diff options
| author | Mattias Andrée <m@maandree.se> | 2026-02-22 13:46:29 +0100 |
|---|---|---|
| committer | Mattias Andrée <m@maandree.se> | 2026-02-22 13:46:39 +0100 |
| commit | bfedd04199e1c74858ea7b6a073900c3c0e37005 (patch) | |
| tree | 3560f480a653a873fc60e554da8e07c2b4d1773f /src | |
| parent | m makefile (diff) | |
| download | cerberus-securetty-bfedd04199e1c74858ea7b6a073900c3c0e37005.tar.gz cerberus-securetty-bfedd04199e1c74858ea7b6a073900c3c0e37005.tar.bz2 cerberus-securetty-bfedd04199e1c74858ea7b6a073900c3c0e37005.tar.xz | |
Signed-off-by: Mattias Andrée <m@maandree.se>
Diffstat (limited to '')
| -rwxr-xr-x | src/securetty | 91 |
1 files changed, 45 insertions, 46 deletions
diff --git a/src/securetty b/src/securetty index 3022b82..3e9c3ac 100755 --- a/src/securetty +++ b/src/securetty @@ -2,7 +2,7 @@ # cerberus-securetty – securetty support for cerberus # -# Copyright © 2015 Mattias Andrée (maandree@member.fsf.org) +# Copyright © 2015 Mattias Andrée (m@maandree.se) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -31,53 +31,52 @@ shift 1 hostname_on_next=0 dash=0 for arg in "$@"; do - if [ "${arg}" = "" ]; then - true - elif [ "${arg::1}" = "-" ] && [ ${dash} = 0 ]; then - arg="${arg:1}" - while [ ! "${arg}" = "" ]; do - c="${arg::1}" - arg="${arg:1}" - if [ "${c}" = "h" ]; then # hostname - if [ ! "${arg}" = "" ]; then - hostname="${arg}" - else - hostname_on_next=1 - fi - break - elif [ "${c}" = "f" ]; then # force - if [ ! "${arg}" = "" ]; then - username="${arg}" - fi - break - elif [ "${c}" = "-" ]; then # username - dash=1 - break - fi - done - elif [ ${hostname_on_next} = 1 ]; then - hostname="${arg}" - hostname_on_next=0 - else - username="${arg}" - fi + if test -z "${arg}"; then + : + elif test "${arg::1}" = "-" && test ${dash} = 0; then + arg="${arg:1}" + while test -z "${arg}"; do + c="${arg::1}" + arg="${arg:1}" + if test "${c}" = "h"; then # hostname + if test -n "${arg}"; then + hostname="${arg}" + else + hostname_on_next=1 + fi + break + elif test "${c}" = "f"; then # force + if test -n "${arg}"; then + username="${arg}" + fi + break + elif test "${c}" = "-"; then # username + dash=1 + break + fi + done + elif test ${hostname_on_next} = 1; then + hostname="${arg}" + hostname_on_next=0 + else + username="${arg}" + fi done # Verify that the user may log in -if [ "${hook}" = verify ]; then - if [ ! "${username}" = root ]; then - exit 0 # Not root: may log in - elif [ ! "${hostname}" = "" ]; then - echo "Sorry, root may not log in remotely" >&2 - exit 1 # Remote root: may not log in - elif [ ! -f "/etc/securetty" ]; then - exit 0 # /etc/securetty does not exist: may log in - elif grep "^${ttyname}$" < "/etc/securetty" > "/dev/null" 2> "/dev/null"; then - exit 0 # Root on whitelisted tty: may log in - else - echo "Sorry, root may not log in on ${ttyname}, see /etc/securetty available TTY:s" >&2 - exit 1 # Root on non-whitelisted tty: may not log in - fi +if test "${hook}" = verify; then + if test ! "${username}" = root; then + exit 0 # Not root: may log in + elif test -n "${hostname}"; then + printf '%s\n' "Sorry, root may not log in remotely" >&2 + exit 1 # Remote root: may not log in + elif test ! -f "/etc/securetty"; then + exit 0 # /etc/securetty does not exist: may log in + elif grep -q "^${ttyname}$" < "/etc/securetty" 2> "/dev/null"; then + exit 0 # Root on whitelisted tty: may log in + else + printf '%s\n' "Sorry, root may not log in on ${ttyname}, see /etc/securetty for available TTYs" >&2 + exit 1 # Root on non-whitelisted tty: may not log in + fi fi - |