aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2008-04-03 17:38:43 -0400
committerBill Nottingham <notting@redhat.com>2008-04-03 17:38:43 -0400
commit8107b70fe8168264cbf5b5fed32e41fcafd0e2df (patch)
treeb13e96ce0ef8a1e9fc3983237b4613396f04310b
parent6aebc60dd20d3528ad5eee0438a4e65f02adfae0 (diff)
downloadinitscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar
initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar.gz
initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar.bz2
initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar.xz
initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.zip
Add a 'securetty' command that frobs /etc/securetty. Call it from the serial event. (#437381)
-rw-r--r--event.d/serial2
-rw-r--r--initscripts.spec1
-rw-r--r--src/Makefile6
-rw-r--r--src/securetty.c94
4 files changed, 102 insertions, 1 deletions
diff --git a/event.d/serial b/event.d/serial
index 8751ef84..80695338 100644
--- a/event.d/serial
+++ b/event.d/serial
@@ -15,6 +15,8 @@ pre-start script
esac
sleep 1
done
+ /sbin/securetty $1
+end script
exec /sbin/agetty /dev/$1 $2 vt100-nav
post-stop script
if [ "$UPSTART_EVENT" != "${UPSTART_EVENT##fedora.serial-console-available}" ]; then
diff --git a/initscripts.spec b/initscripts.spec
index 08de49a8..1314cfdb 100644
--- a/initscripts.spec
+++ b/initscripts.spec
@@ -185,6 +185,7 @@ rm -rf $RPM_BUILD_ROOT
/sbin/fstab-decode
/sbin/genhostid
/sbin/getkey
+/sbin/securetty
%attr(2755,root,root) /sbin/netreport
/sbin/initlog
/lib/udev/rename_device
diff --git a/src/Makefile b/src/Makefile
index 887e2373..b793300b 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -2,7 +2,7 @@ CFLAGS+=$(RPM_OPT_FLAGS) -Wall -D_GNU_SOURCE
PROGS=usernetctl doexec netreport testd usleep ipcalc initlog \
fstab-decode getkey ppp-watch consoletype genhostid rename_device \
- console_init console_check
+ console_init console_check securetty
PPPWATCH_OBJS=ppp-watch.o shvar.o
CONSOLE_INIT_OBJS=console_init.o shvar.o
INITLOG_OBJS=initlog.o process.o
@@ -28,6 +28,7 @@ install:
install -m 755 getkey $(ROOT)/sbin/getkey
install -m 755 ppp-watch $(ROOT)/sbin/ppp-watch
install -m 755 consoletype $(ROOT)/sbin/consoletype
+ install -m 755 securetty $(ROOT)/sbin/securetty
install -m 755 rename_device $(ROOT)/lib/udev/rename_device
install -m 755 console_init $(ROOT)/lib/udev/console_init
install -m 755 console_check $(ROOT)/lib/udev/console_check
@@ -72,6 +73,9 @@ usernetctl.o: usernetctl.c
usernetctl: usernetctl.c usernetctl.o
$(CC) $(LDFLAGS) -pie -o $@ $@.o
+securetty: securetty.o
+ $(CC) $(LDFLAGS) -o $@ $<
+
shvar.o: shvar.c
$(CC) $(CFLAGS) `pkg-config glib-2.0 --cflags` -c shvar.c -o shvar.o
diff --git a/src/securetty.c b/src/securetty.c
new file mode 100644
index 00000000..f1505076
--- /dev/null
+++ b/src/securetty.c
@@ -0,0 +1,94 @@
+
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+void alarm_handler(int num) {
+ return;
+}
+
+int open_and_lock_securetty() {
+ int fd;
+ struct flock lock;
+ struct sigaction act, oldact;
+
+ lock.l_type = F_WRLCK;
+ lock.l_whence = SEEK_SET;
+ lock.l_start = 0;
+ lock.l_len = 0;
+
+ fd = open("/etc/securetty", O_RDWR);
+ if (fd == -1) {
+ syslog(LOG_ERR, "Couldn't open /etc/securetty: %s",strerror(errno));
+ return -1;
+ }
+ act.sa_handler = alarm_handler;
+ act.sa_flags = 0;
+ sigaction(SIGALRM, &act, &oldact);
+ alarm(2);
+ while (fcntl(fd, F_SETLKW, &lock) == -1) {
+ if (errno == EINTR) {
+ syslog(LOG_ERR, "Couldn't lock /etc/securetty: Timeout exceeded");
+ } else {
+ syslog(LOG_ERR, "Couldn't lock /etc/securetty: %s",strerror(errno));
+ }
+ return -1;
+ }
+ alarm(0);
+ sigaction(SIGALRM, &oldact, NULL);
+ return fd;
+}
+
+int rewrite_securetty(char *terminal) {
+ int fd;
+ char *buf, *pos;
+ struct stat sbuf;
+
+ fd = open_and_lock_securetty();
+ if (fd == -1)
+ return 1;
+ if (fstat(fd, &sbuf) == -1) {
+ close(fd);
+ syslog(LOG_ERR, "Couldn't stat /etc/securetty: %s",strerror(errno));
+ return 1;
+ }
+ buf = malloc(sbuf.st_size + 1);
+ if (read(fd, buf, sbuf.st_size) != sbuf.st_size) {
+ close(fd);
+ syslog(LOG_ERR, "Couldn't read /etc/securetty: %s",strerror(errno));
+ return 1;
+ }
+ if (!strncmp(buf,terminal,strlen(terminal)) && buf[strlen(terminal)] == '\n')
+ goto out_ok;
+ if ((pos = strstr(buf, terminal))) {
+ if (pos[strlen(terminal)] == '\n' && *(pos-1) == '\n')
+ goto out_ok;
+ }
+ if (lseek(fd, 0, SEEK_END) == -1) {
+ close(fd);
+ syslog(LOG_ERR, "Couldn't seek to end of /etc/securetty: %s",strerror(errno));
+ return 1;
+ }
+ write(fd, terminal, strlen(terminal));
+ write(fd, "\n", 1);
+out_ok:
+ close(fd);
+ return 0;
+}
+
+int main(int argc, char **argv) {
+ if (argc < 2 ) {
+ fprintf(stderr, "Usage: securetty <device>\n");
+ exit(1);
+ }
+ openlog("securetty", LOG_CONS, LOG_DAEMON);
+ return rewrite_securetty(argv[1]);
+}