summaryrefslogtreecommitdiffstats
path: root/lib/console.c
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-26 16:18:36 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-26 16:18:36 +0000
commit6c3ea4f47ea280811a7fe53a22f7832e4533c9ec (patch)
tree3d7ed5da23b5dbf6f9e450dfb61642832249c31e /lib/console.c
parentAdding upstream version 1:4.13+dfsg1. (diff)
downloadshadow-upstream/1%4.15.2.tar.xz
shadow-upstream/1%4.15.2.zip
Adding upstream version 1:4.15.2.upstream/1%4.15.2upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/console.c')
-rw-r--r--lib/console.c109
1 files changed, 109 insertions, 0 deletions
diff --git a/lib/console.c b/lib/console.c
new file mode 100644
index 0000000..92065d9
--- /dev/null
+++ b/lib/console.c
@@ -0,0 +1,109 @@
+/*
+ * SPDX-FileCopyrightText: 1991 , Julianne Frances Haugh
+ * SPDX-FileCopyrightText: 1991 , Chip Rosenthal
+ * SPDX-FileCopyrightText: 1996 - 1998, Marek Michałkiewicz
+ * SPDX-FileCopyrightText: 2003 - 2005, Tomasz Kłoczko
+ * SPDX-FileCopyrightText: 2007 - 2010, Nicolas François
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <config.h>
+#include "defines.h"
+#include <stdio.h>
+#include "getdef.h"
+#include "prototypes.h"
+#include "string/strtcpy.h"
+
+#ident "$Id$"
+
+/*
+ * This is now rather generic function which decides if "tty" is listed
+ * under "cfgin" in config (directly or indirectly). Fallback to default if
+ * something is bad.
+ */
+static bool is_listed (const char *cfgin, const char *tty, bool def)
+{
+ FILE *fp;
+ char buf[1024], *s;
+ const char *cons;
+
+ /*
+ * If the CONSOLE configuration definition isn't given,
+ * fallback to default.
+ */
+
+ cons = getdef_str (cfgin);
+ if (NULL == cons) {
+ return def;
+ }
+
+ /*
+ * If this isn't a filename, then it is a ":" delimited list of
+ * console devices upon which root logins are allowed.
+ */
+
+ if (*cons != '/') {
+ char *pbuf;
+ STRTCPY(buf, cons);
+ pbuf = &buf[0];
+ while ((s = strtok (pbuf, ":")) != NULL) {
+ if (strcmp (s, tty) == 0) {
+ return true;
+ }
+
+ pbuf = NULL;
+ }
+ return false;
+ }
+
+ /*
+ * If we can't open the console list, then call everything a
+ * console - otherwise root will never be allowed to login.
+ */
+
+ fp = fopen (cons, "r");
+ if (NULL == fp) {
+ return def;
+ }
+
+ /*
+ * See if this tty is listed in the console file.
+ */
+
+ while (fgets (buf, sizeof (buf), fp) != NULL) {
+ /* Remove optional trailing '\n'. */
+ buf[strcspn (buf, "\n")] = '\0';
+ if (strcmp (buf, tty) == 0) {
+ (void) fclose (fp);
+ return true;
+ }
+ }
+
+ /*
+ * This tty isn't a console.
+ */
+
+ (void) fclose (fp);
+ return false;
+}
+
+/*
+ * console - return 1 if the "tty" is a console device, else 0.
+ *
+ * Note - we need to take extreme care here to avoid locking out root logins
+ * if something goes awry. That's why we do things like call everything a
+ * console if the consoles file can't be opened. Because of this, we must
+ * warn the user to protect against the remove of the consoles file since
+ * that would allow an unauthorized root login.
+ */
+
+bool console (const char *tty)
+{
+ if (strncmp (tty, "/dev/", 5) == 0) {
+ tty += 5;
+ }
+
+ return is_listed ("CONSOLE", tty, true);
+}
+