Userland: Make su require passwords

This commit is contained in:
Peter Elliott 2020-07-25 18:36:32 -06:00 committed by Andreas Kling
parent 207fb054e5
commit 99ddbb83e8
Notes: sideshowbarker 2024-07-19 04:30:43 +09:00
3 changed files with 27 additions and 14 deletions

View file

@ -1,10 +1,10 @@
root:x:0:0:root:/root:/bin/sh root::0:0:root:/root:/bin/sh
lookup:x:10:10:LookupServer,,,:/:/bin/false lookup:!:10:10:LookupServer,,,:/:/bin/false
protocol:x:11:11:ProtocolServer,,,:/:/bin/false protocol:!:11:11:ProtocolServer,,,:/:/bin/false
notify:x:12:12:NotificationServer,,,:/:/bin/false notify:!:12:12:NotificationServer,,,:/:/bin/false
window:x:13:13:WindowServer,,,:/:/bin/false window:!:13:13:WindowServer,,,:/:/bin/false
clipboard:x:14:14:Clipboard,,,:/:/bin/false clipboard:!:14:14:Clipboard,,,:/:/bin/false
webcontent:x:15:15:WebContent,,,:/:/bin/false webcontent:!:15:15:WebContent,,,:/:/bin/false
image:x:16:16:ImageDecoder,,,:/:/bin/false image:!:16:16:ImageDecoder,,,:/:/bin/false
anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh anon:!:100:100:Anonymous,,,:/home/anon:/bin/sh
nona:x:200:200:Nona,,,:/home/nona:/bin/sh nona:!:200:200:Nona,,,:/home/nona:/bin/sh

View file

@ -32,6 +32,7 @@ target_link_libraries(pape LibGUI)
target_link_libraries(passwd LibCrypt) target_link_libraries(passwd LibCrypt)
target_link_libraries(paste LibGUI) target_link_libraries(paste LibGUI)
target_link_libraries(pro LibProtocol) target_link_libraries(pro LibProtocol)
target_link_libraries(su LibCrypt)
target_link_libraries(test-crypto LibCrypto LibTLS LibLine) target_link_libraries(test-crypto LibCrypto LibTLS LibLine)
target_link_libraries(test-js LibJS LibLine LibCore) target_link_libraries(test-js LibJS LibLine LibCore)
target_link_libraries(test-web LibWeb) target_link_libraries(test-web LibWeb)

View file

@ -25,6 +25,7 @@
*/ */
#include <AK/Vector.h> #include <AK/Vector.h>
#include <LibCore/GetPassword.h>
#include <alloca.h> #include <alloca.h>
#include <grp.h> #include <grp.h>
#include <pwd.h> #include <pwd.h>
@ -38,9 +39,6 @@ int main(int argc, char** argv)
{ {
if (geteuid() != 0) { if (geteuid() != 0) {
fprintf(stderr, "Not running as root :(\n"); fprintf(stderr, "Not running as root :(\n");
} else if (getuid() != 0) {
const char* target_user = argc > 1 ? argv[1] : "root";
fprintf(stderr, "Access to account '%s' granted\n", target_user);
} }
uid_t uid = 0; uid_t uid = 0;
@ -64,6 +62,20 @@ int main(int argc, char** argv)
return 1; return 1;
} }
if (getuid() != 0 && pwd->pw_passwd[0] != '\0') {
auto password = Core::get_password();
if (password.is_error()) {
fprintf(stderr, strerror(password.error()));
return 1;
}
char* hash = crypt(password.value().characters(), pwd->pw_passwd);
if (hash == NULL || strcmp(hash, pwd->pw_passwd) != 0) {
fprintf(stderr, "Incorrect or disabled password.\n");
return 1;
}
}
Vector<gid_t> extra_gids; Vector<gid_t> extra_gids;
for (auto* group = getgrent(); group; group = getgrent()) { for (auto* group = getgrent(); group; group = getgrent()) {
for (size_t i = 0; group->gr_mem[i]; ++i) { for (size_t i = 0; group->gr_mem[i]; ++i) {
@ -88,7 +100,7 @@ int main(int argc, char** argv)
perror("setuid"); perror("setuid");
return 1; return 1;
} }
rc = execl("/bin/sh", "sh", nullptr); rc = execl(pwd->pw_shell, pwd->pw_shell, nullptr);
perror("execl"); perror("execl");
return 1; return 1;
} }