f93cf255d4
Closes #238 Update all files to list SPDX license shortname. Most files are BSD 3 clause license. The exceptions are: serge@sl ~/src/shadow$ git grep SPDX-License | grep -v BSD-3-Clause contrib/atudel:# SPDX-License-Identifier: BSD-4-Clause lib/tcbfuncs.c: * SPDX-License-Identifier: 0BSD libmisc/salt.c: * SPDX-License-Identifier: Unlicense src/login_nopam.c: * SPDX-License-Identifier: Unlicense src/nologin.c: * SPDX-License-Identifier: BSD-2-Clause src/vipw.c: * SPDX-License-Identifier: GPL-2.0-or-later Signed-off-by: Serge Hallyn <serge@hallyn.com>
112 lines
2.4 KiB
C
112 lines
2.4 KiB
C
/*
|
|
* SPDX-FileCopyrightText: 1991 , Julianne Frances Haugh
|
|
* SPDX-FileCopyrightText: 1991 , Chip Rosenthal
|
|
* SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
|
|
* SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
|
|
* SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <config.h>
|
|
#include "defines.h"
|
|
#include <stdio.h>
|
|
#include "getdef.h"
|
|
#include "prototypes.h"
|
|
|
|
#ident "$Id$"
|
|
|
|
/* local function prototypes */
|
|
static bool is_listed (const char *cfgin, const char *tty, bool def);
|
|
|
|
/*
|
|
* This is now rather generic function which decides if "tty" is listed
|
|
* under "cfgin" in config (directly or indirectly). Fallback to default if
|
|
* something is bad.
|
|
*/
|
|
static bool is_listed (const char *cfgin, const char *tty, bool def)
|
|
{
|
|
FILE *fp;
|
|
char buf[1024], *s;
|
|
const char *cons;
|
|
|
|
/*
|
|
* If the CONSOLE configuration definition isn't given,
|
|
* fallback to default.
|
|
*/
|
|
|
|
cons = getdef_str (cfgin);
|
|
if (NULL == cons) {
|
|
return def;
|
|
}
|
|
|
|
/*
|
|
* If this isn't a filename, then it is a ":" delimited list of
|
|
* console devices upon which root logins are allowed.
|
|
*/
|
|
|
|
if (*cons != '/') {
|
|
char *pbuf;
|
|
strncpy (buf, cons, sizeof (buf));
|
|
buf[sizeof (buf) - 1] = '\0';
|
|
pbuf = &buf[0];
|
|
while ((s = strtok (pbuf, ":")) != NULL) {
|
|
if (strcmp (s, tty) == 0) {
|
|
return true;
|
|
}
|
|
|
|
pbuf = NULL;
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* If we can't open the console list, then call everything a
|
|
* console - otherwise root will never be allowed to login.
|
|
*/
|
|
|
|
fp = fopen (cons, "r");
|
|
if (NULL == fp) {
|
|
return def;
|
|
}
|
|
|
|
/*
|
|
* See if this tty is listed in the console file.
|
|
*/
|
|
|
|
while (fgets (buf, (int) sizeof (buf), fp) != NULL) {
|
|
buf[strlen (buf) - 1] = '\0';
|
|
if (strcmp (buf, tty) == 0) {
|
|
(void) fclose (fp);
|
|
return true;
|
|
}
|
|
}
|
|
|
|
/*
|
|
* This tty isn't a console.
|
|
*/
|
|
|
|
(void) fclose (fp);
|
|
return false;
|
|
}
|
|
|
|
/*
|
|
* console - return 1 if the "tty" is a console device, else 0.
|
|
*
|
|
* Note - we need to take extreme care here to avoid locking out root logins
|
|
* if something goes awry. That's why we do things like call everything a
|
|
* console if the consoles file can't be opened. Because of this, we must
|
|
* warn the user to protect against the remove of the consoles file since
|
|
* that would allow an unauthorized root login.
|
|
*/
|
|
|
|
bool console (const char *tty)
|
|
{
|
|
if (strncmp (tty, "/dev/", 5) == 0) {
|
|
tty += 5;
|
|
}
|
|
|
|
return is_listed ("CONSOLE", tty, true);
|
|
}
|
|
|