diff options
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | COPYING | 2 | ||||
| -rw-r--r-- | DEPENDENCIES | 4 | ||||
| -rw-r--r-- | Makefile | 39 | ||||
| -rw-r--r-- | README | 1 | ||||
| -rw-r--r-- | info/cerberus-securetty.texinfo | 5 | ||||
| -rwxr-xr-x | src/securetty | 91 |
7 files changed, 69 insertions, 75 deletions
@@ -1,4 +1,3 @@ -_/ bin/ obj/ \#*\# @@ -18,4 +17,3 @@ obj/ *.gz *.bz2 *.xz - @@ -1,6 +1,6 @@ cerberus-securetty – securetty support for cerberus -Copyright © 2015 Mattias Andrée (maandree@member.fsf.org) +Copyright © 2015 Mattias Andrée (m@maandree.se) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/DEPENDENCIES b/DEPENDENCIES index 58f05a1..b95563f 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -4,7 +4,6 @@ RUNTIME DEPENDENCIES: coreutils grep - BUILD DEPENDENCIES: coreutils @@ -12,10 +11,7 @@ BUILD DEPENDENCIES: texinfo (opt-out, for info manual, opt-in for pdf, dvi and ps manuals) texlive-core (opt-in for pdf, dvi and ps manuals) - INSTALL DEPENDENCIES: coreutils make - - @@ -10,6 +10,9 @@ DATA = /share DATADIR = $(PREFIX)$(DATA) DOCDIR = $(DATADIR)/doc INFODIR = $(DATADIR)/info + +TEXI2DVI = texi2dvi + LICENSEDIR = $(DATADIR)/licenses PKGNAME = cerberus-securetty @@ -33,21 +36,21 @@ info: cerberus-securetty.info pdf: cerberus-securetty.pdf %.pdf: info/%.texinfo info/fdl.texinfo @mkdir -p obj/pdf - cd obj/pdf ; yes X | texi2pdf ../../$< + cd obj/pdf && texi2pdf ../../$< < /dev/null mv obj/pdf/$@ $@ .PHONY: dvi dvi: cerberus-securetty.dvi %.dvi: info/%.texinfo info/fdl.texinfo @mkdir -p obj/dvi - cd obj/dvi ; yes X | $(TEXI2DVI) ../../$< + cd obj/dvi && $(TEXI2DVI) ../../$< < /dev/null mv obj/dvi/$@ $@ .PHONY: ps ps: cerberus-securetty.ps %.ps: info/%.texinfo info/fdl.texinfo @mkdir -p obj/ps - cd obj/ps ; yes X | texi2pdf --ps ../../$< + cd obj/ps && texi2pdf --ps ../../$< < /dev/null mv obj/ps/$@ $@ @@ -62,36 +65,36 @@ install-base: install-securetty install-license .PHONY: install-securetty install-securetty: - install -dm755 -- "$(DESTDIR)$(DATADIR)/$(PKGNAME)" - install -m755 -- src/securetty "$(DESTDIR)$(DATADIR)/$(PKGNAME)/securetty" + mkdir -p -- "$(DESTDIR)$(DATADIR)/$(PKGNAME)" + cp -- src/securetty "$(DESTDIR)$(DATADIR)/$(PKGNAME)/securetty" .PHONY: install-license install-license: - install -dm755 -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" - install -m644 -- COPYING LICENSE "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" + mkdir -p -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" + cp -- COPYING LICENSE "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" .PHONY: install-doc install-doc: install-info install-pdf install-ps install-dvi .PHONY: install-info install-info: cerberus-securetty.info - install -dm755 -- "$(DESTDIR)$(INFODIR)" - install -m644 -- "$<" "$(DESTDIR)$(INFODIR)/$(PKGNAME).info" + mkdir -p -- "$(DESTDIR)$(INFODIR)" + cp -- cerberus-securetty.info "$(DESTDIR)$(INFODIR)/$(PKGNAME).info" .PHONY: install-pdf install-pdf: cerberus-securetty.pdf - install -dm755 -- "$(DESTDIR)$(DOCDIR)" - install -m644 -- "$<" "$(DESTDIR)$(DOCDIR)/$(PKGNAME).pdf" + mkdir -p -- "$(DESTDIR)$(DOCDIR)" + cp -- cerberus-securetty.pdf "$(DESTDIR)$(DOCDIR)/$(PKGNAME).pdf" .PHONY: install-ps install-ps: cerberus-securetty.ps - install -dm755 -- "$(DESTDIR)$(DOCDIR)" - install -m644 -- "$<" "$(DESTDIR)$(DOCDIR)/$(PKGNAME).ps" + mkdir -p -- "$(DESTDIR)$(DOCDIR)" + cp -- cerberus-securetty.ps "$(DESTDIR)$(DOCDIR)/$(PKGNAME).ps" .PHONY: install-dvi install-dvi: cerberus-securetty.dvi - install -dm755 -- "$(DESTDIR)$(DOCDIR)" - install -m644 -- "$<" "$(DESTDIR)$(DOCDIR)/$(PKGNAME).dvi" + mkdir -p -- "$(DESTDIR)$(DOCDIR)" + cp -- cerberus-securetty.dvi "$(DESTDIR)$(DOCDIR)/$(PKGNAME).dvi" .PHONY: uninstall @@ -101,7 +104,7 @@ uninstall: -rm -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)/COPYING" -rm -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)/LICENSE" -rmdir -- "$(DESTDIR)$(LICENSEDIR)/$(PKGNAME)" - -rmdir -- "$(DESTDIR)$(PREFIX)$(LICENSES)/$(PKGNAME)" + -rmdir -- "$(DESTDIR)$(LICENSEDIR)" -rm -- "$(DESTDIR)$(INFODIR)/$(PKGNAME).info" -rm -- "$(DESTDIR)$(DOCDIR)/$(PKGNAME).pdf" -rm -- "$(DESTDIR)$(DOCDIR)/$(PKGNAME).ps" @@ -110,5 +113,5 @@ uninstall: .PHONY: clean clean: - -rm -r bin obj *.su src/*.su cerberus-securetty.{info,pdf,ps,dvi} - + -rm -fr -- bin obj *.su src/*.su + -rm -f -- cerberus-securetty.info cerberus-securetty.pdf cerberus-securetty.ps cerberus-securetty.dvi @@ -1,2 +1 @@ /etc/securetty support for cerberus. - diff --git a/info/cerberus-securetty.texinfo b/info/cerberus-securetty.texinfo index c6af87d..99f566b 100644 --- a/info/cerberus-securetty.texinfo +++ b/info/cerberus-securetty.texinfo @@ -59,8 +59,8 @@ Texts. A copy of the license is included in the section entitled @node Overview @chapter Overview -@command{cerberus-securetty} is extension to @command{cerberus} -for verifying that root may login on the TTY. +@command{cerberus-securetty} is an extension to @command{cerberus} +for verifying that root may log in on the TTY. The @command{cerberus-securetty} package includes a shell script named @file{securetty} stored in @file{/usr/share/cerberus-securetty}. @@ -77,4 +77,3 @@ or from @file{/etc/cerberusrc} run @include fdl.texinfo @bye - diff --git a/src/securetty b/src/securetty index 3022b82..3e9c3ac 100755 --- a/src/securetty +++ b/src/securetty @@ -2,7 +2,7 @@ # cerberus-securetty – securetty support for cerberus # -# Copyright © 2015 Mattias Andrée (maandree@member.fsf.org) +# Copyright © 2015 Mattias Andrée (m@maandree.se) # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -31,53 +31,52 @@ shift 1 hostname_on_next=0 dash=0 for arg in "$@"; do - if [ "${arg}" = "" ]; then - true - elif [ "${arg::1}" = "-" ] && [ ${dash} = 0 ]; then - arg="${arg:1}" - while [ ! "${arg}" = "" ]; do - c="${arg::1}" - arg="${arg:1}" - if [ "${c}" = "h" ]; then # hostname - if [ ! "${arg}" = "" ]; then - hostname="${arg}" - else - hostname_on_next=1 - fi - break - elif [ "${c}" = "f" ]; then # force - if [ ! "${arg}" = "" ]; then - username="${arg}" - fi - break - elif [ "${c}" = "-" ]; then # username - dash=1 - break - fi - done - elif [ ${hostname_on_next} = 1 ]; then - hostname="${arg}" - hostname_on_next=0 - else - username="${arg}" - fi + if test -z "${arg}"; then + : + elif test "${arg::1}" = "-" && test ${dash} = 0; then + arg="${arg:1}" + while test -z "${arg}"; do + c="${arg::1}" + arg="${arg:1}" + if test "${c}" = "h"; then # hostname + if test -n "${arg}"; then + hostname="${arg}" + else + hostname_on_next=1 + fi + break + elif test "${c}" = "f"; then # force + if test -n "${arg}"; then + username="${arg}" + fi + break + elif test "${c}" = "-"; then # username + dash=1 + break + fi + done + elif test ${hostname_on_next} = 1; then + hostname="${arg}" + hostname_on_next=0 + else + username="${arg}" + fi done # Verify that the user may log in -if [ "${hook}" = verify ]; then - if [ ! "${username}" = root ]; then - exit 0 # Not root: may log in - elif [ ! "${hostname}" = "" ]; then - echo "Sorry, root may not log in remotely" >&2 - exit 1 # Remote root: may not log in - elif [ ! -f "/etc/securetty" ]; then - exit 0 # /etc/securetty does not exist: may log in - elif grep "^${ttyname}$" < "/etc/securetty" > "/dev/null" 2> "/dev/null"; then - exit 0 # Root on whitelisted tty: may log in - else - echo "Sorry, root may not log in on ${ttyname}, see /etc/securetty available TTY:s" >&2 - exit 1 # Root on non-whitelisted tty: may not log in - fi +if test "${hook}" = verify; then + if test ! "${username}" = root; then + exit 0 # Not root: may log in + elif test -n "${hostname}"; then + printf '%s\n' "Sorry, root may not log in remotely" >&2 + exit 1 # Remote root: may not log in + elif test ! -f "/etc/securetty"; then + exit 0 # /etc/securetty does not exist: may log in + elif grep -q "^${ttyname}$" < "/etc/securetty" 2> "/dev/null"; then + exit 0 # Root on whitelisted tty: may log in + else + printf '%s\n' "Sorry, root may not log in on ${ttyname}, see /etc/securetty for available TTYs" >&2 + exit 1 # Root on non-whitelisted tty: may not log in + fi fi - |