blob: 52ae607c9e4717fc3d2251d6846e13b574607abd
1 | /* vi: set sw=4 ts=4: */ |
2 | /* |
3 | * vlock implementation for busybox |
4 | * |
5 | * Copyright (C) 2000 by spoon <spoon@ix.netcom.com> |
6 | * Written by spoon <spon@ix.netcom.com> |
7 | * |
8 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. |
9 | */ |
10 | |
11 | /* Shoutz to Michael K. Johnson <johnsonm@redhat.com>, author of the |
12 | * original vlock. I snagged a bunch of his code to write this |
13 | * minimalistic vlock. |
14 | */ |
15 | /* Fixed by Erik Andersen to do passwords the tinylogin way... |
16 | * It now works with md5, sha1, etc passwords. |
17 | */ |
18 | //config:config VLOCK |
19 | //config: bool "vlock" |
20 | //config: default y |
21 | //config: help |
22 | //config: Build the "vlock" applet which allows you to lock (virtual) terminals. |
23 | //config: |
24 | //config: Note that Busybox binary must be setuid root for this applet to |
25 | //config: work properly. |
26 | |
27 | //applet:/* Needs to be run by root or be suid root - needs to change uid and gid: */ |
28 | //applet:IF_VLOCK(APPLET(vlock, BB_DIR_USR_BIN, BB_SUID_REQUIRE)) |
29 | |
30 | //kbuild:lib-$(CONFIG_VLOCK) += vlock.o |
31 | |
32 | //usage:#define vlock_trivial_usage |
33 | //usage: "[-a]" |
34 | //usage:#define vlock_full_usage "\n\n" |
35 | //usage: "Lock a virtual terminal. A password is required to unlock.\n" |
36 | //usage: "\n -a Lock all VTs" |
37 | |
38 | #include "libbb.h" |
39 | |
40 | #ifdef __linux__ |
41 | #include <sys/vt.h> |
42 | |
43 | static void release_vt(int signo UNUSED_PARAM) |
44 | { |
45 | /* If -a, param is 0, which means: |
46 | * "no, kernel, we don't allow console switch away from us!" */ |
47 | ioctl(STDIN_FILENO, VT_RELDISP, (unsigned long) !option_mask32); |
48 | } |
49 | |
50 | static void acquire_vt(int signo UNUSED_PARAM) |
51 | { |
52 | /* ACK to kernel that switch to console is successful */ |
53 | ioctl(STDIN_FILENO, VT_RELDISP, VT_ACKACQ); |
54 | } |
55 | #endif |
56 | |
57 | int vlock_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
58 | int vlock_main(int argc UNUSED_PARAM, char **argv) |
59 | { |
60 | #ifdef __linux__ |
61 | struct vt_mode vtm; |
62 | struct vt_mode ovtm; |
63 | #endif |
64 | struct termios term; |
65 | struct termios oterm; |
66 | struct passwd *pw; |
67 | |
68 | pw = xgetpwuid(getuid()); |
69 | opt_complementary = "=0"; /* no params! */ |
70 | getopt32(argv, "a"); |
71 | |
72 | /* Ignore some signals so that we don't get killed by them */ |
73 | bb_signals(0 |
74 | + (1 << SIGTSTP) |
75 | + (1 << SIGTTIN) |
76 | + (1 << SIGTTOU) |
77 | + (1 << SIGHUP ) |
78 | + (1 << SIGCHLD) /* paranoia :) */ |
79 | + (1 << SIGQUIT) |
80 | + (1 << SIGINT ) |
81 | , SIG_IGN); |
82 | |
83 | #ifdef __linux__ |
84 | /* We will use SIGUSRx for console switch control: */ |
85 | /* 1: set handlers */ |
86 | signal_SA_RESTART_empty_mask(SIGUSR1, release_vt); |
87 | signal_SA_RESTART_empty_mask(SIGUSR2, acquire_vt); |
88 | /* 2: unmask them */ |
89 | sig_unblock(SIGUSR1); |
90 | sig_unblock(SIGUSR2); |
91 | #endif |
92 | |
93 | /* Revert stdin/out to our controlling tty |
94 | * (or die if we have none) */ |
95 | xmove_fd(xopen(CURRENT_TTY, O_RDWR), STDIN_FILENO); |
96 | xdup2(STDIN_FILENO, STDOUT_FILENO); |
97 | |
98 | #ifdef __linux__ |
99 | xioctl(STDIN_FILENO, VT_GETMODE, &vtm); |
100 | ovtm = vtm; |
101 | /* "console switches are controlled by us, not kernel!" */ |
102 | vtm.mode = VT_PROCESS; |
103 | vtm.relsig = SIGUSR1; |
104 | vtm.acqsig = SIGUSR2; |
105 | ioctl(STDIN_FILENO, VT_SETMODE, &vtm); |
106 | #endif |
107 | |
108 | tcgetattr(STDIN_FILENO, &oterm); |
109 | term = oterm; |
110 | term.c_iflag &= ~BRKINT; |
111 | term.c_iflag |= IGNBRK; |
112 | term.c_lflag &= ~ISIG; |
113 | term.c_lflag &= ~(ECHO | ECHOCTL); |
114 | tcsetattr_stdin_TCSANOW(&term); |
115 | |
116 | while (1) { |
117 | printf("Virtual console%s locked by %s.\n", |
118 | /* "s" if -a, else "": */ "s" + !option_mask32, |
119 | pw->pw_name |
120 | ); |
121 | if (ask_and_check_password(pw) > 0) { |
122 | break; |
123 | } |
124 | bb_do_delay(LOGIN_FAIL_DELAY); |
125 | puts("Incorrect password"); |
126 | } |
127 | |
128 | #ifdef __linux__ |
129 | ioctl(STDIN_FILENO, VT_SETMODE, &ovtm); |
130 | #endif |
131 | tcsetattr_stdin_TCSANOW(&oterm); |
132 | fflush_stdout_and_exit(EXIT_SUCCESS); |
133 | } |
134 |