[rtems commit] shell: Use crypt_r() in rtems_shell_login_check()
Sebastian Huber
sebh at rtems.org
Thu Nov 20 13:53:25 UTC 2014
Module: rtems
Branch: master
Commit: acf9a8dd54d1b1cb01e361784146a062a29e1487
Changeset: http://git.rtems.org/rtems/commit/?id=acf9a8dd54d1b1cb01e361784146a062a29e1487
Author: Sebastian Huber <sebastian.huber at embedded-brains.de>
Date: Fri Nov 14 14:31:54 2014 +0100
shell: Use crypt_r() in rtems_shell_login_check()
Use '*" to disable shell login instead of '!' according to the Linux man
page. Use getpwnam_r() instead of getpwnam(). Do not access the user
environment directly. Update the user environment only after a
successful login check.
---
cpukit/libmisc/shell/login_check.c | 55 +++++++-----
testsuites/libtests/Makefile.am | 1 +
testsuites/libtests/configure.ac | 1 +
testsuites/libtests/shell01/Makefile.am | 19 +++++
testsuites/libtests/shell01/init.c | 145 ++++++++++++++++++++++++++++++++
testsuites/libtests/shell01/shell01.doc | 11 +++
testsuites/libtests/shell01/shell01.scn | 2 +
testsuites/samples/fileio/init.c | 13 ++-
8 files changed, 224 insertions(+), 23 deletions(-)
diff --git a/cpukit/libmisc/shell/login_check.c b/cpukit/libmisc/shell/login_check.c
index 8be5be2..372d059 100644
--- a/cpukit/libmisc/shell/login_check.c
+++ b/cpukit/libmisc/shell/login_check.c
@@ -5,10 +5,10 @@
*/
/*
- * Copyright (c) 2009 embedded brains GmbH and others.
+ * Copyright (c) 2009-2014 embedded brains GmbH and others.
*
* embedded brains GmbH
- * Obere Lagerstr. 30
+ * Dornierstr. 4
* D-82178 Puchheim
* Germany
* <rtems at embedded-brains.de>
@@ -30,36 +30,53 @@
#include <unistd.h>
#include <pwd.h>
#include <string.h>
+#include <crypt.h>
#include <rtems/shell.h>
-#include <rtems/userenv.h>
bool rtems_shell_login_check(
const char *user,
const char *passphrase
)
{
- struct passwd *pw = getpwnam( user);
+ char buf[256];
+ struct passwd *pw_res;
+ struct passwd pw;
+ int eno;
+ bool ok;
+
+ eno = getpwnam_r(user, &pw, &buf[0], sizeof(buf), &pw_res);
/* Valid user? */
- if (pw != NULL && strcmp( pw->pw_passwd, "!") != 0) {
- rtems_shell_env_t *env = rtems_shell_get_current_env();
- setuid( pw->pw_uid);
- setgid( pw->pw_gid);
- rtems_current_user_env->euid = 0;
- rtems_current_user_env->egid = 0;
- if (env)
- chown( env->devname, pw->pw_uid, 0);
- rtems_current_user_env->euid = pw->pw_uid;
- rtems_current_user_env->egid = pw->pw_gid;
- if (strcmp( pw->pw_passwd, "*") == 0) {
+ if (eno == 0 && strcmp(pw.pw_passwd, "*") != 0) {
+ if (strcmp(pw.pw_passwd, "") == 0) {
+ ok = true;
+ } else if (strcmp(pw.pw_passwd, "x") == 0) {
/* TODO: /etc/shadow */
- return true;
+ ok = false;
} else {
- /* TODO: crypt() */
- return true;
+ struct crypt_data data;
+ char *s;
+
+ s = crypt_r(passphrase, pw.pw_passwd, &data);
+ ok = strcmp(s, pw.pw_passwd) == 0;
}
+ } else {
+ ok = false;
+ }
+
+ if (ok) {
+ rtems_shell_env_t *env = rtems_shell_get_current_env();
+
+ if (env != NULL) {
+ chown(env->devname, pw.pw_uid, 0);
+ }
+
+ setuid(pw.pw_uid);
+ setgid(pw.pw_gid);
+ seteuid(pw.pw_uid);
+ setegid(pw.pw_gid);
}
- return false;
+ return ok;
}
diff --git a/testsuites/libtests/Makefile.am b/testsuites/libtests/Makefile.am
index b04535c..a5261a4 100644
--- a/testsuites/libtests/Makefile.am
+++ b/testsuites/libtests/Makefile.am
@@ -1,6 +1,7 @@
ACLOCAL_AMFLAGS = -I ../aclocal
_SUBDIRS = POSIX
+_SUBDIRS += shell01
_SUBDIRS += pwdgrp01
_SUBDIRS += crypt01
_SUBDIRS += sha
diff --git a/testsuites/libtests/configure.ac b/testsuites/libtests/configure.ac
index b1a7277..80245f9 100644
--- a/testsuites/libtests/configure.ac
+++ b/testsuites/libtests/configure.ac
@@ -66,6 +66,7 @@ AS_IF([test x"$HAVE_LIBDL" = x"yes"],[
# Explicitly list all Makefiles here
AC_CONFIG_FILES([Makefile
+shell01/Makefile
pwdgrp01/Makefile
crypt01/Makefile
sha/Makefile
diff --git a/testsuites/libtests/shell01/Makefile.am b/testsuites/libtests/shell01/Makefile.am
new file mode 100644
index 0000000..c44ba8f
--- /dev/null
+++ b/testsuites/libtests/shell01/Makefile.am
@@ -0,0 +1,19 @@
+rtems_tests_PROGRAMS = shell01
+shell01_SOURCES = init.c
+
+dist_rtems_tests_DATA = shell01.scn shell01.doc
+
+include $(RTEMS_ROOT)/make/custom/@RTEMS_BSP at .cfg
+include $(top_srcdir)/../automake/compile.am
+include $(top_srcdir)/../automake/leaf.am
+
+AM_CPPFLAGS += -I$(top_srcdir)/../support/include
+
+LINK_OBJS = $(shell01_OBJECTS)
+LINK_LIBS = $(shell01_LDLIBS)
+
+shell01$(EXEEXT): $(shell01_OBJECTS) $(shell01_DEPENDENCIES)
+ @rm -f shell01$(EXEEXT)
+ $(make-exe)
+
+include $(top_srcdir)/../automake/local.am
diff --git a/testsuites/libtests/shell01/init.c b/testsuites/libtests/shell01/init.c
new file mode 100644
index 0000000..413ce6e
--- /dev/null
+++ b/testsuites/libtests/shell01/init.c
@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 2014 embedded brains GmbH. All rights reserved.
+ *
+ * embedded brains GmbH
+ * Dornierstr. 4
+ * 82178 Puchheim
+ * Germany
+ * <rtems at embedded-brains.de>
+ *
+ * The license and distribution terms for this file may be
+ * found in the file LICENSE in this distribution or at
+ * http://www.rtems.org/license/LICENSE.
+ */
+
+#ifdef HAVE_CONFIG_H
+ #include "config.h"
+#endif
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include <rtems/shell.h>
+
+#include "tmacros.h"
+
+const char rtems_test_name[] = "SHELL 1";
+
+static void create_file(const char *name, const char *content)
+{
+ FILE *fp;
+ int rv;
+
+ fp = fopen(name, "wx");
+ rtems_test_assert(fp != NULL);
+
+ rv = fputs(content, fp);
+ rtems_test_assert(rv == 0);
+
+ rv = fclose(fp);
+ rtems_test_assert(rv == 0);
+}
+
+static void test(void)
+{
+ bool ok;
+ int rv;
+
+ rv = mkdir("/etc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+ rtems_test_assert(rv == 0);
+
+ create_file(
+ "/etc/passwd",
+ "moop:foo:1:3:blob:a::c\n"
+ "no:*:2:4::::\n"
+ "zero::3:5::::\n"
+ "shadow:x:4:6::::\n"
+ );
+
+ create_file(
+ "/etc/group",
+ "A::1:moop,u,v,w,zero\n"
+ "B::2:moop\n"
+ "blub:bar:3:moop\n"
+ "C::4:l,m,n,moop\n"
+ "D::5:moop,moop\n"
+ "E::6:x\n"
+ "E::7:y,z\n"
+ "F::8:s,moop,t\n"
+ );
+
+ rv = setuid(0);
+ rtems_test_assert(rv == 0);
+
+ rv = seteuid(0);
+ rtems_test_assert(rv == 0);
+
+ ok = rtems_shell_login_check("inv", NULL);
+ rtems_test_assert(!ok);
+
+ ok = rtems_shell_login_check("no", NULL);
+ rtems_test_assert(!ok);
+
+ ok = rtems_shell_login_check("shadow", NULL);
+ rtems_test_assert(!ok);
+
+ ok = rtems_shell_login_check("moop", "false");
+ rtems_test_assert(!ok);
+
+ rtems_test_assert(getuid() == 0);
+ rtems_test_assert(geteuid() == 0);
+ rtems_test_assert(getgid() == 0);
+ rtems_test_assert(getegid() == 0);
+
+ ok = rtems_shell_login_check("zero", NULL);
+ rtems_test_assert(ok);
+ rtems_test_assert(getuid() == 3);
+ rtems_test_assert(geteuid() == 3);
+ rtems_test_assert(getgid() == 5);
+ rtems_test_assert(getegid() == 5);
+
+ ok = rtems_shell_login_check("moop", "foo");
+ rtems_test_assert(ok);
+ rtems_test_assert(getuid() == 1);
+ rtems_test_assert(geteuid() == 1);
+ rtems_test_assert(getgid() == 3);
+ rtems_test_assert(getegid() == 3);
+}
+
+static void Init(rtems_task_argument arg)
+{
+ TEST_BEGIN();
+
+ test();
+
+ TEST_END();
+ rtems_test_exit(0);
+}
+
+#define CONFIGURE_APPLICATION_DOES_NOT_NEED_CLOCK_DRIVER
+#define CONFIGURE_APPLICATION_NEEDS_CONSOLE_DRIVER
+
+#define CONFIGURE_USE_IMFS_AS_BASE_FILESYSTEM
+
+#define CONFIGURE_LIBIO_MAXIMUM_FILE_DESCRIPTORS 4
+
+#define CONFIGURE_MAXIMUM_TASKS 1
+#define CONFIGURE_MAXIMUM_POSIX_KEYS 1
+#define CONFIGURE_MAXIMUM_POSIX_KEY_VALUE_PAIRS 1
+
+#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
+
+#define CONFIGURE_RTEMS_INIT_TASKS_TABLE
+
+#define CONFIGURE_INIT
+
+#include <rtems/confdefs.h>
+
+#define CONFIGURE_SHELL_COMMANDS_INIT
+
+#include <rtems/shellconfig.h>
diff --git a/testsuites/libtests/shell01/shell01.doc b/testsuites/libtests/shell01/shell01.doc
new file mode 100644
index 0000000..e3b0044
--- /dev/null
+++ b/testsuites/libtests/shell01/shell01.doc
@@ -0,0 +1,11 @@
+This file describes the directives and concepts tested by this test set.
+
+test set name: shell01
+
+directives:
+
+ - rtems_shell_login_check
+
+concepts:
+
+ - Ensure that rtems_shell_login_check() works as expected.
diff --git a/testsuites/libtests/shell01/shell01.scn b/testsuites/libtests/shell01/shell01.scn
new file mode 100644
index 0000000..cf6082f
--- /dev/null
+++ b/testsuites/libtests/shell01/shell01.scn
@@ -0,0 +1,2 @@
+*** BEGIN OF TEST SHELL 1 ***
+*** END OF TEST SHELL 1 ***
diff --git a/testsuites/samples/fileio/init.c b/testsuites/samples/fileio/init.c
index 2b60922..735b588 100644
--- a/testsuites/samples/fileio/init.c
+++ b/testsuites/samples/fileio/init.c
@@ -13,6 +13,7 @@
#define CONFIGURE_INIT
#include "system.h"
+#include <crypt.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
@@ -641,10 +642,11 @@ static void fileio_start_shell(void)
writeFile(
"/etc/passwd",
0644,
- "root:7QR4o148UPtb.:0:0:root::/:/bin/sh\n"
- "rtems:*:1:1:RTEMS Application::/:/bin/sh\n"
- "test:8Yy.AaxynxbLI:2:2:test account::/:/bin/sh\n"
- "tty:!:3:3:tty owner::/:/bin/false\n"
+ "root:$6$$FuPOhnllx6lhW2qqlnmWvZQLJ8Thr/09I7ESTdb9VbnTOn5.65"
+ "/Vh2Mqa6FoKXwT0nHS/O7F0KfrDc6Svb/sH.:0:0:root::/:/bin/sh\n"
+ "rtems::1:1:RTEMS Application::/:/bin/sh\n"
+ "test:$1$$oPu1Xt2Pw0ngIc7LyDHqu1:2:2:test account::/:/bin/sh\n"
+ "tty:*:3:3:tty owner::/:/bin/false\n"
);
writeFile(
"/etc/group",
@@ -1225,6 +1227,9 @@ Init (rtems_task_argument ignored)
TEST_BEGIN();
+ crypt_add_format(&crypt_md5_format);
+ crypt_add_format(&crypt_sha512_format);
+
status = rtems_shell_wait_for_input(
STDIN_FILENO,
20,
More information about the vc
mailing list