1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* 27 * Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T 28 * All rights reserved. 29 * 30 * Copyright (c) 1987, 1988 Microsoft Corporation. 31 * All rights reserved. 32 */ 33 34 /* 35 * sulogin - special login program exec'd from init to let user 36 * come up single user, or go to default init state straight away. 37 * 38 * Explain the scoop to the user, prompt for an authorized user 39 * name or ^D and then prompt for password or ^D. If the password 40 * is correct, check if the user is authorized, if so enter 41 * single user. ^D exits sulogin, and init will go to default init state. 42 * 43 * If /etc/passwd is missing, or there's no entry for root, 44 * go single user, no questions asked. 45 */ 46 47 #include <sys/types.h> 48 #include <sys/stat.h> 49 #include <sys/param.h> 50 #include <sys/sysmsg_impl.h> 51 #include <sys/mkdev.h> 52 #include <sys/resource.h> 53 #include <sys/uadmin.h> 54 #include <sys/wait.h> 55 #include <sys/stermio.h> 56 #include <fcntl.h> 57 #include <termio.h> 58 #include <pwd.h> 59 #include <shadow.h> 60 #include <stdlib.h> 61 #include <stdio.h> 62 #include <signal.h> 63 #include <siginfo.h> 64 #include <utmpx.h> 65 #include <unistd.h> 66 #include <ucontext.h> 67 #include <string.h> 68 #include <strings.h> 69 #include <deflt.h> 70 #include <limits.h> 71 #include <errno.h> 72 #include <crypt.h> 73 #include <auth_attr.h> 74 #include <auth_list.h> 75 #include <nss_dbdefs.h> 76 #include <user_attr.h> 77 78 /* 79 * Intervals to sleep after failed login 80 */ 81 #ifndef SLEEPTIME 82 #define SLEEPTIME 4 /* sleeptime before login incorrect msg */ 83 #endif 84 85 #define SLEEPTIME_MAX 5 /* maximum sleeptime */ 86 87 /* 88 * the name of the file containing the login defaults we deliberately 89 * use the same file as login(1) 90 */ 91 92 #define DEFAULT_LOGIN "/etc/default/login" 93 #define DEFAULT_SULOGIN "/etc/default/sulogin" 94 #define DEFAULT_CONSOLE "/dev/console" 95 96 static char shell[] = "/sbin/sh"; 97 static char su[] = "/sbin/su.static"; 98 static int sleeptime = SLEEPTIME; 99 static int nchild = 0; 100 static pid_t pidlist[10]; 101 static pid_t masterpid = 0; 102 static pid_t originalpid = 0; 103 static struct sigaction sa; 104 static struct termio ttymodes; 105 106 static char *findttyname(int fd); 107 static char *stripttyname(char *); 108 static char *sulogin_getinput(char *, int); 109 static void noop(int); 110 static void single(const char *, char *); 111 static void main_loop(char *, boolean_t); 112 static void parenthandler(); 113 static void termhandler(int); 114 static void setupsigs(void); 115 static int pathcmp(char *, char *); 116 static void doit(char *, char *); 117 static void childcleanup(int); 118 119 #define ECHOON 0 120 #define ECHOOFF 1 121 122 /* ARGSUSED */ 123 int 124 main(int argc, char **argv) 125 { 126 struct spwd *shpw; 127 int passreq = B_TRUE; 128 int flags; 129 int fd; 130 char *infop, *ptr, *p; 131 pid_t pid; 132 int bufsize; 133 struct stat st; 134 char cttyname[100]; 135 char namedlist[500]; 136 char scratchlist[500]; 137 dev_t cttyd; 138 139 if (geteuid() != 0) { 140 (void) fprintf(stderr, "%s: must be root\n", argv[0]); 141 return (EXIT_FAILURE); 142 } 143 144 /* Do the magic to determine the children */ 145 if ((fd = open(SYSMSG, 0)) < 0) 146 return (EXIT_FAILURE); 147 148 /* 149 * If the console supports the CIOCTTYCONSOLE ioctl, then fetch 150 * its console device list. If not, then we use the default 151 * console name. 152 */ 153 if (ioctl(fd, CIOCTTYCONSOLE, &cttyd) == 0) { 154 if ((bufsize = ioctl(fd, CIOCGETCONSOLE, NULL)) < 0) 155 return (EXIT_FAILURE); 156 157 if (bufsize > 0) { 158 if ((infop = calloc(bufsize, sizeof (char))) == NULL) 159 return (EXIT_FAILURE); 160 161 if (ioctl(fd, CIOCGETCONSOLE, infop) < 0) 162 return (EXIT_FAILURE); 163 164 (void) snprintf(namedlist, sizeof (namedlist), "%s %s", 165 DEFAULT_CONSOLE, infop); 166 } else 167 (void) snprintf(namedlist, sizeof (namedlist), "%s", 168 DEFAULT_CONSOLE); 169 } else { 170 (void) snprintf(namedlist, sizeof (namedlist), "%s", 171 DEFAULT_CONSOLE); 172 cttyd = NODEV; 173 } 174 175 /* 176 * The attempt to turn the controlling terminals dev_t into a string 177 * may not be successful, thus leaving the variable cttyname as a 178 * NULL. This occurs if during boot we find 179 * the root partition (or some other partition) 180 * requires manual fsck, thus resulting in sulogin 181 * getting invoked. The ioctl for CIOCTTYCONSOLE 182 * called above returned NODEV for cttyd 183 * in these cases. NODEV gets returned when the vnode pointer 184 * in our session structure is NULL. In these cases it 185 * must be assumed that the default console is used. 186 * 187 * See uts/common/os/session.c:cttydev(). 188 */ 189 (void) strcpy(cttyname, DEFAULT_CONSOLE); 190 (void) strcpy(scratchlist, namedlist); 191 ptr = scratchlist; 192 while (ptr != NULL) { 193 p = strchr(ptr, ' '); 194 if (p == NULL) { 195 if (stat(ptr, &st)) 196 return (EXIT_FAILURE); 197 if (st.st_rdev == cttyd) 198 (void) strcpy(cttyname, ptr); 199 break; 200 } 201 *p++ = '\0'; 202 if (stat(ptr, &st)) 203 return (EXIT_FAILURE); 204 if (st.st_rdev == cttyd) { 205 (void) strcpy(cttyname, ptr); 206 break; 207 } 208 ptr = p; 209 } 210 211 /* 212 * Use the same value of SLEEPTIME that login(1) uses. This 213 * is obtained by reading the file /etc/default/login using 214 * the def*() functions. 215 */ 216 217 if (defopen(DEFAULT_LOGIN) == 0) { 218 219 /* ignore case */ 220 221 flags = defcntl(DC_GETFLAGS, 0); 222 TURNOFF(flags, DC_CASE); 223 (void) defcntl(DC_SETFLAGS, flags); 224 225 if ((ptr = defread("SLEEPTIME=")) != NULL) 226 sleeptime = atoi(ptr); 227 228 if (sleeptime < 0 || sleeptime > SLEEPTIME_MAX) 229 sleeptime = SLEEPTIME; 230 231 (void) defopen(NULL); /* closes DEFAULT_LOGIN */ 232 } 233 234 /* 235 * Use our own value of PASSREQ, separate from the one login(1) uses. 236 * This is obtained by reading the file /etc/default/sulogin using 237 * the def*() functions. 238 */ 239 240 if (defopen(DEFAULT_SULOGIN) == 0) { 241 if ((ptr = defread("PASSREQ=")) != NULL) 242 if (strcmp("NO", ptr) == 0) 243 passreq = B_FALSE; 244 245 (void) defopen(NULL); /* closes DEFAULT_SULOGIN */ 246 } 247 248 if (passreq == B_FALSE) 249 single(shell, NULL); 250 251 /* 252 * if no 'root' entry in /etc/shadow, give maint. mode single 253 * user shell prompt 254 */ 255 setspent(); 256 if ((shpw = getspnam("root")) == NULL) { 257 (void) fprintf(stderr, "\n*** Unable to retrieve `root' entry " 258 "in shadow password file ***\n\n"); 259 single(shell, NULL); 260 } 261 endspent(); 262 /* 263 * if no 'root' entry in /etc/passwd, give maint. mode single 264 * user shell prompt 265 */ 266 setpwent(); 267 if (getpwnam("root") == NULL) { 268 (void) fprintf(stderr, "\n*** Unable to retrieve `root' entry " 269 "in password file ***\n\n"); 270 single(shell, NULL); 271 } 272 endpwent(); 273 /* process with controlling tty treated special */ 274 if ((pid = fork()) != (pid_t)0) { 275 if (pid == -1) 276 return (EXIT_FAILURE); 277 else { 278 setupsigs(); 279 masterpid = pid; 280 originalpid = getpid(); 281 /* 282 * init() was invoked from a console that was not 283 * the default console, nor was it an auxiliary. 284 */ 285 if (cttyname[0] == NULL) 286 termhandler(0); 287 /* Never returns */ 288 289 main_loop(cttyname, B_TRUE); 290 /* Never returns */ 291 } 292 } 293 masterpid = getpid(); 294 originalpid = getppid(); 295 pidlist[nchild++] = originalpid; 296 297 sa.sa_handler = childcleanup; 298 sa.sa_flags = 0; 299 (void) sigemptyset(&sa.sa_mask); 300 (void) sigaction(SIGTERM, &sa, NULL); 301 (void) sigaction(SIGHUP, &sa, NULL); 302 sa.sa_handler = parenthandler; 303 sa.sa_flags = SA_SIGINFO; 304 (void) sigemptyset(&sa.sa_mask); 305 (void) sigaction(SIGUSR1, &sa, NULL); 306 307 sa.sa_handler = SIG_IGN; 308 sa.sa_flags = 0; 309 (void) sigemptyset(&sa.sa_mask); 310 (void) sigaction(SIGCHLD, &sa, NULL); 311 /* 312 * If there isn't a password on root, then don't permit 313 * the fanout capability of sulogin. 314 */ 315 if (*shpw->sp_pwdp != '\0') { 316 ptr = namedlist; 317 while (ptr != NULL) { 318 p = strchr(ptr, ' '); 319 if (p == NULL) { 320 doit(ptr, cttyname); 321 break; 322 } 323 *p++ = '\0'; 324 doit(ptr, cttyname); 325 ptr = p; 326 } 327 } 328 if (pathcmp(cttyname, DEFAULT_CONSOLE) != 0) { 329 if ((pid = fork()) == (pid_t)0) { 330 setupsigs(); 331 main_loop(DEFAULT_CONSOLE, B_FALSE); 332 } else if (pid == -1) 333 return (EXIT_FAILURE); 334 pidlist[nchild++] = pid; 335 } 336 /* 337 * When parent is all done, it pauses until one of its children 338 * signals that its time to kill the underpriviledged. 339 */ 340 (void) wait(NULL); 341 342 return (0); 343 } 344 345 /* 346 * These flags are taken from stty's "sane" table entries in 347 * usr/src/cmd/ttymon/sttytable.c 348 */ 349 #define SET_IFLAG (BRKINT|IGNPAR|ISTRIP|ICRNL|IXON|IMAXBEL) 350 #define RESET_IFLAG (IGNBRK|PARMRK|INPCK|INLCR|IGNCR|IUCLC|IXOFF|IXANY) 351 #define SET_OFLAG (OPOST|ONLCR) 352 #define RESET_OFLAG (OLCUC|OCRNL|ONOCR|ONLRET|OFILL|OFDEL| \ 353 NLDLY|CRDLY|TABDLY|BSDLY|VTDLY|FFDLY) 354 #define SET_LFLAG (ISIG|ICANON|IEXTEN|ECHO|ECHOK|ECHOE|ECHOKE|ECHOCTL) 355 #define RESET_LFLAG (XCASE|ECHONL|NOFLSH|STFLUSH|STWRAP|STAPPL) 356 357 /* 358 * Do the equivalent of 'stty sane' on the terminal since we don't know 359 * what state it was in on startup. 360 */ 361 static void 362 sanitize_tty(int fd) 363 { 364 (void) ioctl(fd, TCGETA, &ttymodes); 365 ttymodes.c_iflag &= ~RESET_IFLAG; 366 ttymodes.c_iflag |= SET_IFLAG; 367 ttymodes.c_oflag &= ~RESET_OFLAG; 368 ttymodes.c_oflag |= SET_OFLAG; 369 ttymodes.c_lflag &= ~RESET_LFLAG; 370 ttymodes.c_lflag |= SET_LFLAG; 371 ttymodes.c_cc[VERASE] = CERASE; 372 ttymodes.c_cc[VKILL] = CKILL; 373 ttymodes.c_cc[VQUIT] = CQUIT; 374 ttymodes.c_cc[VINTR] = CINTR; 375 ttymodes.c_cc[VEOF] = CEOF; 376 ttymodes.c_cc[VEOL] = CNUL; 377 (void) ioctl(fd, TCSETAF, &ttymodes); 378 } 379 380 /* 381 * Fork a child of sulogin for each of the auxiliary consoles. 382 */ 383 static void 384 doit(char *ptr, char *cttyname) 385 { 386 pid_t pid; 387 388 if (pathcmp(ptr, DEFAULT_CONSOLE) != 0 && 389 pathcmp(ptr, cttyname) != 0) { 390 if ((pid = fork()) == (pid_t)0) { 391 setupsigs(); 392 main_loop(ptr, B_FALSE); 393 } else if (pid == -1) 394 exit(EXIT_FAILURE); 395 pidlist[nchild++] = pid; 396 } 397 } 398 399 static int 400 pathcmp(char *adev, char *bdev) 401 { 402 struct stat st1; 403 struct stat st2; 404 405 if (adev == NULL || bdev == NULL) 406 return (1); 407 408 if (strcmp(adev, bdev) == 0) 409 return (0); 410 411 if (stat(adev, &st1) || !S_ISCHR(st1.st_mode)) 412 return (1); 413 414 if (stat(bdev, &st2) || !S_ISCHR(st2.st_mode)) 415 return (1); 416 417 if (st1.st_rdev == st2.st_rdev) 418 return (0); 419 420 return (1); 421 } 422 423 /* Handlers for the children at initialization */ 424 static void 425 setupsigs() 426 { 427 sa.sa_handler = noop; 428 sa.sa_flags = 0; 429 (void) sigemptyset(&sa.sa_mask); 430 (void) sigaction(SIGINT, &sa, NULL); 431 (void) sigaction(SIGQUIT, &sa, NULL); 432 433 sa.sa_handler = termhandler; 434 sa.sa_flags = 0; 435 (void) sigemptyset(&sa.sa_mask); 436 (void) sigaction(SIGTERM, &sa, NULL); 437 (void) sigaction(SIGKILL, &sa, NULL); 438 (void) sigaction(SIGHUP, &sa, NULL); 439 } 440 441 static void 442 main_loop(char *devname, boolean_t cttyflag) 443 { 444 int fd, i; 445 char *user = NULL; /* authorized user */ 446 char *pass; /* password from user */ 447 char *cpass; /* crypted password */ 448 struct spwd spwd; 449 struct spwd *lshpw; /* local shadow */ 450 char shadow[NSS_BUFLEN_SHADOW]; 451 FILE *sysmsgfd; 452 453 for (i = 0; i < 3; i++) 454 (void) close(i); 455 if (cttyflag == B_FALSE) { 456 if (setsid() == -1) 457 exit(EXIT_FAILURE); 458 } 459 if ((fd = open(devname, O_RDWR)) < 0) 460 exit(EXIT_FAILURE); 461 if (fd != 0) 462 (void) dup2(fd, STDIN_FILENO); 463 if (fd != 1) 464 (void) dup2(fd, STDOUT_FILENO); 465 if (fd != 2) 466 (void) dup2(fd, STDERR_FILENO); 467 if (fd > 2) 468 (void) close(fd); 469 470 sysmsgfd = fopen("/dev/sysmsg", "w"); 471 472 sanitize_tty(fileno(stdin)); 473 474 for (;;) { 475 (void) printf("\nEnter user name for system maintenance " 476 "(control-d to bypass): "); 477 if ((user = sulogin_getinput(devname, ECHOON)) == NULL) { 478 /* signal other children to exit */ 479 (void) sigsend(P_PID, masterpid, SIGUSR1); 480 /* ^D, so straight to default init state */ 481 exit(EXIT_FAILURE); 482 } 483 (void) printf("\nEnter %s password for system maintenance " 484 "(control-d to bypass): ", user); 485 486 if ((pass = sulogin_getinput(devname, ECHOOFF)) == NULL) { 487 /* signal other children to exit */ 488 (void) sigsend(P_PID, masterpid, SIGUSR1); 489 /* ^D, so straight to default init state */ 490 free(user); 491 exit(EXIT_FAILURE); 492 } 493 lshpw = getspnam_r(user, &spwd, shadow, sizeof (shadow)); 494 if (lshpw == NULL) { 495 /* 496 * the user entered doesn't exist, too bad. 497 */ 498 goto sorry; 499 } 500 501 /* 502 * There is a special case error to catch here: 503 * If the password is hashed with an algorithm 504 * other than the old unix crypt the call to crypt(3c) 505 * could fail if /usr is corrupt or not available 506 * since by default /etc/security/crypt.conf will 507 * have the crypt_ modules located under /usr/lib. 508 * Or it could happen if /etc/security/crypt.conf 509 * is corrupted. 510 * 511 * If this happens crypt(3c) will return NULL and 512 * set errno to ELIBACC for the former condition or 513 * EINVAL for the latter, in this case we bypass 514 * authentication and just verify that the user is 515 * authorized. 516 */ 517 518 errno = 0; 519 cpass = crypt(pass, lshpw->sp_pwdp); 520 if (((cpass == NULL) && (lshpw->sp_pwdp[0] == '$')) && 521 ((errno == ELIBACC) || (errno == EINVAL))) { 522 goto checkauth; 523 } else if ((cpass == NULL) || 524 (strcmp(cpass, lshpw->sp_pwdp) != 0)) { 525 goto sorry; 526 } 527 528 checkauth: 529 /* 530 * There is a special case error here as well. 531 * If /etc/user_attr is corrupt, getusernam("root") 532 * returns NULL. 533 * In this case, we just give access because this is similar 534 * to the case of root not existing in /etc/passwd. 535 */ 536 537 if ((getusernam("root") != NULL) && 538 (chkauthattr(MAINTENANCE_AUTH, user) != 1)) { 539 goto sorry; 540 } 541 (void) fprintf(sysmsgfd, "\nsingle-user privilege " 542 "assigned to %s on %s.\n", user, devname); 543 (void) sigsend(P_PID, masterpid, SIGUSR1); 544 (void) wait(NULL); 545 free(user); 546 free(pass); 547 single(su, devname); 548 /* single never returns */ 549 550 sorry: 551 (void) printf("\nLogin incorrect or user %s not authorized\n", 552 user); 553 free(user); 554 free(pass); 555 (void) sleep(sleeptime); 556 } 557 } 558 559 /* 560 * single() - exec shell for single user mode 561 */ 562 563 static void 564 single(const char *cmd, char *ttyn) 565 { 566 struct utmpx *u; 567 char found = B_FALSE; 568 569 if (ttyn == NULL) 570 ttyn = findttyname(STDIN_FILENO); 571 572 /* 573 * utmpx records on the console device are expected to be "console" 574 * by other processes, such as dtlogin. 575 */ 576 ttyn = stripttyname(ttyn); 577 578 /* update the utmpx file. */ 579 while ((u = getutxent()) != NULL) { 580 if (strcmp(u->ut_line, ttyn) == 0) { 581 u->ut_tv.tv_sec = time(NULL); 582 u->ut_type = USER_PROCESS; 583 u->ut_pid = getpid(); 584 if (strcmp(u->ut_user, "root") != 0) 585 (void) strcpy(u->ut_user, "root"); 586 (void) pututxline(u); 587 found = B_TRUE; 588 break; 589 } 590 } 591 if (!found) { 592 struct utmpx entryx; 593 594 entryx.ut_tv.tv_sec = time(NULL); 595 entryx.ut_type = USER_PROCESS; 596 entryx.ut_pid = getpid(); 597 (void) strcpy(entryx.ut_user, "root"); 598 (void) strcpy(entryx.ut_line, ttyn); 599 entryx.ut_tv.tv_usec = 0; 600 entryx.ut_session = 0; 601 entryx.ut_id[0] = 'c'; 602 entryx.ut_id[1] = 'o'; 603 entryx.ut_id[2] = 's'; 604 entryx.ut_id[3] = 'u'; 605 entryx.ut_syslen = 1; 606 entryx.ut_host[0] = '\0'; 607 entryx.ut_exit.e_termination = WTERMSIG(0); 608 entryx.ut_exit.e_exit = WEXITSTATUS(0); 609 (void) pututxline(&entryx); 610 } 611 endutxent(); 612 (void) printf("Entering System Maintenance Mode\n\n"); 613 614 if (execl(cmd, cmd, "-", (char *)0) < 0) 615 exit(EXIT_FAILURE); 616 } 617 618 /* 619 * sulogin_getinput() - hacked from the standard PAM tty conversation 620 * function getpassphrase() library version 621 * so we can distinguish newline and EOF. 622 * also don't need this routine to give a prompt. 623 * 624 * returns the password string, or NULL if the used typed EOF. 625 */ 626 627 static char * 628 sulogin_getinput(char *devname, int echooff) 629 { 630 struct termio ttyb; 631 int c; 632 FILE *fi; 633 static char input[PASS_MAX + 1]; 634 void (*saved_handler)(); 635 char *rval = input; 636 int i = 0; 637 638 if ((fi = fopen(devname, "r")) == NULL) { 639 fi = stdin; 640 } 641 642 saved_handler = signal(SIGINT, SIG_IGN); 643 644 if (echooff) { 645 ttyb = ttymodes; 646 ttyb.c_lflag &= ~(ECHO | ECHOE | ECHONL); 647 (void) ioctl(fileno(fi), TCSETAF, &ttyb); 648 } 649 650 /* get characters up to PASS_MAX, but don't overflow */ 651 while ((c = getc(fi)) != '\n' && (c != '\r')) { 652 if (c == EOF && i == 0) { /* ^D, no input */ 653 rval = NULL; 654 break; 655 } 656 if (i < PASS_MAX) { 657 input[i++] = (char)c; 658 } 659 } 660 input[i] = '\0'; 661 (void) fputc('\n', fi); 662 if (echooff) { 663 (void) ioctl(fileno(fi), TCSETAW, &ttymodes); 664 } 665 666 if (saved_handler != SIG_ERR) 667 (void) signal(SIGINT, saved_handler); 668 return (rval == NULL ? NULL : strdup(rval)); 669 } 670 671 static char * 672 findttyname(int fd) 673 { 674 char *ttyn = ttyname(fd); 675 676 if (ttyn == NULL) 677 ttyn = "/dev/???"; 678 else { 679 /* 680 * /dev/syscon and /dev/systty are usually links to 681 * /dev/console. prefer /dev/console. 682 */ 683 if (((strcmp(ttyn, "/dev/syscon") == 0) || 684 (strcmp(ttyn, "/dev/systty") == 0)) && 685 access("/dev/console", F_OK)) 686 ttyn = "/dev/console"; 687 } 688 return (ttyn); 689 } 690 691 static char * 692 stripttyname(char *ttyn) 693 { 694 /* saw off the /dev/ */ 695 if (strncmp(ttyn, "/dev/", sizeof ("/dev/") -1) == 0) 696 return (ttyn + sizeof ("/dev/") - 1); 697 else 698 return (ttyn); 699 } 700 701 702 /* ARGSUSED */ 703 static void 704 noop(int sig) 705 { 706 /* 707 * This signal handler does nothing except return. We use it 708 * as the signal disposition in this program instead of 709 * SIG_IGN so that we do not have to restore the disposition 710 * back to SIG_DFL. Instead we allow exec(2) to set the 711 * dispostion to SIG_DFL to avoid a race condition. 712 */ 713 } 714 715 /* ARGSUSED */ 716 static void 717 parenthandler(int sig, siginfo_t *si, ucontext_t *uc) 718 { 719 int i; 720 721 /* 722 * We get here if someone has successfully entered a password 723 * from the auxiliary console and is getting the single-user shell. 724 * When this happens, the parent needs to kill the children 725 * that didn't get the shell. 726 * 727 */ 728 for (i = 0; i < nchild; i++) { 729 if (pidlist[i] != si->__data.__proc.__pid) 730 (void) sigsend(P_PID, pidlist[i], SIGTERM); 731 } 732 sa.sa_handler = SIG_IGN; 733 sa.sa_flags = 0; 734 (void) sigemptyset(&sa.sa_mask); 735 (void) sigaction(SIGINT, &sa, NULL); 736 (void) sigaction(SIGQUIT, &sa, NULL); 737 (void) sigaction(SIGTERM, &sa, NULL); 738 (void) wait(NULL); 739 } 740 741 /* 742 * The master pid will get SIGTERM or SIGHUP from init, and then 743 * has to make sure the shell isn't still running. 744 */ 745 746 /* ARGSUSED */ 747 static void 748 childcleanup(int sig) 749 { 750 int i; 751 752 /* Only need to kill the child that became the shell. */ 753 for (i = 0; i < nchild; i++) { 754 /* Don't kill gramps before his time */ 755 if (pidlist[i] != getppid()) 756 (void) sigsend(P_PID, pidlist[i], SIGHUP); 757 } 758 } 759 760 /* ARGSUSED */ 761 static void 762 termhandler(int sig) 763 { 764 FILE *fi; 765 pid_t pid; 766 767 /* Processes come here when they fail to receive the password. */ 768 if ((fi = fopen("/dev/tty", "r+")) == NULL) 769 fi = stdin; 770 else 771 setbuf(fi, NULL); 772 sanitize_tty(fileno(fi)); 773 /* If you're the controlling tty, then just wait */ 774 pid = getpid(); 775 if (pid == originalpid || pid == masterpid) { 776 sa.sa_handler = SIG_IGN; 777 sa.sa_flags = 0; 778 (void) sigemptyset(&sa.sa_mask); 779 (void) sigaction(SIGINT, &sa, NULL); 780 (void) sigaction(SIGQUIT, &sa, NULL); 781 sa.sa_handler = SIG_DFL; 782 sa.sa_flags = 0; 783 (void) sigemptyset(&sa.sa_mask); 784 (void) sigaction(SIGTERM, &sa, NULL); 785 (void) sigaction(SIGHUP, &sa, NULL); 786 (void) wait(NULL); 787 } 788 exit(0); 789 } 790