diff options
author | Bill Nottingham <notting@redhat.com> | 2008-04-03 17:38:43 -0400 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2008-04-03 17:38:43 -0400 |
commit | 8107b70fe8168264cbf5b5fed32e41fcafd0e2df (patch) | |
tree | b13e96ce0ef8a1e9fc3983237b4613396f04310b | |
parent | 6aebc60dd20d3528ad5eee0438a4e65f02adfae0 (diff) | |
download | initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar.gz initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar.bz2 initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.tar.xz initscripts-8107b70fe8168264cbf5b5fed32e41fcafd0e2df.zip |
Add a 'securetty' command that frobs /etc/securetty. Call it from the serial event. (#437381)
-rw-r--r-- | event.d/serial | 2 | ||||
-rw-r--r-- | initscripts.spec | 1 | ||||
-rw-r--r-- | src/Makefile | 6 | ||||
-rw-r--r-- | src/securetty.c | 94 |
4 files changed, 102 insertions, 1 deletions
diff --git a/event.d/serial b/event.d/serial index 8751ef84..80695338 100644 --- a/event.d/serial +++ b/event.d/serial @@ -15,6 +15,8 @@ pre-start script esac sleep 1 done + /sbin/securetty $1 +end script exec /sbin/agetty /dev/$1 $2 vt100-nav post-stop script if [ "$UPSTART_EVENT" != "${UPSTART_EVENT##fedora.serial-console-available}" ]; then diff --git a/initscripts.spec b/initscripts.spec index 08de49a8..1314cfdb 100644 --- a/initscripts.spec +++ b/initscripts.spec @@ -185,6 +185,7 @@ rm -rf $RPM_BUILD_ROOT /sbin/fstab-decode /sbin/genhostid /sbin/getkey +/sbin/securetty %attr(2755,root,root) /sbin/netreport /sbin/initlog /lib/udev/rename_device diff --git a/src/Makefile b/src/Makefile index 887e2373..b793300b 100644 --- a/src/Makefile +++ b/src/Makefile @@ -2,7 +2,7 @@ CFLAGS+=$(RPM_OPT_FLAGS) -Wall -D_GNU_SOURCE PROGS=usernetctl doexec netreport testd usleep ipcalc initlog \ fstab-decode getkey ppp-watch consoletype genhostid rename_device \ - console_init console_check + console_init console_check securetty PPPWATCH_OBJS=ppp-watch.o shvar.o CONSOLE_INIT_OBJS=console_init.o shvar.o INITLOG_OBJS=initlog.o process.o @@ -28,6 +28,7 @@ install: install -m 755 getkey $(ROOT)/sbin/getkey install -m 755 ppp-watch $(ROOT)/sbin/ppp-watch install -m 755 consoletype $(ROOT)/sbin/consoletype + install -m 755 securetty $(ROOT)/sbin/securetty install -m 755 rename_device $(ROOT)/lib/udev/rename_device install -m 755 console_init $(ROOT)/lib/udev/console_init install -m 755 console_check $(ROOT)/lib/udev/console_check @@ -72,6 +73,9 @@ usernetctl.o: usernetctl.c usernetctl: usernetctl.c usernetctl.o $(CC) $(LDFLAGS) -pie -o $@ $@.o +securetty: securetty.o + $(CC) $(LDFLAGS) -o $@ $< + shvar.o: shvar.c $(CC) $(CFLAGS) `pkg-config glib-2.0 --cflags` -c shvar.c -o shvar.o diff --git a/src/securetty.c b/src/securetty.c new file mode 100644 index 00000000..f1505076 --- /dev/null +++ b/src/securetty.c @@ -0,0 +1,94 @@ + +#include <errno.h> +#include <fcntl.h> +#include <signal.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <syslog.h> +#include <unistd.h> + +#include <sys/types.h> +#include <sys/stat.h> + +void alarm_handler(int num) { + return; +} + +int open_and_lock_securetty() { + int fd; + struct flock lock; + struct sigaction act, oldact; + + lock.l_type = F_WRLCK; + lock.l_whence = SEEK_SET; + lock.l_start = 0; + lock.l_len = 0; + + fd = open("/etc/securetty", O_RDWR); + if (fd == -1) { + syslog(LOG_ERR, "Couldn't open /etc/securetty: %s",strerror(errno)); + return -1; + } + act.sa_handler = alarm_handler; + act.sa_flags = 0; + sigaction(SIGALRM, &act, &oldact); + alarm(2); + while (fcntl(fd, F_SETLKW, &lock) == -1) { + if (errno == EINTR) { + syslog(LOG_ERR, "Couldn't lock /etc/securetty: Timeout exceeded"); + } else { + syslog(LOG_ERR, "Couldn't lock /etc/securetty: %s",strerror(errno)); + } + return -1; + } + alarm(0); + sigaction(SIGALRM, &oldact, NULL); + return fd; +} + +int rewrite_securetty(char *terminal) { + int fd; + char *buf, *pos; + struct stat sbuf; + + fd = open_and_lock_securetty(); + if (fd == -1) + return 1; + if (fstat(fd, &sbuf) == -1) { + close(fd); + syslog(LOG_ERR, "Couldn't stat /etc/securetty: %s",strerror(errno)); + return 1; + } + buf = malloc(sbuf.st_size + 1); + if (read(fd, buf, sbuf.st_size) != sbuf.st_size) { + close(fd); + syslog(LOG_ERR, "Couldn't read /etc/securetty: %s",strerror(errno)); + return 1; + } + if (!strncmp(buf,terminal,strlen(terminal)) && buf[strlen(terminal)] == '\n') + goto out_ok; + if ((pos = strstr(buf, terminal))) { + if (pos[strlen(terminal)] == '\n' && *(pos-1) == '\n') + goto out_ok; + } + if (lseek(fd, 0, SEEK_END) == -1) { + close(fd); + syslog(LOG_ERR, "Couldn't seek to end of /etc/securetty: %s",strerror(errno)); + return 1; + } + write(fd, terminal, strlen(terminal)); + write(fd, "\n", 1); +out_ok: + close(fd); + return 0; +} + +int main(int argc, char **argv) { + if (argc < 2 ) { + fprintf(stderr, "Usage: securetty <device>\n"); + exit(1); + } + openlog("securetty", LOG_CONS, LOG_DAEMON); + return rewrite_securetty(argv[1]); +} |