From 823ca3ee71aabcac532c44e8d5489e4606594ac9 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Tue, 24 Apr 2012 17:50:42 -0400
Subject: securetty: check if the device is in the file before attempting to
 write to it

This avoids spurious failures on RO root systems.
---
 src/securetty.c | 58 ++++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 37 insertions(+), 21 deletions(-)

(limited to 'src')

diff --git a/src/securetty.c b/src/securetty.c
index 9ec8e7ef..a4768e35 100644
--- a/src/securetty.c
+++ b/src/securetty.c
@@ -18,6 +18,7 @@
 
 #include <errno.h>
 #include <fcntl.h>
+#include <limits.h>
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -25,6 +26,7 @@
 #include <syslog.h>
 #include <unistd.h>
 
+#include <sys/mman.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 
@@ -66,29 +68,10 @@ int open_and_lock_securetty() {
 
 int rewrite_securetty(char *terminal) {
         int fd;
-        char *buf, *pos;
-        struct stat sbuf;
         
         fd = open_and_lock_securetty();
         if (fd == -1)
                 return 1;
-        if (fstat(fd, &sbuf) == -1) {
-                close(fd);
-                syslog(LOG_ERR, "Couldn't stat /etc/securetty: %s",strerror(errno));
-                return 1;
-        }
-        buf = malloc(sbuf.st_size + 1);
-        if (read(fd, buf, sbuf.st_size) != sbuf.st_size) {
-                close(fd);
-                syslog(LOG_ERR, "Couldn't read /etc/securetty: %s",strerror(errno));
-                return 1;
-        }
-        if (!strncmp(buf,terminal,strlen(terminal)) && buf[strlen(terminal)] == '\n')
-                goto out_ok;
-        if ((pos = strstr(buf, terminal))) {
-                if (pos[strlen(terminal)] == '\n' && *(pos-1) == '\n')
-                        goto out_ok;
-        }
         if (lseek(fd, 0, SEEK_END) == -1) {
                 close(fd);
                 syslog(LOG_ERR, "Couldn't seek to end of /etc/securetty: %s",strerror(errno));
@@ -96,16 +79,49 @@ int rewrite_securetty(char *terminal) {
         }
         write(fd, terminal, strlen(terminal));
         write(fd, "\n", 1);
-out_ok:
         close(fd);
         return 0;
 }
 
+int check_securetty(char *terminal) {
+        int fd, rc = 1;
+        char *buf, term[PATH_MAX];
+        struct stat sb;
+
+        fd = open("/etc/securetty", O_RDONLY);
+        if (fd == -1)
+                goto out;
+        fstat(fd, &sb);
+        buf = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
+        if (buf == ((caddr_t) -1)) {
+                close(fd);
+                return 1;
+        }
+        snprintf(term,PATH_MAX,"%s\n",terminal);
+        if (!strncmp(buf,term,strlen(term))) {
+                rc = 0;
+                goto out_unmap;
+        }
+        snprintf(term,PATH_MAX,"\n%s\n",terminal);
+        if (strstr(buf,term)) {
+                rc = 0;
+                goto out_unmap;
+        }
+out_unmap:
+        munmap(buf, sb.st_size);
+out:
+        close(fd);
+        return rc;
+}
+
 int main(int argc, char **argv) {
         if (argc < 2 ) {
                 fprintf(stderr, "Usage: securetty <device>\n");
                 exit(1);
         }
         openlog("securetty", LOG_CONS, LOG_DAEMON);
-        return rewrite_securetty(argv[1]);
+        if (check_securetty(argv[1]))
+                return rewrite_securetty(argv[1]);
+        else
+                return 0;
 }
-- 
cgit v1.2.1