diff options
| author | Peter Elliott <pelliott@ualberta.ca> | 2020-07-25 18:36:32 -0600 |
|---|---|---|
| committer | Andreas Kling <kling@serenityos.org> | 2020-07-28 17:07:22 +0200 |
| commit | 99ddbb83e8fca90d4e1f8d1ac6f3e826b9c87c9a (patch) | |
| tree | 9350536dbd4b6baf76484a178155a34771fab5d5 /Userland | |
| parent | 207fb054e5460135dcd5e17a608e8b781cee9077 (diff) | |
| download | serenity-99ddbb83e8fca90d4e1f8d1ac6f3e826b9c87c9a.zip | |
Userland: Make su require passwords
Diffstat (limited to 'Userland')
| -rw-r--r-- | Userland/CMakeLists.txt | 1 | ||||
| -rw-r--r-- | Userland/su.cpp | 20 |
2 files changed, 17 insertions, 4 deletions
diff --git a/Userland/CMakeLists.txt b/Userland/CMakeLists.txt index a8bb62568b..b28ec2a968 100644 --- a/Userland/CMakeLists.txt +++ b/Userland/CMakeLists.txt @@ -32,6 +32,7 @@ target_link_libraries(pape LibGUI) target_link_libraries(passwd LibCrypt) target_link_libraries(paste LibGUI) target_link_libraries(pro LibProtocol) +target_link_libraries(su LibCrypt) target_link_libraries(test-crypto LibCrypto LibTLS LibLine) target_link_libraries(test-js LibJS LibLine LibCore) target_link_libraries(test-web LibWeb) diff --git a/Userland/su.cpp b/Userland/su.cpp index f464dd57e8..99aaadc331 100644 --- a/Userland/su.cpp +++ b/Userland/su.cpp @@ -25,6 +25,7 @@ */ #include <AK/Vector.h> +#include <LibCore/GetPassword.h> #include <alloca.h> #include <grp.h> #include <pwd.h> @@ -38,9 +39,6 @@ int main(int argc, char** argv) { if (geteuid() != 0) { fprintf(stderr, "Not running as root :(\n"); - } else if (getuid() != 0) { - const char* target_user = argc > 1 ? argv[1] : "root"; - fprintf(stderr, "Access to account '%s' granted\n", target_user); } uid_t uid = 0; @@ -64,6 +62,20 @@ int main(int argc, char** argv) return 1; } + if (getuid() != 0 && pwd->pw_passwd[0] != '\0') { + auto password = Core::get_password(); + if (password.is_error()) { + fprintf(stderr, strerror(password.error())); + return 1; + } + + char* hash = crypt(password.value().characters(), pwd->pw_passwd); + if (hash == NULL || strcmp(hash, pwd->pw_passwd) != 0) { + fprintf(stderr, "Incorrect or disabled password.\n"); + return 1; + } + } + Vector<gid_t> extra_gids; for (auto* group = getgrent(); group; group = getgrent()) { for (size_t i = 0; group->gr_mem[i]; ++i) { @@ -88,7 +100,7 @@ int main(int argc, char** argv) perror("setuid"); return 1; } - rc = execl("/bin/sh", "sh", nullptr); + rc = execl(pwd->pw_shell, pwd->pw_shell, nullptr); perror("execl"); return 1; } |