mrrl-logincaps

MRRL version of logincaps
git clone https://ccx.te2000.cz/git/mrrl-logincaps
Log | Files | Refs
commit 16216fac9dc749c8527598f98d110f25d0ca943e
parent b8c706e2a24a12ec3854d41e777e4b8840f98be2
Author: ccx <ccx@te2000.cz>
Date:   Sun, 10 Mar 2024 20:34:37 +0000

remove absolute paths, configurable path to global loginexec

Diffstat:

Metc/loginexec | 12+++++++-----


Mlogin/build_static.sh | 2+-


Mlogin/login.c | 6+++++-


Msbin/logincaps | 4++--


4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/etc/loginexec b/etc/loginexec
@@ -1,4 +1,4 @@
-#!/command/execlineb -P
+#!/command/execlineb -S0
 multisubstitute {
 	importas HOME HOME
 	importas USER USER
@@ -13,10 +13,11 @@ ifthenelse -s { test -d $HOME } {
 
 ifelse -n { test -x ${HOME}/loginexec } {
 	s6-setuidgid $USER
+	nosuid
 	exec -l $SHELL
 }
 
-foreground { printf "%s: running %s\n" /etc/loginexec ${HOME}/loginexec }
+foreground { printf "%s: running %s\n" $0 ${HOME}/loginexec }
 piperw 10 8
 piperw 9 11
 background {
@@ -32,14 +33,15 @@ background {
 		test -n $LOGINPASS_FD
 	} {
 		fdclose $LOGINPASS_FD
-		unexport LOGINPASS_FD↵
-		/command/logincaps
+		unexport LOGINPASS_FD
+		logincaps
 	}
-	/command/logincaps
+	logincaps
 }
 fdclose 10
 fdclose 11
 export LOGINCAP_READFD 9
 export LOGINCAP_WRITEFD 8
 s6-setuidgid $USER
+nosuid
 ${HOME}/loginexec
diff --git a/login/build_static.sh b/login/build_static.sh
@@ -39,6 +39,6 @@ FILES=$FILES' main.c login.c'
 
 mkdir -p unstripped || exit $?
 
-$BUILD $FILES $LINK || exit $?
+$BUILD $@ $FILES $LINK || exit $?
 
 strip -o login unstripped/login
diff --git a/login/login.c b/login/login.c
@@ -27,6 +27,10 @@ config LOGIN
 #define FOR_login
 #include "toys.h"
 
+#ifndef LOGINEXEC_PATH
+#define LOGINEXEC_PATH "/etc/loginexec"
+#endif
+
 GLOBALS(
   char *hostname;
   char *username;
@@ -155,7 +159,7 @@ void login_main(void)
 
           alarm(0); // remove pending SIGALRM for stale login
 
-          execl("/etc/loginexec", "/etc/loginexec", loginexec, (char *)0);
+          execl(LOGINEXEC_PATH, LOGINEXEC_PATH, loginexec, (char *)0);
         }
       }
       // password go bye-bye now.
diff --git a/sbin/logincaps b/sbin/logincaps
@@ -107,14 +107,14 @@ terminal_spawn_common() {
 
 terminal_spawn_password() {
 	if check_wheel; then
-		terminal_spawn_common "/command/check-root-password.py /command/spawn-pty.py" '{ login -f root }' "$1"
+		terminal_spawn_common "check-root-password.py spawn-pty.py" '{ login -f root }' "$1"
 	else
 		printf 'ERR: Not in the group "wheel" (ex:%d)\n' $?
 	fi
 }
 
 terminal_spawn() {
-	terminal_spawn_common /command/spawn-pty.py "{ $1 }" "$2"
+	terminal_spawn_common spawn-pty.py "{ $1 }" "$2"
 }
 
 main() {