(fd);
702
703 if (ttyn == NULL)
704 ttyn = "/dev/???";
705 else {
706 /*
707 * /dev/syscon and /dev/systty are usually links to
708 * /dev/console. prefer /dev/console.
709 */
710 if (((strcmp(ttyn, "/dev/syscon") == 0) ||
711 (strcmp(ttyn, "/dev/systty") == 0)) &&
712 access("/dev/console", F_OK))
713 ttyn = "/dev/console";
714 }
715 return (ttyn);
716 }
717
718 static char *
stripttyname(char * ttyn)719 stripttyname(char *ttyn)
720 {
721 /* saw off the /dev/ */
722 if (strncmp(ttyn, "/dev/", sizeof ("/dev/") -1) == 0)
723 return (ttyn + sizeof ("/dev/") - 1);
724 else
725 return (ttyn);
726 }
727
728
729 /* ARGSUSED */
730 static void
noop(int sig)731 noop(int sig)
732 {
733 /*
734 * This signal handler does nothing except return. We use it
735 * as the signal disposition in this program instead of
736 * SIG_IGN so that we do not have to restore the disposition
737 * back to SIG_DFL. Instead we allow exec(2) to set the
738 * dispostion to SIG_DFL to avoid a race condition.
739 */
740 }
741
742 /* ARGSUSED */
743 static void
parenthandler(int sig,siginfo_t * si,ucontext_t * uc)744 parenthandler(int sig, siginfo_t *si, ucontext_t *uc)
745 {
746 int i;
747
748 /*
749 * We get here if someone has successfully entered a password
750 * from the auxiliary console and is getting the single-user shell.
751 * When this happens, the parent needs to kill the children
752 * that didn't get the shell.
753 *
754 */
755 for (i = 0; i < nchild; i++) {
756 if (pidlist[i] != si->__data.__proc.__pid)
757 (void) sigsend(P_PID, pidlist[i], SIGTERM);
758 }
759 sa.sa_handler = SIG_IGN;
760 sa.sa_flags = 0;
761 (void) sigemptyset(&sa.sa_mask);
762 (void) sigaction(SIGINT, &sa, NULL);
763 (void) sigaction(SIGQUIT, &sa, NULL);
764 (void) sigaction(SIGTERM, &sa, NULL);
765 (void) wait(NULL);
766 }
767
768 /*
769 * The master pid will get SIGTERM or SIGHUP from init, and then
770 * has to make sure the shell isn't still running.
771 */
772
773 /* ARGSUSED */
774 static void
childcleanup(int sig)775 childcleanup(int sig)
776 {
777 int i;
778
779 /* Only need to kill the child that became the shell. */
780 for (i = 0; i < nchild; i++) {
781 /* Don't kill grandparent before it's necessary */
782 if (pidlist[i] != getppid())
783 (void) sigsend(P_PID, pidlist[i], SIGHUP);
784 }
785 }
786
787 /* ARGSUSED */
788 static void
termhandler(int sig)789 termhandler(int sig)
790 {
791 FILE *fi;
792 pid_t pid;
793
794 /* Processes come here when they fail to receive the password. */
795 if ((fi = fopen("/dev/tty", "r+")) == NULL)
796 fi = stdin;
797 else
798 setbuf(fi, NULL);
799 sanitize_tty(fileno(fi));
800 /* If you're the controlling tty, then just wait */
801 pid = getpid();
802 if (pid == originalpid || pid == masterpid) {
803 sa.sa_handler = SIG_IGN;
804 sa.sa_flags = 0;
805 (void) sigemptyset(&sa.sa_mask);
806 (void) sigaction(SIGINT, &sa, NULL);
807 (void) sigaction(SIGQUIT, &sa, NULL);
808 sa.sa_handler = SIG_DFL;
809 sa.sa_flags = 0;
810 (void) sigemptyset(&sa.sa_mask);
811 (void) sigaction(SIGTERM, &sa, NULL);
812 (void) sigaction(SIGHUP, &sa, NULL);
813 (void) wait(NULL);
814 }
815 exit(0);
816 }
817