[login-utils/sulogin.c:398] -> [login-utils/sulogin.c:171]: (style) Local
variable set shadows outer function
[login-utils/sulogin.c:398] -> [login-utils/sulogin.c:830]: (style) Local
variable set shadows outer function
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* removes unnecessary variable
* the current code restores signals always when shell has not been
executed -- this is correct as function sushell() modify signal
mask, but in all another cases we do not need touch the mask.
Especially when we ask for the password in endless while() loop...
Signed-off-by: Karel Zak <kzak@redhat.com>
changed in include/c.h and applied via sed:
sed -i 's/fprintf.*\(USAGE_MAN_TAIL.*\)/printf(\1/' $(git ls-files -- "*.c")
sed -i 's/print_usage_help_options\(.*\);/printf(USAGE_HELP_OPTIONS\1);/' $(git ls-files -- "*.c")
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Consolidate --help and --version descriptions. We are
now able to align them to the other options.
We changed include/c.h. The rest of this patch was
generated by sed, plus manually setting the right
alignment numbers. We do not change anything but
white spaces in the --help output.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
(Original patch and commit message edited by Rudi.)
gcc-7 adds -Wimplicit-fallthrough=3 to our default flag -Wextra.
This warning can be silenced by using comment /* fallthrough */
which is also recognized by other tools like coverity. There are
also other valid comments (see man gcc-7) but we consolidate this
style now.
We could have also used __attribute__((fallthrough)) but the comment
looks nice and does not need to be ifdef'ed for compatibility.
Reference: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=7652
Reference: https://developers.redhat.com/blog/2017/03/10/wimplicit-fallthrough-in-gcc-7/
Reviewed-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Suggested-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Hopefully these changes are unreachable code, but better safe than sorry
when dealing with setuid root code that is installed everywhere. Quite
obviously the introduced abort() calls protect from impossible inputs.
Secondly set all possible data to be read-only in attempt to make it more
difficult to alter anything at all.
Reference: https://www.securecoding.cert.org/confluence/display/c/DCL00-C.+Const-qualify+immutable+objects
Reviewed-by: Petr Vorel <petr.vorel@gmail.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
text-utils/tailf.c:69:21: warning: Using plain integer as NULL pointer
Since many 'struct option' has used zero as NULL make them more readable in
same go by reindenting, and using named argument requirements.
Reference: https://lwn.net/Articles/93577/
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
* the variable definition with hidden type is always horrible, for
example:
int func() {
LIST_HEAD(foo);
...
}
the more readable is:
int func() {
struct list_head foo;
INIT_LIST_HEAD(&foo);
...
}
* the name LIST_HEAD conflict with /usr/include/sys/queue.h
* we use it only on two places in sulogin
Signed-off-by: Karel Zak <kzak@redhat.com>
If timeout happens while waiting in prompt, bail out instead
of retrying.
Reported-by: Bjørn Mork <bjorn@mork.no>
Addresses: http://bugs.debian.org/846107
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
This makes the caller bail out early instead of evaluating the
input as a password.
Reported-by: Bjørn Mork <bjorn@mork.no>
Addresses: http://bugs.debian.org/846112
Signed-off-by: Andreas Henriksson <andreas@fatal.se>
Fix various typos in error messages, warnings, debug strings,
comments and names of static functions.
Signed-off-by: Sebastian Rasmussen <sebras@gmail.com>
The plymouth support depends on Linux specific SOCK_* flags and all
the feature is probably unnecessary in some cases (non-plymouth
distros, etc.)
Signed-off-by: Karel Zak <kzak@redhat.com>
for stopping plymouthd. That do not depend on the existence of
the plymouth binary if it e.g. becomes uninstalled or an other
service is providing plymouthd facilities.
[kzak@redhat.com: - fix compiler warnings [-Wpointer-sign]
- use sizeof() for write_all()
- cast to char* for read_all]
Signed-off-by: Werner Fink <werner@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
If the root account is locked and no password was provided then the terminal
line is not set back to do echo of the input. This correct a small overlook
in commit 7ff1162e67
Signed-off-by: Werner Fink <werner@suse.de>
This happens on Debian kFreeBSD and probably on Hurd too since
cde7699c. One should review this issue to fix it properly.
CC: Werner Fink <werner@suse.de>
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
This small patch improves the console detection code and also avoids not
existing device nodes due strdup() which is used in canonicalize_path().
Beside this now the code for emergeny mount does work if enabled at
configure time.
Signed-off-by: Werner Fink <werner@suse.de>
Some installations and distributions don't use a root account password
for security reasons and use sudo instead. In that case, asking for the
password makes no sense, and it is not even considered as valid as it's just
"*" or "!".
In these cases --force is required to just start a root shell and no
ask for password.
I don't think it's a good idea to automatically start root shell when
locked account is detected. It's possible that the machine is on
public place and for example Ubuntu uses root account disabled by
default (and also Fedora when installed by yum/dnf without anaconda).
The --force option forces admins to think about it...
The distro maintainers can also use --force in their initscripts or
systemd emergency.service if they believe that promiscuous setting is
the right thing for the distro.
Addresses: https://bugs.debian.org/326678
Signed-off-by: Karel Zak <kzak@redhat.com>
* according to "man getpwnam" 16384 bytes is enough to store one
passwd entry (let's use 2*BUFSIZE to avoid magic numbers in code)
* don't use strcpy() to set empty password
Signed-off-by: Karel Zak <kzak@redhat.com>
As said in include/c.h the usleep() is marked as obsolete, so do the same
that most of the other util-linux calls do with this interface.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
This adds a concise description of a tool to its usage text.
A first form of this patch was proposed by Steven Honeyman
(see http://www.spinics.net/lists/util-linux-ng/msg09994.html).
Signed-off-by: Benno Schulenberg <bensberg@justemail.net>
For this approach do not use the ioctl TIOCMGET anymore as this
is for real serial lines only. But switch over to use the ioctl
KDGKBMODE as this is unique to the virtual console lines only.
Signed-off-by: Werner Fink <werner@suse.de>
That is that there are several consoles, the /dev/ttyS0 which
is type of ibm3215 and a dumb terminal, then there is the device
/dev/3270/tty1 which can handle ANSI color escape sequences and is
a ibm327x terminal, and the /dev/ttyS1 which is a vt220 terminal.
The macro is_speed() in agetty.c allows to distinguish between the
terminal line (/dev)3270/tty1 and the speed options on the command
line used in
/run/systemd/generator/getty.target.wants/serial-getty@3270-tty1.service
which is a symbolic link to /usr/lib/systemd/system/serial-getty@.service
Signed-off-by: Werner Fink <werner@suse.de>
The nowadays used plymouth locks the devices used for the system
console which causes that agetty as well as sulogin can not modify
the termios settings of e.g. the serial devices of the systenm console.
Signed-off-by: Werner Fink <werner@suse.de>
Let's use nanosleep() although if usleep() exists. The nanosleep
function does no interact with signals and other timers.
The patch introduces xusleep() as replacement to libc (or our fallback)
usleep(). Yes, we don't want to use struct timespec + nanosleep()
everywhere in code as nano-time resolution is useless for us.
The patch also enlarges delays in some busy wait loops. It seems
enough to try read/write 4x per second.
Signed-off-by: Karel Zak <kzak@redhat.com>
sulogin(8) should not run if there is no /etc/{passwd,shadow} entry
and --force command line option is no specified otherwise NULL pointer
dereference is possible.
Signed-off-by: Karel Zak <kzak@redhat.com>
this one moves the init_chardata to include/ttyutils.h as well as to
lib/include/ttyutils.c. Also the macros CTL/CTRL are fixed in
agetty.c and sulogin.c to use the XOR variant CTL.
[kzak@redhat.com: use macro rather than global variable for default
chardata]
Signed-off-by: Werner Fink <werner@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
We're not Russian roulette players, so don't use such ugly things at all..
Reported-by: Dave Reisner <d@falconindy.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
- move struct chardata to include/ttyutils.h
- move console.{h,c} to login-utils/sulogin-* (it's sulogin specific)
- fix sulogin and agetty includes
Signed-off-by: Karel Zak <kzak@redhat.com>
Now after adding Conflicts=rescue.service to getty@.service and
serial-getty@.service and Conflicts=getty.target to rescue.target
all works with `systemctl rescue'. Even adding init=/sbin/sulogin
to the kernels command line by using the `e' key in grub2 boot
menu works flawless.
This version is without the emergency code as I've this moved to
lib/console.c where it belongs to.
Signed-off-by: Werner Fink <werner@suse.de>
Sami Kerola
Karel Zak
Ruediger Meier
Andreas Henriksson
Sebastian Rasmussen
Werner Fink
Ruediger Meier
Benno Schulenberg
Samuel Thibault