mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-11-26 01:20:25 +00:00
Userland: Make su require passwords
This commit is contained in:
parent
207fb054e5
commit
99ddbb83e8
Notes:
sideshowbarker
2024-07-19 04:30:43 +09:00
Author: https://github.com/petelliott Commit: https://github.com/SerenityOS/serenity/commit/99ddbb83e8f Pull-request: https://github.com/SerenityOS/serenity/pull/2879 Issue: https://github.com/SerenityOS/serenity/issues/1168 Reviewed-by: https://github.com/BenWiederhake Reviewed-by: https://github.com/awesomekling
3 changed files with 27 additions and 14 deletions
|
@ -1,10 +1,10 @@
|
||||||
root:x:0:0:root:/root:/bin/sh
|
root::0:0:root:/root:/bin/sh
|
||||||
lookup:x:10:10:LookupServer,,,:/:/bin/false
|
lookup:!:10:10:LookupServer,,,:/:/bin/false
|
||||||
protocol:x:11:11:ProtocolServer,,,:/:/bin/false
|
protocol:!:11:11:ProtocolServer,,,:/:/bin/false
|
||||||
notify:x:12:12:NotificationServer,,,:/:/bin/false
|
notify:!:12:12:NotificationServer,,,:/:/bin/false
|
||||||
window:x:13:13:WindowServer,,,:/:/bin/false
|
window:!:13:13:WindowServer,,,:/:/bin/false
|
||||||
clipboard:x:14:14:Clipboard,,,:/:/bin/false
|
clipboard:!:14:14:Clipboard,,,:/:/bin/false
|
||||||
webcontent:x:15:15:WebContent,,,:/:/bin/false
|
webcontent:!:15:15:WebContent,,,:/:/bin/false
|
||||||
image:x:16:16:ImageDecoder,,,:/:/bin/false
|
image:!:16:16:ImageDecoder,,,:/:/bin/false
|
||||||
anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh
|
anon:!:100:100:Anonymous,,,:/home/anon:/bin/sh
|
||||||
nona:x:200:200:Nona,,,:/home/nona:/bin/sh
|
nona:!:200:200:Nona,,,:/home/nona:/bin/sh
|
||||||
|
|
|
@ -32,6 +32,7 @@ target_link_libraries(pape LibGUI)
|
||||||
target_link_libraries(passwd LibCrypt)
|
target_link_libraries(passwd LibCrypt)
|
||||||
target_link_libraries(paste LibGUI)
|
target_link_libraries(paste LibGUI)
|
||||||
target_link_libraries(pro LibProtocol)
|
target_link_libraries(pro LibProtocol)
|
||||||
|
target_link_libraries(su LibCrypt)
|
||||||
target_link_libraries(test-crypto LibCrypto LibTLS LibLine)
|
target_link_libraries(test-crypto LibCrypto LibTLS LibLine)
|
||||||
target_link_libraries(test-js LibJS LibLine LibCore)
|
target_link_libraries(test-js LibJS LibLine LibCore)
|
||||||
target_link_libraries(test-web LibWeb)
|
target_link_libraries(test-web LibWeb)
|
||||||
|
|
|
@ -25,6 +25,7 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <AK/Vector.h>
|
#include <AK/Vector.h>
|
||||||
|
#include <LibCore/GetPassword.h>
|
||||||
#include <alloca.h>
|
#include <alloca.h>
|
||||||
#include <grp.h>
|
#include <grp.h>
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
|
@ -38,9 +39,6 @@ int main(int argc, char** argv)
|
||||||
{
|
{
|
||||||
if (geteuid() != 0) {
|
if (geteuid() != 0) {
|
||||||
fprintf(stderr, "Not running as root :(\n");
|
fprintf(stderr, "Not running as root :(\n");
|
||||||
} else if (getuid() != 0) {
|
|
||||||
const char* target_user = argc > 1 ? argv[1] : "root";
|
|
||||||
fprintf(stderr, "Access to account '%s' granted\n", target_user);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
uid_t uid = 0;
|
uid_t uid = 0;
|
||||||
|
@ -64,6 +62,20 @@ int main(int argc, char** argv)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (getuid() != 0 && pwd->pw_passwd[0] != '\0') {
|
||||||
|
auto password = Core::get_password();
|
||||||
|
if (password.is_error()) {
|
||||||
|
fprintf(stderr, strerror(password.error()));
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
char* hash = crypt(password.value().characters(), pwd->pw_passwd);
|
||||||
|
if (hash == NULL || strcmp(hash, pwd->pw_passwd) != 0) {
|
||||||
|
fprintf(stderr, "Incorrect or disabled password.\n");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Vector<gid_t> extra_gids;
|
Vector<gid_t> extra_gids;
|
||||||
for (auto* group = getgrent(); group; group = getgrent()) {
|
for (auto* group = getgrent(); group; group = getgrent()) {
|
||||||
for (size_t i = 0; group->gr_mem[i]; ++i) {
|
for (size_t i = 0; group->gr_mem[i]; ++i) {
|
||||||
|
@ -88,7 +100,7 @@ int main(int argc, char** argv)
|
||||||
perror("setuid");
|
perror("setuid");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
rc = execl("/bin/sh", "sh", nullptr);
|
rc = execl(pwd->pw_shell, pwd->pw_shell, nullptr);
|
||||||
perror("execl");
|
perror("execl");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue