/* See LICENSE file for copyright and license details. */
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <shadow.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <termios.h>
#include <unistd.h>
#ifdef WITH_LIBPASSPHRASE
# include <passphrase.h>
#endif
#include "arg.h"
#define EXIT_ERROR 125
#define EXIT_EXEC 126
#define EXIT_NOENT 127
#ifndef RETRY_SLEEP
# define RETRY_SLEEP 1
#endif
#ifndef PROMPT
# define PROMPT "%s (%s@%s) password: ", argv0, pwd->pw_name, hostname
#endif
char *argv0;
/* Keep list in sync with key2root(8)'s list */
static const char *env_whitelist[] = {
"DISPLAY=",
"WAYLAND_DISPLAY=",
"PATH=",
"TERM=",
"COLORTERM=",
"XAUTHORITY=",
"LANG=",
"LANGUAGE=",
"LOCALE=",
"LC_CTYPE=",
"LC_NUMERIC=",
"LC_TIME=",
"LC_COLLATE=",
"LC_MONETARY=",
"LC_MESSAGES=",
"LC_PAPER=",
"LC_NAME=",
"LC_ADDRESS=",
"LC_TELEPHONE=",
"LC_MEASUREMENT=",
"LC_IDENTIFICATION=",
"LC_ALL=",
"LOCPATH=",
"NLSPATH=",
"TZ=",
"TZDIR=",
"SDL_VIDEO_FULLSCREEN_DISPLAY=",
"EDITOR=",
"VISUAL=",
"BROWSER=",
"DESKTOP_SESSION=",
"LS_COLORS=",
"GTK_THEME=",
"QT_STYLE_OVERRIDE=",
"PWD=",
"OLDPWD=",
"JAVA_HOME=",
"_JAVA_AWT_WM_NONREPARENTING=",
"_JAVA_OPTIONS=",
"MAIN_ALSA_MIXER=",
"MAIN_ALSA_CARD=",
"XDG_SEAT=",
"XDG_SESSION_TYPE=",
"XDG_SESSION_CLASS=",
"XDG_VTNR=",
"XDG_SESSION_ID=",
"XDG_DATA_DIRS=",
"XDG_CONFIG_DIRS=",
"MANPATH=",
"INFODIR=",
"PAGER=",
"ftp_proxy=",
"http_proxy=",
NULL
};
static void
usage(void)
{
fprintf(stderr, "usage: %s [-e] command [argument] ...\n", argv0);
exit(EXIT_ERROR);
}
static char **
set_environ(void)
{
char **new_environ;
size_t i, j, n, len;
struct passwd *pw;
new_environ = calloc(sizeof(env_whitelist) / sizeof(*env_whitelist) + 5, sizeof(*env_whitelist));
if (!new_environ) {
fprintf(stderr, "%s: calloc %zu %zu: %s\n",
argv0, sizeof(env_whitelist) / sizeof(*env_whitelist) + 5, sizeof(*env_whitelist), strerror(errno));
exit(EXIT_ERROR);
}
for (i = 0, n = 0; env_whitelist[i]; i++) {
len = strlen(env_whitelist[i]);
for (j = 0; environ[j]; j++) {
if (!strncmp(environ[j], env_whitelist[i], len)) {
new_environ[n++] = environ[j];
break;
}
}
}
errno = 0;
pw = getpwuid(0);
if (!pw) {
if (errno)
fprintf(stderr, "%s: getpwuid 0: %s\n", argv0, strerror(errno));
else
fprintf(stderr, "%s: cannot find root user\n", argv0);
exit(EXIT_ERROR);
}
if (pw->pw_dir && *pw->pw_dir) {
len = strlen(pw->pw_dir);
len += sizeof("HOME=");
new_environ[n] = malloc(len);
if (!new_environ[n])
fprintf(stderr, "%s: malloc %zu: %s\n", argv0, len, strerror(errno));
stpcpy(stpcpy(new_environ[n++], "HOME="), pw->pw_dir);
}
if (pw->pw_name && *pw->pw_name) {
len = strlen(pw->pw_name);
len += sizeof("LOGNAME=");
new_environ[n] = malloc(len);
if (!new_environ[n])
fprintf(stderr, "%s: malloc %zu: %s\n", argv0, len, strerror(errno));
stpcpy(stpcpy(new_environ[n++], "LOGNAME="), pw->pw_name);
len -= sizeof("LOGNAME=");
len += sizeof("USER=");
new_environ[n] = malloc(len);
if (!new_environ[n])
fprintf(stderr, "%s: malloc %zu: %s\n", argv0, len, strerror(errno));
stpcpy(stpcpy(new_environ[n++], "USER="), pw->pw_name);
len -= sizeof("USER=");
len += sizeof("MAIL=/var/spool/mail/");
new_environ[n] = malloc(len);
if (!new_environ[n])
fprintf(stderr, "%s: malloc %zu: %s\n", argv0, len, strerror(errno));
stpcpy(stpcpy(new_environ[n++], "MAIL=/var/spool/mail/"), pw->pw_name);
}
if (pw->pw_shell && *pw->pw_shell) {
len = strlen(pw->pw_shell);
len += sizeof("SHELL=");
new_environ[n] = malloc(len);
if (!new_environ[n])
fprintf(stderr, "%s: malloc %zu: %s\n", argv0, len, strerror(errno));
stpcpy(stpcpy(new_environ[n++], "SHELL="), pw->pw_shell);
}
new_environ[n] = NULL;
return new_environ;
}
#ifndef WITH_LIBPASSPHRASE
static char *
read_passphrase(int fd)
{
char *passphrase = NULL, *new;
size_t size = 0, len = 0;
ssize_t r;
for (;;) {
if (len == size) {
new = realloc(passphrase, size += 32);
if (!new) {
fprintf(stderr, "\n%s: realloc %zu: %s\n", argv0, size, strerror(errno));
if (passphrase) {
memset(passphrase, 0, len);
free(passphrase);
}
return NULL;
}
passphrase = new;
}
r = read(fd, &passphrase[len], 1);
if (r < 0) {
fprintf(stderr, "\n%s: read /dev/tty 1: %s\n", argv0, strerror(errno));
memset(passphrase, 0, len);
free(passphrase);
return NULL;
} else if (!r || passphrase[len] == '\n') {
break;
} else {
len += 1;
}
}
fprintf(stderr, "\n");
passphrase[len] = 0;
return passphrase;
}
#endif
static void
check_password(void)
{
struct passwd *pwd;
struct spwd *shdw;
const char *expected, *got;
char *hostname = NULL;
char *passphrase;
size_t size = 8;
#ifndef WITH_LIBPASSPHRASE
struct termios stty_original;
#endif
struct termios stty_enter;
#if RETRY_SLEEP > 0
struct termios stty_sleep;
#endif
int fd;
errno = 0;
for (;;) {
hostname = realloc(hostname, size *= 2);
if (!hostname) {
fprintf(stderr, "%s: realloc %zu: %s\n", argv0, size, strerror(errno));
}
*hostname = 0;
if (!gethostname(hostname, size)) {
if (strnlen(hostname, size) < size - 1)
break;
} else if (errno != ENAMETOOLONG) {
fprintf(stderr, "%s: gethostname %zu: %s\n", argv0, size, strerror(errno));
exit(EXIT_ERROR);
}
}
errno = 0;
pwd = getpwuid(getuid());
if (!pwd || !pwd->pw_name || !*pwd->pw_name) {
if (errno)
fprintf(stderr, "%s: getpwuid: %s\n", argv0, strerror(errno));
else
fprintf(stderr, "%s: your user does not exist\n", argv0);
exit(EXIT_ERROR);
}
shdw = getspnam(pwd->pw_name);
if (!shdw || !shdw->sp_pwdp) {
if (errno)
fprintf(stderr, "%s: getspnam: %s\n", argv0, strerror(errno));
else
fprintf(stderr, "%s: your user does not have a shadow entry\n", argv0);
exit(EXIT_ERROR);
}
expected = shdw->sp_pwdp;
if (!*expected) {
fprintf(stderr, "%s: your user does not have a password\n", argv0);
exit(EXIT_ERROR);
} else if (expected[expected[0] == '!'] == '*' || expected[expected[0] == '!'] == 'x') {
fprintf(stderr, "%s: login to your account is disabled\n", argv0);
exit(EXIT_ERROR);
} else if (expected[0] == '!') {
fprintf(stderr, "%s: your account is currently locked\n", argv0);
exit(EXIT_ERROR);
}
fd = open("/dev/tty", O_RDWR);
if (fd < 0) {
fprintf(stderr, "%s: open /dev/tty O_RDWR: %s\n", argv0, strerror(errno));
exit(EXIT_ERROR);
}
#ifdef WITH_LIBPASSPHRASE
passphrase_disable_echo1(fd);
memset(&stty_enter, 0, sizeof(stty_enter));
if (tcgetattr(fd, &stty_enter)) {
fprintf(stderr, "%s: tcgetattr /dev/tty: %s\n", argv0, strerror(errno));
passphrase_reenable_echo1(fd);
close(fd);
exit(EXIT_ERROR);
}
#else
memset(&stty_original, 0, sizeof(stty_original));
if (tcgetattr(fd, &stty_original)) {
fprintf(stderr, "%s: tcgetattr /dev/tty: %s\n", argv0, strerror(errno));
close(fd);
exit(EXIT_ERROR);
}
memcpy(&stty_enter, &stty_original, sizeof(stty_original));
stty_enter.c_lflag &= (tcflag_t)~ECHO;
tcsetattr(fd, TCSAFLUSH, &stty_enter);
#endif
#if RETRY_SLEEP > 0
memcpy(&stty_sleep, &stty_enter, sizeof(stty_enter));
stty_sleep.c_lflag = 0;
#endif
again:
fprintf(stderr, PROMPT);
fflush(stderr);
#ifdef WITH_LIBPASSPHRASE
passphrase = passphrase_read2(fd, PASSPHRASE_READ_EXISTING);
if (!passphrase) {
fprintf(stderr, "%s: passphrase_read2 /dev/tty PASSPHRASE_READ_EXISTING: %s\n", argv0, strerror(errno));
passphrase_reenable_echo1(fd);
close(fd);
exit(EXIT_ERROR);
}
#else
passphrase = read_passphrase(fd);
if (!passphrase) {
tcsetattr(fd, TCSAFLUSH, &stty_original);
close(fd);
exit(EXIT_ERROR);
}
#endif
got = crypt(passphrase, expected);
#ifdef WITH_LIBPASSPHRASE
passphrase_wipe1(passphrase);
#else
memset(passphrase, 0, strlen(passphrase));
#endif
free(passphrase);
if (strcmp(got, expected)) {
fprintf(stderr, "%s: incorrect password, please try again\n", argv0);
#if RETRY_SLEEP > 0
tcsetattr(fd, TCSAFLUSH, &stty_sleep);
sleep(RETRY_SLEEP);
tcsetattr(fd, TCSAFLUSH, &stty_enter);
#endif
goto again;
}
#ifdef WITH_LIBPASSPHRASE
passphrase_reenable_echo1(fd);
#else
tcsetattr(fd, TCSAFLUSH, &stty_original);
#endif
close(fd);
}
int
main(int argc, char *argv[])
{
int keep_env = 0;
char **new_environ = NULL;
ARGBEGIN {
case 'e':
keep_env = 1;
break;
default:
usage();
} ARGEND;
if (!argc)
usage();
check_password();
if (!keep_env)
new_environ = set_environ();
if (setgid(0)) {
fprintf(stderr, "%s: setgid 0: %s\n", argv0, strerror(errno));
exit(EXIT_ERROR);
}
if (setuid(0)) {
fprintf(stderr, "%s: setuid 0: %s\n", argv0, strerror(errno));
exit(EXIT_ERROR);
}
if (new_environ)
environ = new_environ;
execvp(argv[0], argv);
fprintf(stderr, "%s: execvpe %s: %s\n", argv0, argv[0], strerror(errno));
return errno == ENOENT ? EXIT_NOENT : EXIT_EXEC;
}
