commit 3537cb7ad38f038a689f96e70ad50cd1f57f05e4
parent 6a1dbcd194ac206bbdc52584b023e2e4e549eafd
Author: ccx <ccx@te2000.cz>
Date: Wed, 13 Mar 2024 07:40:54 +0000
Fix loginexec check, warn if unavailable
Diffstat:
1 file changed, 22 insertions(+), 3 deletions(-)
diff --git a/login/login.c b/login/login.c
@@ -46,6 +46,16 @@ static void login_timeout_handler(int sig __attribute__((unused)))
exit(0);
}
+unsigned char login_hashcmp(const char *s1, const char *s2)
+{
+ // constant time string comparison
+ unsigned char result = 0;
+ do {
+ result |= (*s1) ^ (*s2);
+ } while(*(s1++) && *(s2++));
+ return result;
+}
+
void login_main(void)
{
char *forbid[] = {
@@ -72,7 +82,7 @@ void login_main(void)
if (TT.username) username = TT.username;
else username = *toys.optargs;
for (count = 0; count < 3; count++) {
- //alarm(TT.login_timeout = 60);
+ alarm(TT.login_timeout = 60);
tcflush(0, TCIFLUSH);
if (!username) {
@@ -115,7 +125,7 @@ void login_main(void)
// Verify password. (Prompt for password _before_ checking disable state.)
if (!read_password(toybuf, sizeof(toybuf), "Password: ")) {
- int x = pass && (ss = crypt(toybuf, pass)) && !strcmp(pass, ss);
+ int x = pass && (ss = crypt(toybuf, pass)) && !login_hashcmp(pass, ss);
if (x && use_loginexec) {
if(!pipe(pipefd)) {
@@ -141,7 +151,7 @@ void login_main(void)
perror("pipe");
pipefd[0] = pipefd[1] = -1;
}
- if (!access("/etc/loginexec", X_OK)) {
+ if (!access(LOGINEXEC_PATH, X_OK)) {
if (!(toys.optflags&FLAG_p)) {
char *term = getenv("TERM");
@@ -162,6 +172,15 @@ void login_main(void)
alarm(0); // remove pending SIGALRM for stale login
execl(LOGINEXEC_PATH, LOGINEXEC_PATH, loginexec, (char *)0);
+ } else {
+ syslog(LOG_WARNING, "login executable '%s' unavailable when attempting to log in as '%s' on %s %s%s",
+ LOGINEXEC_PATH,
+ pwd ? pwd->pw_name : "UNKNOWN",
+ ttyname(tty),
+ hh ? "from " : "", hh ? TT.hostname : "");
+
+ puts("global loginexec unavailable, using user shell");
+ use_loginexec = 0;
}
}
// password go bye-bye now.
