diff options
| author | Peter Elliott <pelliott@ualberta.ca> | 2020-07-25 18:36:32 -0600 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-07-28 17:07:22 +0200 |
| commit | 99ddbb83e8fca90d4e1f8d1ac6f3e826b9c87c9a (patch) | |
| tree | 9350536dbd4b6baf76484a178155a34771fab5d5 | |
| parent | 207fb054e5460135dcd5e17a608e8b781cee9077 (diff) | |
| download | serenity-99ddbb83e8fca90d4e1f8d1ac6f3e826b9c87c9a.zip | |
Userland: Make su require passwords
| -rw-r--r-- | Base/etc/passwd | 20 | ||||
| -rw-r--r-- | Userland/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | Userland/su.cpp | 20 |
3 files changed, 27 insertions, 14 deletions
diff --git a/Base/etc/passwd b/Base/etc/passwd index 7179b42dd8..b0f24bbaea 100644 --- a/Base/etc/passwd +++ b/Base/etc/passwd @@ -1,10 +1,10 @@ -root:x:0:0:root:/root:/bin/sh -lookup:x:10:10:LookupServer,,,:/:/bin/false -protocol:x:11:11:ProtocolServer,,,:/:/bin/false -notify:x:12:12:NotificationServer,,,:/:/bin/false -window:x:13:13:WindowServer,,,:/:/bin/false -clipboard:x:14:14:Clipboard,,,:/:/bin/false -webcontent:x:15:15:WebContent,,,:/:/bin/false -image:x:16:16:ImageDecoder,,,:/:/bin/false -anon:x:100:100:Anonymous,,,:/home/anon:/bin/sh -nona:x:200:200:Nona,,,:/home/nona:/bin/sh +root::0:0:root:/root:/bin/sh +lookup:!:10:10:LookupServer,,,:/:/bin/false +protocol:!:11:11:ProtocolServer,,,:/:/bin/false +notify:!:12:12:NotificationServer,,,:/:/bin/false +window:!:13:13:WindowServer,,,:/:/bin/false +clipboard:!:14:14:Clipboard,,,:/:/bin/false +webcontent:!:15:15:WebContent,,,:/:/bin/false +image:!:16:16:ImageDecoder,,,:/:/bin/false +anon:!:100:100:Anonymous,,,:/home/anon:/bin/sh +nona:!:200:200:Nona,,,:/home/nona:/bin/sh diff --git a/Userland/CMakeLists.txt b/Userland/CMakeLists.txt index a8bb62568b..b28ec2a968 100644 --- a/Userland/CMakeLists.txt +++ b/Userland/CMakeLists.txt @@ -32,6 +32,7 @@ target_link_libraries(pape LibGUI) target_link_libraries(passwd LibCrypt) target_link_libraries(paste LibGUI) target_link_libraries(pro LibProtocol) +target_link_libraries(su LibCrypt) target_link_libraries(test-crypto LibCrypto LibTLS LibLine) target_link_libraries(test-js LibJS LibLine LibCore) target_link_libraries(test-web LibWeb) diff --git a/Userland/su.cpp b/Userland/su.cpp index f464dd57e8..99aaadc331 100644 --- a/Userland/su.cpp +++ b/Userland/su.cpp @@ -25,6 +25,7 @@ */ #include <AK/Vector.h> +#include <LibCore/GetPassword.h> #include <alloca.h> #include <grp.h> #include <pwd.h> @@ -38,9 +39,6 @@ int main(int argc, char** argv) { if (geteuid() != 0) { fprintf(stderr, "Not running as root :(\n"); - } else if (getuid() != 0) { - const char* target_user = argc > 1 ? argv[1] : "root"; - fprintf(stderr, "Access to account '%s' granted\n", target_user); } uid_t uid = 0; @@ -64,6 +62,20 @@ int main(int argc, char** argv) return 1; } + if (getuid() != 0 && pwd->pw_passwd[0] != '\0') { + auto password = Core::get_password(); + if (password.is_error()) { + fprintf(stderr, strerror(password.error())); + return 1; + } + + char* hash = crypt(password.value().characters(), pwd->pw_passwd); + if (hash == NULL || strcmp(hash, pwd->pw_passwd) != 0) { + fprintf(stderr, "Incorrect or disabled password.\n"); + return 1; + } + } + Vector<gid_t> extra_gids; for (auto* group = getgrent(); group; group = getgrent()) { for (size_t i = 0; group->gr_mem[i]; ++i) { @@ -88,7 +100,7 @@ int main(int argc, char** argv) perror("setuid"); return 1; } - rc = execl("/bin/sh", "sh", nullptr); + rc = execl(pwd->pw_shell, pwd->pw_shell, nullptr); perror("execl"); return 1; } |