From 49cc996bd0c049c37e98506409c2e3ec30790bf0 Mon Sep 17 00:00:00 2001 From: Kaarle Ritvanen Date: Thu, 5 Nov 2015 16:27:34 +0200 Subject: [PATCH 08/12] login: move check_securetty to libbb --- include/libbb.h | 1 + libbb/Kbuild.src | 1 + libbb/securetty.c | 27 +++++++++++++++++++++++++++ loginutils/login.c | 19 ------------------- 4 files changed, 29 insertions(+), 19 deletions(-) create mode 100644 libbb/securetty.c diff --git a/include/libbb.h b/include/libbb.h index abdc8c2b8..38d6d0b1e 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -1390,6 +1390,7 @@ extern void selinux_or_die(void) FAST_FUNC; #define SETUP_ENV_NO_CHDIR (1 << 4) void setup_environment(const char *shell, int flags, const struct passwd *pw) FAST_FUNC; void nuke_str(char *str) FAST_FUNC; +int check_securetty(const char *short_tty); int check_password(const struct passwd *pw, const char *plaintext) FAST_FUNC; int ask_and_check_password_extended(const struct passwd *pw, int timeout, const char *prompt) FAST_FUNC; int ask_and_check_password(const struct passwd *pw) FAST_FUNC; diff --git a/libbb/Kbuild.src b/libbb/Kbuild.src index e426f3c7e..84f3ff477 100644 --- a/libbb/Kbuild.src +++ b/libbb/Kbuild.src @@ -83,6 +83,7 @@ lib-y += safe_gethostname.o lib-y += safe_poll.o lib-y += safe_strncpy.o lib-y += safe_write.o +lib-y += securetty.o lib-y += setup_environment.o lib-y += signals.o lib-y += simplify_path.o diff --git a/libbb/securetty.c b/libbb/securetty.c new file mode 100644 index 000000000..95edbc944 --- /dev/null +++ b/libbb/securetty.c @@ -0,0 +1,27 @@ +/* vi: set sw=4 ts=4: */ +/* + * /etc/securetty checking. + * + * Licensed under GPLv2, see file LICENSE in this source tree. + */ + +#include "libbb.h" + +#if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM +int check_securetty(const char *short_tty) +{ + char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */ + parser_t *parser = config_open2("/etc/securetty", fopen_for_read); + while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) { + if (strcmp(buf, short_tty) == 0) + break; + buf = NULL; + } + config_close(parser); + /* buf != NULL here if config file was not found, empty + * or line was found which equals short_tty */ + return buf != NULL; +} +#else +ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; } +#endif diff --git a/loginutils/login.c b/loginutils/login.c index 52abc1886..30aa63aee 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -173,25 +173,6 @@ static void die_if_nologin(void) # define die_if_nologin() ((void)0) #endif -#if ENABLE_FEATURE_SECURETTY && !ENABLE_PAM -static int check_securetty(const char *short_tty) -{ - char *buf = (char*)"/etc/securetty"; /* any non-NULL is ok */ - parser_t *parser = config_open2("/etc/securetty", fopen_for_read); - while (config_read(parser, &buf, 1, 1, "# \t", PARSE_NORMAL)) { - if (strcmp(buf, short_tty) == 0) - break; - buf = NULL; - } - config_close(parser); - /* buf != NULL here if config file was not found, empty - * or line was found which equals short_tty */ - return buf != NULL; -} -#else -static ALWAYS_INLINE int check_securetty(const char *short_tty UNUSED_PARAM) { return 1; } -#endif - #if ENABLE_SELINUX static void initselinux(char *username, char *full_tty, security_context_t *user_sid) -- 2.11.0