diff options
| -rw-r--r-- | libexec/getty/Makefile | 2 | ||||
| -rw-r--r-- | libexec/getty/fbtab_stuff.c | 93 | ||||
| -rw-r--r-- | libexec/getty/getty.8 | 9 | ||||
| -rw-r--r-- | libexec/getty/main.c | 5 | ||||
| -rw-r--r-- | libexec/getty/pathnames.h | 6 |
5 files changed, 111 insertions, 4 deletions
diff --git a/libexec/getty/Makefile b/libexec/getty/Makefile index b32320f..ba47901 100644 --- a/libexec/getty/Makefile +++ b/libexec/getty/Makefile @@ -1,7 +1,7 @@ # @(#)Makefile 8.1 (Berkeley) 6/4/93 PROG= getty -SRCS= main.c init.c subr.c ttydefaults.c +SRCS= main.c init.c subr.c ttydefaults.c fbtab_stuff.c DPADD= ${LIBUTIL} LDADD= -lutil MAN5= gettytab.5 ttys.5 diff --git a/libexec/getty/fbtab_stuff.c b/libexec/getty/fbtab_stuff.c new file mode 100644 index 0000000..2ae5394 --- /dev/null +++ b/libexec/getty/fbtab_stuff.c @@ -0,0 +1,93 @@ +#include <sys/types.h> +#include <stdio.h> +#include <syslog.h> +#include <string.h> +#include <errno.h> +#include <dirent.h> + +#include "pathnames.h" + +#define WSPACE " \t\n" + +void reset_fbtab __P((char *tty)); +void reset_protect __P((char *table, char *path, int mask)); + +/* + * reset_fbtab - reset ownership to root/wheel and apply protections + * specified in /etc/fbtab or logindevperm + */ + +void +reset_fbtab(tty) +char *tty; +{ + FILE *fp; + char buf[BUFSIZ]; + char *devname; + char *cp; + int prot; + char *table; + + if ((fp = fopen(table = _PATH_FBTAB, "r")) == 0 + && (fp = fopen(table = _PATH_LOGINDEVPERM, "r")) == 0) + return; + + while (fgets(buf, sizeof(buf), fp)) { + if (cp = strchr(buf, '#')) + *cp = 0; /* strip comment */ + if ((cp = devname = strtok(buf, WSPACE)) == 0) + continue; /* empty or comment */ + if (strncmp(devname, "/dev/", 5) != 0 + || (cp = strtok((char *) 0, WSPACE)) == 0 + || *cp != '0' + || sscanf(cp, "%o", &prot) == 0 + || prot == 0 + || (prot & 0777) != prot + || (cp = strtok((char *) 0, WSPACE)) == 0) { + syslog(LOG_ERR, "%s: bad entry: %s", table, cp ? cp : "(null)"); + continue; + } + if (strcmp(devname, tty) == 0) { + for (cp = strtok(cp, ":"); cp; cp = strtok((char *) 0, ":")) { + reset_protect(table, cp, prot); + } + } + } + fclose(fp); +} + +/* reset_protect - protect one device entry */ + +void +reset_protect(table, path, mask) +char *table; +char *path; +int mask; +{ + char buf[BUFSIZ]; + int pathlen = strlen(path); + struct dirent *ent; + DIR *dir; + + if (strcmp("/*", path + pathlen - 2) != 0) { + if (chmod(path, mask) && errno != ENOENT) + syslog(LOG_ERR, "%s: chmod(%s): %m", table, path); + if (chown(path, 0, 0) && errno != ENOENT) + syslog(LOG_ERR, "%s: chown(%s): %m", table, path); + } else { + strcpy(buf, path); + buf[pathlen - 1] = 0; + if ((dir = opendir(buf)) == 0) { + syslog(LOG_ERR, "%s: opendir(%s): %m", table, path); + } else { + while ((ent = readdir(dir)) != 0) { + if (strcmp(ent->d_name, ".") != 0 + && strcmp(ent->d_name, "..") != 0) { + strcpy(buf + pathlen - 1, ent->d_name); + reset_protect(table, buf, mask); + } + } + closedir(dir); + } + } +} diff --git a/libexec/getty/getty.8 b/libexec/getty/getty.8 index ffd5060..6340fe2 100644 --- a/libexec/getty/getty.8 +++ b/libexec/getty/getty.8 @@ -61,6 +61,13 @@ If there is no argument or the argument is .Ql Fl , the tty line is assumed to be open as file descriptor 0. .Pp +If the argument +.Ar tty +matches the first entry in one of the lines in +.Pa /etc/fbtab +the userid and groupid of the device list on that line is reset to root and +wheel respectively. +.Pp The .Ar type argument can be used to make @@ -111,9 +118,11 @@ does not exist. .El .Sh FILES .Bl -tag -width /etc/gettytab -compact +.It Pa /etc/fbtab .It Pa /etc/gettytab .El .Sh SEE ALSO +.Xr fbtab 5 , .Xr gettytab 5 , .Xr init 8 , .Xr login 1 , diff --git a/libexec/getty/main.c b/libexec/getty/main.c index c27ddf4..ddfc272 100644 --- a/libexec/getty/main.c +++ b/libexec/getty/main.c @@ -161,7 +161,7 @@ static void putchr __P((int)); static void putf __P((char *)); static void putpad __P((char *)); static void puts __P((char *)); - +extern void reset_fbtab __P((char *)); int main(argc, argv) int argc; @@ -224,6 +224,9 @@ main(argc, argv) } } + /* Read the FBTAB file and check if we have to reset perms/ownership */ + reset_fbtab(ttyn); + gettable("default", defent); gendefaults(); tname = "default"; diff --git a/libexec/getty/pathnames.h b/libexec/getty/pathnames.h index 714a9cc..7b26ed7 100644 --- a/libexec/getty/pathnames.h +++ b/libexec/getty/pathnames.h @@ -35,5 +35,7 @@ #include <paths.h> -#define _PATH_GETTYTAB "/etc/gettytab" -#define _PATH_LOGIN "/usr/bin/login" +#define _PATH_GETTYTAB "/etc/gettytab" +#define _PATH_LOGIN "/usr/bin/login" +#define _PATH_FBTAB "/etc/fbtab" +#define _PATH_LOGINDEVPERM "/etc/logindevperm" |
