xref: /titanic_41/usr/src/cmd/sulogin/sulogin.c (revision ef287aad55c36c55e43651ee7ec7aa169b89408d)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2008 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*
27  *	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
28  *	All rights reserved.
29  *
30  *	Copyright (c) 1987, 1988 Microsoft Corporation.
31  *	All rights reserved.
32  */
33 
34 /*
35  *	sulogin - special login program exec'd from init to let user
36  *	come up single user, or go to default init state straight away.
37  *
38  *	Explain the scoop to the user, prompt for an authorized user
39  *	name or ^D and then prompt for password or ^D.  If the password
40  *	is correct, check if the user is authorized, if so enter
41  *	single user. ^D exits sulogin, and init will go to default init state.
42  *
43  *	If /etc/passwd is missing, or there's no entry for root,
44  *	go single user, no questions asked.
45  */
46 
47 #include <sys/types.h>
48 #include <sys/stat.h>
49 #include <sys/param.h>
50 #include <sys/sysmsg_impl.h>
51 #include <sys/mkdev.h>
52 #include <sys/resource.h>
53 #include <sys/uadmin.h>
54 #include <sys/wait.h>
55 #include <sys/stermio.h>
56 #include <fcntl.h>
57 #include <termio.h>
58 #include <pwd.h>
59 #include <shadow.h>
60 #include <stdlib.h>
61 #include <stdio.h>
62 #include <signal.h>
63 #include <siginfo.h>
64 #include <utmpx.h>
65 #include <unistd.h>
66 #include <ucontext.h>
67 #include <string.h>
68 #include <strings.h>
69 #include <deflt.h>
70 #include <limits.h>
71 #include <errno.h>
72 #include <crypt.h>
73 #include <auth_attr.h>
74 #include <auth_list.h>
75 #include <nss_dbdefs.h>
76 #include <user_attr.h>
77 #include <sys/vt.h>
78 
79 /*
80  * Intervals to sleep after failed login
81  */
82 #ifndef SLEEPTIME
83 #define	SLEEPTIME	4	/* sleeptime before login incorrect msg */
84 #endif
85 
86 #define	SLEEPTIME_MAX	5	/* maximum sleeptime */
87 
88 /*
89  *	the name of the file containing the login defaults we deliberately
90  *	use the same file as login(1)
91  */
92 
93 #define	DEFAULT_LOGIN	"/etc/default/login"
94 #define	DEFAULT_SULOGIN	"/etc/default/sulogin"
95 #define	DEFAULT_CONSOLE	"/dev/console"
96 
97 static char	shell[]	= "/sbin/sh";
98 static char	su[]	= "/sbin/su.static";
99 static int	sleeptime	= SLEEPTIME;
100 static int	nchild = 0;
101 static pid_t	pidlist[10];
102 static pid_t	masterpid = 0;
103 static pid_t	originalpid = 0;
104 static struct sigaction	sa;
105 static struct termio	ttymodes;
106 
107 static char	*findttyname(int fd);
108 static char	*stripttyname(char *);
109 static char	*sulogin_getinput(char *, int);
110 static void	noop(int);
111 static void	single(const char *, char *);
112 static void	main_loop(char *, boolean_t);
113 static void	parenthandler();
114 static void	termhandler(int);
115 static void	setupsigs(void);
116 static int	pathcmp(char *, char *);
117 static void	doit(char *, char *);
118 static void	childcleanup(int);
119 
120 #define	ECHOON	0
121 #define	ECHOOFF	1
122 
123 /* ARGSUSED */
124 int
125 main(int argc, char **argv)
126 {
127 	struct spwd	*shpw;
128 	int		passreq = B_TRUE;
129 	int		flags;
130 	int		fd;
131 	char		*infop, *ptr, *p;
132 	pid_t		pid;
133 	int		bufsize;
134 	struct stat	st;
135 	char		cttyname[100];
136 	char		namedlist[500];
137 	char		scratchlist[500];
138 	dev_t		cttyd;
139 
140 	if (geteuid() != 0) {
141 		(void) fprintf(stderr, "%s: must be root\n", argv[0]);
142 		return (EXIT_FAILURE);
143 	}
144 
145 	/* Do the magic to determine the children */
146 	if ((fd = open(SYSMSG, 0)) < 0)
147 		return (EXIT_FAILURE);
148 
149 	/*
150 	 * If the console supports the CIOCTTYCONSOLE ioctl, then fetch
151 	 * its console device list.  If not, then we use the default
152 	 * console name.
153 	 */
154 	if (ioctl(fd, CIOCTTYCONSOLE, &cttyd) == 0) {
155 		if ((bufsize = ioctl(fd, CIOCGETCONSOLE, NULL)) < 0)
156 			return (EXIT_FAILURE);
157 
158 		if (bufsize > 0) {
159 			if ((infop = calloc(bufsize, sizeof (char))) == NULL)
160 				return (EXIT_FAILURE);
161 
162 			if (ioctl(fd, CIOCGETCONSOLE, infop) < 0)
163 				return (EXIT_FAILURE);
164 
165 			(void) snprintf(namedlist, sizeof (namedlist), "%s %s",
166 			    DEFAULT_CONSOLE, infop);
167 		} else
168 			(void) snprintf(namedlist, sizeof (namedlist), "%s",
169 			    DEFAULT_CONSOLE);
170 	} else {
171 		(void) snprintf(namedlist, sizeof (namedlist), "%s",
172 		    DEFAULT_CONSOLE);
173 		cttyd = NODEV;
174 	}
175 
176 	/*
177 	 * The attempt to turn the controlling terminals dev_t into a string
178 	 * may not be successful, thus leaving the variable cttyname as a
179 	 * NULL.  This occurs if during boot we find
180 	 * the root partition (or some other partition)
181 	 * requires manual fsck, thus resulting in sulogin
182 	 * getting invoked.  The ioctl for CIOCTTYCONSOLE
183 	 * called above returned NODEV for cttyd
184 	 * in these cases.  NODEV gets returned when the vnode pointer
185 	 * in our session structure is NULL.  In these cases it
186 	 * must be assumed that the default console is used.
187 	 *
188 	 * See uts/common/os/session.c:cttydev().
189 	 */
190 	(void) strcpy(cttyname, DEFAULT_CONSOLE);
191 	(void) strcpy(scratchlist, namedlist);
192 	ptr = scratchlist;
193 	while (ptr != NULL) {
194 		p = strchr(ptr, ' ');
195 		if (p == NULL) {
196 			if (stat(ptr, &st))
197 				return (EXIT_FAILURE);
198 			if (st.st_rdev == cttyd)
199 				(void) strcpy(cttyname, ptr);
200 			break;
201 		}
202 		*p++ = '\0';
203 		if (stat(ptr, &st))
204 			return (EXIT_FAILURE);
205 		if (st.st_rdev == cttyd) {
206 			(void) strcpy(cttyname, ptr);
207 			break;
208 		}
209 		ptr = p;
210 	}
211 
212 	/*
213 	 * Use the same value of SLEEPTIME that login(1) uses.  This
214 	 * is obtained by reading the file /etc/default/login using
215 	 * the def*() functions.
216 	 */
217 
218 	if (defopen(DEFAULT_LOGIN) == 0) {
219 
220 		/* ignore case */
221 
222 		flags = defcntl(DC_GETFLAGS, 0);
223 		TURNOFF(flags, DC_CASE);
224 		(void) defcntl(DC_SETFLAGS, flags);
225 
226 		if ((ptr = defread("SLEEPTIME=")) != NULL)
227 			sleeptime = atoi(ptr);
228 
229 		if (sleeptime < 0 || sleeptime > SLEEPTIME_MAX)
230 			sleeptime = SLEEPTIME;
231 
232 		(void) defopen(NULL);	/* closes DEFAULT_LOGIN */
233 	}
234 
235 	/*
236 	 * Use our own value of PASSREQ, separate from the one login(1) uses.
237 	 * This is obtained by reading the file /etc/default/sulogin using
238 	 * the def*() functions.
239 	 */
240 
241 	if (defopen(DEFAULT_SULOGIN) == 0) {
242 		if ((ptr = defread("PASSREQ=")) != NULL)
243 			if (strcmp("NO", ptr) == 0)
244 				passreq = B_FALSE;
245 
246 		(void) defopen(NULL);	/* closes DEFAULT_SULOGIN */
247 	}
248 
249 	if (passreq == B_FALSE)
250 		single(shell, NULL);
251 
252 	/*
253 	 * if no 'root' entry in /etc/shadow, give maint. mode single
254 	 * user shell prompt
255 	 */
256 	setspent();
257 	if ((shpw = getspnam("root")) == NULL) {
258 		(void) fprintf(stderr, "\n*** Unable to retrieve `root' entry "
259 		    "in shadow password file ***\n\n");
260 		single(shell, NULL);
261 	}
262 	endspent();
263 	/*
264 	 * if no 'root' entry in /etc/passwd, give maint. mode single
265 	 * user shell prompt
266 	 */
267 	setpwent();
268 	if (getpwnam("root") == NULL) {
269 		(void) fprintf(stderr, "\n*** Unable to retrieve `root' entry "
270 		    "in password file ***\n\n");
271 		single(shell, NULL);
272 	}
273 	endpwent();
274 	/* process with controlling tty treated special */
275 	if ((pid = fork()) != (pid_t)0) {
276 		if (pid == -1)
277 			return (EXIT_FAILURE);
278 		else {
279 			setupsigs();
280 			masterpid = pid;
281 			originalpid = getpid();
282 			/*
283 			 * init() was invoked from a console that was not
284 			 * the default console, nor was it an auxiliary.
285 			 */
286 			if (cttyname[0] == NULL)
287 				termhandler(0);
288 				/* Never returns */
289 
290 			main_loop(cttyname, B_TRUE);
291 			/* Never returns */
292 		}
293 	}
294 	masterpid = getpid();
295 	originalpid = getppid();
296 	pidlist[nchild++] = originalpid;
297 
298 	sa.sa_handler = childcleanup;
299 	sa.sa_flags = 0;
300 	(void) sigemptyset(&sa.sa_mask);
301 	(void) sigaction(SIGTERM, &sa, NULL);
302 	(void) sigaction(SIGHUP, &sa, NULL);
303 	sa.sa_handler = parenthandler;
304 	sa.sa_flags = SA_SIGINFO;
305 	(void) sigemptyset(&sa.sa_mask);
306 	(void) sigaction(SIGUSR1, &sa, NULL);
307 
308 	sa.sa_handler = SIG_IGN;
309 	sa.sa_flags = 0;
310 	(void) sigemptyset(&sa.sa_mask);
311 	(void) sigaction(SIGCHLD, &sa, NULL);
312 	/*
313 	 * If there isn't a password on root, then don't permit
314 	 * the fanout capability of sulogin.
315 	 */
316 	if (*shpw->sp_pwdp != '\0') {
317 		ptr = namedlist;
318 		while (ptr != NULL) {
319 			p = strchr(ptr, ' ');
320 			if (p == NULL) {
321 				doit(ptr, cttyname);
322 				break;
323 			}
324 			*p++ = '\0';
325 			doit(ptr, cttyname);
326 			ptr = p;
327 		}
328 	}
329 	if (pathcmp(cttyname, DEFAULT_CONSOLE) != 0) {
330 		if ((pid = fork()) == (pid_t)0) {
331 			setupsigs();
332 			main_loop(DEFAULT_CONSOLE, B_FALSE);
333 		} else if (pid == -1)
334 			return (EXIT_FAILURE);
335 		pidlist[nchild++] = pid;
336 	}
337 	/*
338 	 * When parent is all done, it pauses until one of its children
339 	 * signals that its time to kill the underpriviledged.
340 	 */
341 	(void) wait(NULL);
342 
343 	return (0);
344 }
345 
346 /*
347  * These flags are taken from stty's "sane" table entries in
348  * usr/src/cmd/ttymon/sttytable.c
349  */
350 #define	SET_IFLAG (BRKINT|IGNPAR|ISTRIP|ICRNL|IXON|IMAXBEL)
351 #define	RESET_IFLAG (IGNBRK|PARMRK|INPCK|INLCR|IGNCR|IUCLC|IXOFF|IXANY)
352 #define	SET_OFLAG (OPOST|ONLCR)
353 #define	RESET_OFLAG (OLCUC|OCRNL|ONOCR|ONLRET|OFILL|OFDEL| \
354 	NLDLY|CRDLY|TABDLY|BSDLY|VTDLY|FFDLY)
355 #define	SET_LFLAG (ISIG|ICANON|IEXTEN|ECHO|ECHOK|ECHOE|ECHOKE|ECHOCTL)
356 #define	RESET_LFLAG (XCASE|ECHONL|NOFLSH|STFLUSH|STWRAP|STAPPL)
357 
358 /*
359  * Do the equivalent of 'stty sane' on the terminal since we don't know
360  * what state it was in on startup.
361  */
362 static void
363 sanitize_tty(int fd)
364 {
365 	(void) ioctl(fd, TCGETA, &ttymodes);
366 	ttymodes.c_iflag &= ~RESET_IFLAG;
367 	ttymodes.c_iflag |= SET_IFLAG;
368 	ttymodes.c_oflag &= ~RESET_OFLAG;
369 	ttymodes.c_oflag |= SET_OFLAG;
370 	ttymodes.c_lflag &= ~RESET_LFLAG;
371 	ttymodes.c_lflag |= SET_LFLAG;
372 	ttymodes.c_cc[VERASE] = CERASE;
373 	ttymodes.c_cc[VKILL] = CKILL;
374 	ttymodes.c_cc[VQUIT] = CQUIT;
375 	ttymodes.c_cc[VINTR] = CINTR;
376 	ttymodes.c_cc[VEOF] = CEOF;
377 	ttymodes.c_cc[VEOL] = CNUL;
378 	(void) ioctl(fd, TCSETAF, &ttymodes);
379 }
380 
381 /*
382  * Fork a child of sulogin for each of the auxiliary consoles.
383  */
384 static void
385 doit(char *ptr, char *cttyname)
386 {
387 	pid_t	pid;
388 
389 	if (pathcmp(ptr, DEFAULT_CONSOLE) != 0 &&
390 	    pathcmp(ptr, cttyname) != 0) {
391 		if ((pid = fork()) == (pid_t)0) {
392 			setupsigs();
393 			main_loop(ptr, B_FALSE);
394 		} else if (pid == -1)
395 			exit(EXIT_FAILURE);
396 		pidlist[nchild++] = pid;
397 	}
398 }
399 
400 static int
401 pathcmp(char *adev, char *bdev)
402 {
403 	struct stat	st1;
404 	struct stat	st2;
405 
406 	if (adev == NULL || bdev == NULL)
407 		return (1);
408 
409 	if (strcmp(adev, bdev) == 0)
410 		return (0);
411 
412 	if (stat(adev, &st1) || !S_ISCHR(st1.st_mode))
413 		return (1);
414 
415 	if (stat(bdev, &st2) || !S_ISCHR(st2.st_mode))
416 		return (1);
417 
418 	if (st1.st_rdev == st2.st_rdev)
419 		return (0);
420 
421 	return (1);
422 }
423 
424 /* Handlers for the children at initialization */
425 static void
426 setupsigs()
427 {
428 	sa.sa_handler = noop;
429 	sa.sa_flags = 0;
430 	(void) sigemptyset(&sa.sa_mask);
431 	(void) sigaction(SIGINT, &sa, NULL);
432 	(void) sigaction(SIGQUIT, &sa, NULL);
433 
434 	sa.sa_handler = termhandler;
435 	sa.sa_flags = 0;
436 	(void) sigemptyset(&sa.sa_mask);
437 	(void) sigaction(SIGTERM, &sa, NULL);
438 	(void) sigaction(SIGKILL, &sa, NULL);
439 	(void) sigaction(SIGHUP, &sa, NULL);
440 }
441 
442 static void
443 main_loop(char *devname, boolean_t cttyflag)
444 {
445 	int		fd, i;
446 	char		*user = NULL;		/* authorized user */
447 	char		*pass;			/* password from user */
448 	char		*cpass;			/* crypted password */
449 	struct spwd	spwd;
450 	struct spwd	*lshpw;			/* local shadow */
451 	char		shadow[NSS_BUFLEN_SHADOW];
452 	FILE		*sysmsgfd;
453 
454 	for (i = 0; i < 3; i++)
455 		(void) close(i);
456 	if (cttyflag == B_FALSE) {
457 		if (setsid() == -1)
458 			exit(EXIT_FAILURE);
459 	}
460 	if ((fd = open(devname, O_RDWR)) < 0)
461 		exit(EXIT_FAILURE);
462 
463 	/*
464 	 * In system maintenance mode, all virtual console instances
465 	 * of the svc:/system/console-login service are not available
466 	 * any more, and only the system console is available. So here
467 	 * we always switch to the system console in case at the moment
468 	 * the active console isn't it.
469 	 */
470 	(void) ioctl(fd, VT_ACTIVATE, 1);
471 
472 	if (fd != 0)
473 		(void) dup2(fd, STDIN_FILENO);
474 	if (fd != 1)
475 		(void) dup2(fd, STDOUT_FILENO);
476 	if (fd != 2)
477 		(void) dup2(fd, STDERR_FILENO);
478 	if (fd > 2)
479 		(void) close(fd);
480 
481 	sysmsgfd = fopen("/dev/sysmsg", "w");
482 
483 	sanitize_tty(fileno(stdin));
484 
485 	for (;;) {
486 		(void) printf("\nEnter user name for system maintenance "
487 		    "(control-d to bypass): ");
488 		if ((user = sulogin_getinput(devname, ECHOON)) == NULL) {
489 			/* signal other children to exit */
490 			(void) sigsend(P_PID, masterpid, SIGUSR1);
491 			/* ^D, so straight to default init state */
492 			exit(EXIT_FAILURE);
493 		}
494 		(void) printf("\nEnter %s password for system maintenance "
495 		    "(control-d to bypass): ", user);
496 
497 		if ((pass = sulogin_getinput(devname, ECHOOFF)) == NULL) {
498 			/* signal other children to exit */
499 			(void) sigsend(P_PID, masterpid, SIGUSR1);
500 			/* ^D, so straight to default init state */
501 			free(user);
502 			exit(EXIT_FAILURE);
503 		}
504 		lshpw = getspnam_r(user, &spwd, shadow, sizeof (shadow));
505 		if (lshpw == NULL) {
506 			/*
507 			 * the user entered doesn't exist, too bad.
508 			 */
509 			goto sorry;
510 		}
511 
512 		/*
513 		 * There is a special case error to catch here:
514 		 * If the password is hashed with an algorithm
515 		 * other than the old unix crypt the call to crypt(3c)
516 		 * could fail if /usr is corrupt or not available
517 		 * since by default /etc/security/crypt.conf will
518 		 * have the crypt_ modules located under /usr/lib.
519 		 * Or it could happen if /etc/security/crypt.conf
520 		 * is corrupted.
521 		 *
522 		 * If this happens crypt(3c) will return NULL and
523 		 * set errno to ELIBACC for the former condition or
524 		 * EINVAL for the latter, in this case we bypass
525 		 * authentication and just verify that the user is
526 		 * authorized.
527 		 */
528 
529 		errno = 0;
530 		cpass = crypt(pass, lshpw->sp_pwdp);
531 		if (((cpass == NULL) && (lshpw->sp_pwdp[0] == '$')) &&
532 		    ((errno == ELIBACC) || (errno == EINVAL))) {
533 			goto checkauth;
534 		} else if ((cpass == NULL) ||
535 		    (strcmp(cpass, lshpw->sp_pwdp) != 0)) {
536 			goto sorry;
537 		}
538 
539 checkauth:
540 		/*
541 		 * There is a special case error here as well.
542 		 * If /etc/user_attr is corrupt, getusernam("root")
543 		 * returns NULL.
544 		 * In this case, we just give access because this is similar
545 		 * to the case of root not existing in /etc/passwd.
546 		 */
547 
548 		if ((getusernam("root") != NULL) &&
549 		    (chkauthattr(MAINTENANCE_AUTH, user) != 1)) {
550 			goto sorry;
551 		}
552 		(void) fprintf(sysmsgfd, "\nsingle-user privilege "
553 		    "assigned to %s on %s.\n", user, devname);
554 		(void) sigsend(P_PID, masterpid, SIGUSR1);
555 		(void) wait(NULL);
556 		free(user);
557 		free(pass);
558 		single(su, devname);
559 		/* single never returns */
560 
561 sorry:
562 		(void) printf("\nLogin incorrect or user %s not authorized\n",
563 		    user);
564 		free(user);
565 		free(pass);
566 		(void) sleep(sleeptime);
567 	}
568 }
569 
570 /*
571  * single() - exec shell for single user mode
572  */
573 
574 static void
575 single(const char *cmd, char *ttyn)
576 {
577 	struct utmpx	*u;
578 	char		found = B_FALSE;
579 
580 	if (ttyn == NULL)
581 		ttyn = findttyname(STDIN_FILENO);
582 
583 	/*
584 	 * utmpx records on the console device are expected to be "console"
585 	 * by other processes, such as dtlogin.
586 	 */
587 	ttyn = stripttyname(ttyn);
588 
589 	/* update the utmpx file. */
590 	while ((u = getutxent()) != NULL) {
591 		if (strcmp(u->ut_line, ttyn) == 0) {
592 			u->ut_tv.tv_sec = time(NULL);
593 			u->ut_type = USER_PROCESS;
594 			u->ut_pid = getpid();
595 			if (strcmp(u->ut_user, "root") != 0)
596 				(void) strcpy(u->ut_user, "root");
597 			(void) pututxline(u);
598 			found = B_TRUE;
599 			break;
600 		}
601 	}
602 	if (!found) {
603 		struct utmpx entryx;
604 
605 		entryx.ut_tv.tv_sec = time(NULL);
606 		entryx.ut_type = USER_PROCESS;
607 		entryx.ut_pid = getpid();
608 		(void) strcpy(entryx.ut_user, "root");
609 		(void) strcpy(entryx.ut_line, ttyn);
610 		entryx.ut_tv.tv_usec = 0;
611 		entryx.ut_session = 0;
612 		entryx.ut_id[0] = 'c';
613 		entryx.ut_id[1] = 'o';
614 		entryx.ut_id[2] = 's';
615 		entryx.ut_id[3] = 'u';
616 		entryx.ut_syslen = 1;
617 		entryx.ut_host[0] = '\0';
618 		entryx.ut_exit.e_termination = WTERMSIG(0);
619 		entryx.ut_exit.e_exit = WEXITSTATUS(0);
620 		(void) pututxline(&entryx);
621 	}
622 	endutxent();
623 	(void) printf("Entering System Maintenance Mode\n\n");
624 
625 	if (execl(cmd, cmd, "-", (char *)0) < 0)
626 		exit(EXIT_FAILURE);
627 }
628 
629 /*
630  * sulogin_getinput() - hacked from the standard PAM tty conversation
631  *			function getpassphrase() library version
632  *			so we can distinguish newline and EOF.
633  *		        also don't need this routine to give a prompt.
634  *
635  * returns the password string, or NULL if the used typed EOF.
636  */
637 
638 static char *
639 sulogin_getinput(char *devname, int echooff)
640 {
641 	struct termio	ttyb;
642 	int		c;
643 	FILE		*fi;
644 	static char	input[PASS_MAX + 1];
645 	void		(*saved_handler)();
646 	char		*rval = input;
647 	int		i = 0;
648 
649 	if ((fi = fopen(devname, "r")) == NULL) {
650 		fi = stdin;
651 	}
652 
653 	saved_handler = signal(SIGINT, SIG_IGN);
654 
655 	if (echooff) {
656 		ttyb = ttymodes;
657 		ttyb.c_lflag &= ~(ECHO | ECHOE | ECHONL);
658 		(void) ioctl(fileno(fi), TCSETAF, &ttyb);
659 	}
660 
661 	/* get characters up to PASS_MAX, but don't overflow */
662 	while ((c = getc(fi)) != '\n' && (c != '\r')) {
663 		if (c == EOF && i == 0) {	/* ^D, no input */
664 			rval = NULL;
665 			break;
666 		}
667 		if (i < PASS_MAX) {
668 			input[i++] = (char)c;
669 		}
670 	}
671 	input[i] = '\0';
672 	(void) fputc('\n', fi);
673 	if (echooff) {
674 		(void) ioctl(fileno(fi), TCSETAW, &ttymodes);
675 	}
676 
677 	if (saved_handler != SIG_ERR)
678 		(void) signal(SIGINT, saved_handler);
679 	return (rval == NULL ? NULL : strdup(rval));
680 }
681 
682 static char *
683 findttyname(int fd)
684 {
685 	char	*ttyn = ttyname(fd);
686 
687 	if (ttyn == NULL)
688 		ttyn = "/dev/???";
689 	else {
690 		/*
691 		 * /dev/syscon and /dev/systty are usually links to
692 		 * /dev/console.  prefer /dev/console.
693 		 */
694 		if (((strcmp(ttyn, "/dev/syscon") == 0) ||
695 		    (strcmp(ttyn, "/dev/systty") == 0)) &&
696 		    access("/dev/console", F_OK))
697 			ttyn = "/dev/console";
698 	}
699 	return (ttyn);
700 }
701 
702 static char *
703 stripttyname(char *ttyn)
704 {
705 	/* saw off the /dev/ */
706 	if (strncmp(ttyn, "/dev/", sizeof ("/dev/") -1) == 0)
707 		return (ttyn + sizeof ("/dev/") - 1);
708 	else
709 		return (ttyn);
710 }
711 
712 
713 /* ARGSUSED */
714 static	void
715 noop(int sig)
716 {
717 	/*
718 	 * This signal handler does nothing except return.  We use it
719 	 * as the signal disposition in this program instead of
720 	 * SIG_IGN so that we do not have to restore the disposition
721 	 * back to SIG_DFL. Instead we allow exec(2) to set the
722 	 * dispostion to SIG_DFL to avoid a race condition.
723 	 */
724 }
725 
726 /* ARGSUSED */
727 static void
728 parenthandler(int sig, siginfo_t *si, ucontext_t *uc)
729 {
730 	int i;
731 
732 	/*
733 	 * We get here if someone has successfully entered a password
734 	 * from the auxiliary console and is getting the single-user shell.
735 	 * When this happens, the parent needs to kill the children
736 	 * that didn't get the shell.
737 	 *
738 	 */
739 	for (i = 0; i < nchild; i++) {
740 		if (pidlist[i] != si->__data.__proc.__pid)
741 			(void) sigsend(P_PID, pidlist[i], SIGTERM);
742 	}
743 	sa.sa_handler = SIG_IGN;
744 	sa.sa_flags = 0;
745 	(void) sigemptyset(&sa.sa_mask);
746 	(void) sigaction(SIGINT, &sa, NULL);
747 	(void) sigaction(SIGQUIT, &sa, NULL);
748 	(void) sigaction(SIGTERM, &sa, NULL);
749 	(void) wait(NULL);
750 }
751 
752 /*
753  * The master pid will get SIGTERM or SIGHUP from init, and then
754  * has to make sure the shell isn't still running.
755  */
756 
757 /* ARGSUSED */
758 static	void
759 childcleanup(int sig)
760 {
761 	int i;
762 
763 	/* Only need to kill the child that became the shell. */
764 	for (i = 0; i < nchild; i++) {
765 		/* Don't kill gramps before his time */
766 		if (pidlist[i] != getppid())
767 			(void) sigsend(P_PID, pidlist[i], SIGHUP);
768 	}
769 }
770 
771 /* ARGSUSED */
772 static	void
773 termhandler(int sig)
774 {
775 	FILE *fi;
776 	pid_t pid;
777 
778 	/* Processes come here when they fail to receive the password. */
779 	if ((fi = fopen("/dev/tty", "r+")) == NULL)
780 		fi = stdin;
781 	else
782 		setbuf(fi, NULL);
783 	sanitize_tty(fileno(fi));
784 	/* If you're the controlling tty, then just wait */
785 	pid = getpid();
786 	if (pid == originalpid || pid == masterpid) {
787 		sa.sa_handler = SIG_IGN;
788 		sa.sa_flags = 0;
789 		(void) sigemptyset(&sa.sa_mask);
790 		(void) sigaction(SIGINT, &sa, NULL);
791 		(void) sigaction(SIGQUIT, &sa, NULL);
792 		sa.sa_handler = SIG_DFL;
793 		sa.sa_flags = 0;
794 		(void) sigemptyset(&sa.sa_mask);
795 		(void) sigaction(SIGTERM, &sa, NULL);
796 		(void) sigaction(SIGHUP, &sa, NULL);
797 		(void) wait(NULL);
798 	}
799 	exit(0);
800 }
801