Add a 'securetty' command that frobs /etc/securetty. Call it from the serial event. (#437381)

4 files changed, 102 insertions, 1 deletions

diff --git a/event.d/serial b/event.d/serial
index 8751ef84..80695338 100644
--- a/event.d/serial
+++ b/event.d/serial
@@ -15,6 +15,8 @@ pre-start script
 		esac
 		sleep 1
 	done
+	/sbin/securetty $1
+end script
 exec /sbin/agetty /dev/$1 $2 vt100-nav
 post-stop script
 	if [ "$UPSTART_EVENT" != "${UPSTART_EVENT##fedora.serial-console-available}" ]; then
diff --git a/initscripts.spec b/initscripts.spec
index 08de49a8..1314cfdb 100644
--- a/initscripts.spec
+++ b/initscripts.spec
@@ -185,6 +185,7 @@ rm -rf $RPM_BUILD_ROOT
 /sbin/fstab-decode
 /sbin/genhostid
 /sbin/getkey
+/sbin/securetty
 %attr(2755,root,root) /sbin/netreport
 /sbin/initlog
 /lib/udev/rename_device
diff --git a/src/Makefile b/src/Makefile
index 887e2373..b793300b 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -2,7 +2,7 @@ CFLAGS+=$(RPM_OPT_FLAGS) -Wall -D_GNU_SOURCE
 
 PROGS=usernetctl doexec netreport testd usleep ipcalc initlog \
 	fstab-decode getkey ppp-watch consoletype genhostid rename_device \
-	console_init console_check
+	console_init console_check securetty
 PPPWATCH_OBJS=ppp-watch.o shvar.o
 CONSOLE_INIT_OBJS=console_init.o shvar.o
 INITLOG_OBJS=initlog.o process.o
@@ -28,6 +28,7 @@ install:
 	install -m 755 getkey $(ROOT)/sbin/getkey
 	install -m 755 ppp-watch $(ROOT)/sbin/ppp-watch
 	install -m 755 consoletype $(ROOT)/sbin/consoletype
+	install -m 755 securetty $(ROOT)/sbin/securetty
 	install -m 755 rename_device $(ROOT)/lib/udev/rename_device
 	install -m 755 console_init $(ROOT)/lib/udev/console_init
 	install -m 755 console_check $(ROOT)/lib/udev/console_check
@@ -72,6 +73,9 @@ usernetctl.o: usernetctl.c
 usernetctl: usernetctl.c usernetctl.o
 	$(CC) $(LDFLAGS) -pie -o $@ $@.o
 
+securetty: securetty.o
+	$(CC) $(LDFLAGS) -o $@ $<
+
 shvar.o: shvar.c
 	$(CC) $(CFLAGS) `pkg-config glib-2.0 --cflags` -c shvar.c -o shvar.o
 
diff --git a/src/securetty.c b/src/securetty.c
new file mode 100644
index 00000000..f1505076
--- /dev/null
+++ b/src/securetty.c
@@ -0,0 +1,94 @@
+
+#include <errno.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+
+void alarm_handler(int num) {
+        return;
+}
+
+int open_and_lock_securetty() {
+        int fd;
+        struct flock lock;
+        struct sigaction act, oldact;
+        
+        lock.l_type = F_WRLCK;
+        lock.l_whence = SEEK_SET;
+        lock.l_start = 0;
+        lock.l_len = 0;
+      
+        fd = open("/etc/securetty", O_RDWR);
+        if (fd == -1) {
+                syslog(LOG_ERR, "Couldn't open /etc/securetty: %s",strerror(errno));
+                return -1;
+        }
+        act.sa_handler = alarm_handler;
+        act.sa_flags = 0;
+        sigaction(SIGALRM, &act, &oldact);
+        alarm(2);
+        while (fcntl(fd, F_SETLKW, &lock) == -1) {
+                if (errno == EINTR) {
+                        syslog(LOG_ERR, "Couldn't lock /etc/securetty: Timeout exceeded");
+                } else {
+                        syslog(LOG_ERR, "Couldn't lock /etc/securetty: %s",strerror(errno));
+                }
+                return -1;
+        }
+        alarm(0);
+        sigaction(SIGALRM, &oldact, NULL);
+        return fd;
+}
+
+int rewrite_securetty(char *terminal) {
+        int fd;
+        char *buf, *pos;
+        struct stat sbuf;
+        
+        fd = open_and_lock_securetty();
+        if (fd == -1)
+                return 1;
+        if (fstat(fd, &sbuf) == -1) {
+                close(fd);
+                syslog(LOG_ERR, "Couldn't stat /etc/securetty: %s",strerror(errno));
+                return 1;
+        }
+        buf = malloc(sbuf.st_size + 1);
+        if (read(fd, buf, sbuf.st_size) != sbuf.st_size) {
+                close(fd);
+                syslog(LOG_ERR, "Couldn't read /etc/securetty: %s",strerror(errno));
+                return 1;
+        }
+        if (!strncmp(buf,terminal,strlen(terminal)) && buf[strlen(terminal)] == '\n')
+                goto out_ok;
+        if ((pos = strstr(buf, terminal))) {
+                if (pos[strlen(terminal)] == '\n' && *(pos-1) == '\n')
+                        goto out_ok;
+        }
+        if (lseek(fd, 0, SEEK_END) == -1) {
+                close(fd);
+                syslog(LOG_ERR, "Couldn't seek to end of /etc/securetty: %s",strerror(errno));
+                return 1;
+        }
+        write(fd, terminal, strlen(terminal));
+        write(fd, "\n", 1);
+out_ok:
+        close(fd);
+        return 0;
+}
+
+int main(int argc, char **argv) {
+        if (argc < 2 ) {
+                fprintf(stderr, "Usage: securetty <device>\n");
+                exit(1);
+        }
+        openlog("securetty", LOG_CONS, LOG_DAEMON);
+        return rewrite_securetty(argv[1]);
+}