Jelajahi Sumber

Userland: Make su require passwords

Peter Elliott 5 tahun lalu
induk
melakukan
99ddbb83e8
3 mengubah file dengan 27 tambahan dan 14 penghapusan
  1. 10 10
      Base/etc/passwd
  2. 1 0
      Userland/CMakeLists.txt
  3. 16 4
      Userland/su.cpp

+ 10 - 10
Base/etc/passwd

@@ -1,10 +1,10 @@
-root:x:0:0:root:/root:/bin/sh
-lookup:x:10:10:LookupServer,,,:/:/bin/false
-protocol:x:11:11:ProtocolServer,,,:/:/bin/false
-notify:x:12:12:NotificationServer,,,:/:/bin/false
-window:x:13:13:WindowServer,,,:/:/bin/false
-clipboard:x:14:14:Clipboard,,,:/:/bin/false
-webcontent:x:15:15:WebContent,,,:/:/bin/false
-image:x:16:16:ImageDecoder,,,:/:/bin/false
-anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
-nona:x:200:200:Nona,,,:/home/nona:/bin/sh
+root::0:0:root:/root:/bin/sh
+lookup:!:10:10:LookupServer,,,:/:/bin/false
+protocol:!:11:11:ProtocolServer,,,:/:/bin/false
+notify:!:12:12:NotificationServer,,,:/:/bin/false
+window:!:13:13:WindowServer,,,:/:/bin/false
+clipboard:!:14:14:Clipboard,,,:/:/bin/false
+webcontent:!:15:15:WebContent,,,:/:/bin/false
+image:!:16:16:ImageDecoder,,,:/:/bin/false
+anon:!:100:100:Anonymous,,,:/home/anon:/bin/sh
+nona:!:200:200:Nona,,,:/home/nona:/bin/sh

+ 1 - 0
Userland/CMakeLists.txt

@@ -32,6 +32,7 @@ target_link_libraries(pape LibGUI)
 target_link_libraries(passwd LibCrypt)
 target_link_libraries(paste LibGUI)
 target_link_libraries(pro LibProtocol)
+target_link_libraries(su LibCrypt)
 target_link_libraries(test-crypto LibCrypto LibTLS LibLine)
 target_link_libraries(test-js LibJS LibLine LibCore)
 target_link_libraries(test-web LibWeb)

+ 16 - 4
Userland/su.cpp

@@ -25,6 +25,7 @@
  */
 
 #include <AK/Vector.h>
+#include <LibCore/GetPassword.h>
 #include <alloca.h>
 #include <grp.h>
 #include <pwd.h>
@@ -38,9 +39,6 @@ int main(int argc, char** argv)
 {
     if (geteuid() != 0) {
         fprintf(stderr, "Not running as root :(\n");
-    } else if (getuid() != 0) {
-        const char* target_user = argc > 1 ? argv[1] : "root";
-        fprintf(stderr, "Access to account '%s' granted\n", target_user);
     }
 
     uid_t uid = 0;
@@ -64,6 +62,20 @@ int main(int argc, char** argv)
         return 1;
     }
 
+    if (getuid() != 0 && pwd->pw_passwd[0] != '\0') {
+        auto password = Core::get_password();
+        if (password.is_error()) {
+            fprintf(stderr, strerror(password.error()));
+            return 1;
+        }
+
+        char* hash = crypt(password.value().characters(), pwd->pw_passwd);
+        if (hash == NULL || strcmp(hash, pwd->pw_passwd) != 0) {
+            fprintf(stderr, "Incorrect or disabled password.\n");
+            return 1;
+        }
+    }
+
     Vector<gid_t> extra_gids;
     for (auto* group = getgrent(); group; group = getgrent()) {
         for (size_t i = 0; group->gr_mem[i]; ++i) {
@@ -88,7 +100,7 @@ int main(int argc, char** argv)
         perror("setuid");
         return 1;
     }
-    rc = execl("/bin/sh", "sh", nullptr);
+    rc = execl(pwd->pw_shell, pwd->pw_shell, nullptr);
     perror("execl");
     return 1;
 }