Userland: Make su require passwords

Author: https://github.com/petelliott Commit: https://github.com/SerenityOS/serenity/commit/99ddbb83e8f Pull-request: https://github.com/SerenityOS/serenity/pull/2879 Issue: https://github.com/SerenityOS/serenity/issues/1168 Reviewed-by: https://github.com/BenWiederhake Reviewed-by: https://github.com/awesomekling
2024-11-22 07:30:19 +00:00 · 2020-07-25 18:36:32 -06:00 · 2020-07-25 18:36:32 -06:00 · 99ddbb83e8 · 2024-07-19 04:30:43 +09:00
commit 99ddbb83e8
parent 207fb054e5
3 changed files with 27 additions and 14 deletions
--- a/Base/etc/passwd
+++ b/Base/etc/passwd
@ -1,10 +1,10 @@
-root:x:0:0:root:/root:/bin/sh
-lookup:x:10:10:LookupServer,,,:/:/bin/false
-protocol:x:11:11:ProtocolServer,,,:/:/bin/false
-notify:x:12:12:NotificationServer,,,:/:/bin/false
-window:x:13:13:WindowServer,,,:/:/bin/false
-clipboard:x:14:14:Clipboard,,,:/:/bin/false
-webcontent:x:15:15:WebContent,,,:/:/bin/false
-image:x:16:16:ImageDecoder,,,:/:/bin/false
-anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
-nona:x:200:200:Nona,,,:/home/nona:/bin/sh
+root::0:0:root:/root:/bin/sh
+lookup:!:10:10:LookupServer,,,:/:/bin/false
+protocol:!:11:11:ProtocolServer,,,:/:/bin/false
+notify:!:12:12:NotificationServer,,,:/:/bin/false
+window:!:13:13:WindowServer,,,:/:/bin/false
+clipboard:!:14:14:Clipboard,,,:/:/bin/false
+webcontent:!:15:15:WebContent,,,:/:/bin/false
+image:!:16:16:ImageDecoder,,,:/:/bin/false
+anon:!:100:100:Anonymous,,,:/home/anon:/bin/sh
+nona:!:200:200:Nona,,,:/home/nona:/bin/sh
--- a/Userland/CMakeLists.txt
+++ b/Userland/CMakeLists.txt
@ -32,6 +32,7 @@ target_link_libraries(pape LibGUI)
 target_link_libraries(passwd LibCrypt)
 target_link_libraries(paste LibGUI)
 target_link_libraries(pro LibProtocol)
+target_link_libraries(su LibCrypt)
 target_link_libraries(test-crypto LibCrypto LibTLS LibLine)
 target_link_libraries(test-js LibJS LibLine LibCore)
 target_link_libraries(test-web LibWeb)
--- a/Userland/su.cpp
+++ b/Userland/su.cpp
@ -25,6 +25,7 @@
 */

 #include <AK/Vector.h>
+#include <LibCore/GetPassword.h>
 #include <alloca.h>
 #include <grp.h>
 #include <pwd.h>
@ -38,9 +39,6 @@ int main(int argc, char** argv)
 {
    if (geteuid() != 0) {
        fprintf(stderr, "Not running as root :(\n");
-    } else if (getuid() != 0) {
-        const char* target_user = argc > 1 ? argv[1] : "root";
-        fprintf(stderr, "Access to account '%s' granted\n", target_user);
    }

    uid_t uid = 0;
@ -64,6 +62,20 @@ int main(int argc, char** argv)
        return 1;
    }

+    if (getuid() != 0 && pwd->pw_passwd[0] != '\0') {
+        auto password = Core::get_password();
+        if (password.is_error()) {
+            fprintf(stderr, strerror(password.error()));
+            return 1;
+        }
+
+        char* hash = crypt(password.value().characters(), pwd->pw_passwd);
+        if (hash == NULL || strcmp(hash, pwd->pw_passwd) != 0) {
+            fprintf(stderr, "Incorrect or disabled password.\n");
+            return 1;
+        }
+    }
+
    Vector<gid_t> extra_gids;
    for (auto* group = getgrent(); group; group = getgrent()) {
        for (size_t i = 0; group->gr_mem[i]; ++i) {
@ -88,7 +100,7 @@ int main(int argc, char** argv)
        perror("setuid");
        return 1;
    }
-    rc = execl("/bin/sh", "sh", nullptr);
+    rc = execl(pwd->pw_shell, pwd->pw_shell, nullptr);
    perror("execl");
    return 1;
 }