shell: Use crypt_r() in rtems_shell_login_check()

Use '*" to disable shell login instead of '!' according to the Linux man
page.  Use getpwnam_r() instead of getpwnam().  Do not access the user
environment directly.  Update the user environment only after a
successful login check.

cpukit/libmisc/shell/login_check.c

@@ -5,10 +5,10 @@
  */
 
 /*
- * Copyright (c) 2009 embedded brains GmbH and others.
+ * Copyright (c) 2009-2014 embedded brains GmbH and others.
  *
  * embedded brains GmbH
- * Obere Lagerstr. 30
+ * Dornierstr. 4
  * D-82178 Puchheim
  * Germany
  * <rtems@embedded-brains.de>
@@ -30,36 +30,53 @@
 #include <unistd.h>
 #include <pwd.h>
 #include <string.h>
+#include <crypt.h>
 
 #include <rtems/shell.h>
-#include <rtems/userenv.h>
 
 bool rtems_shell_login_check(
   const char *user,
   const char *passphrase
 )
 {
-  struct passwd *pw = getpwnam( user);
+  char buf[256];
+  struct passwd *pw_res;
+  struct passwd pw;
+  int eno;
+  bool ok;
+
+  eno = getpwnam_r(user, &pw, &buf[0], sizeof(buf), &pw_res);
 
   /* Valid user? */
-  if (pw != NULL && strcmp( pw->pw_passwd, "!") != 0) {
+  if (eno == 0 && strcmp(pw.pw_passwd, "*") != 0) {
-    rtems_shell_env_t *env = rtems_shell_get_current_env();
+    if (strcmp(pw.pw_passwd, "") == 0) {
-    setuid( pw->pw_uid);
+      ok = true;
-    setgid( pw->pw_gid);
+    } else if (strcmp(pw.pw_passwd, "x") == 0) {
-    rtems_current_user_env->euid = 0;
-    rtems_current_user_env->egid = 0;
-    if (env)
-      chown( env->devname, pw->pw_uid, 0);
-    rtems_current_user_env->euid = pw->pw_uid;
-    rtems_current_user_env->egid = pw->pw_gid;
-    if (strcmp( pw->pw_passwd, "*") == 0) {
       /* TODO: /etc/shadow */
-      return true;
+      ok = false;
     } else {
-      /* TODO: crypt() */
+      struct crypt_data data;
-      return true;
+      char *s;
+
+      s = crypt_r(passphrase, pw.pw_passwd, &data);
+      ok = strcmp(s, pw.pw_passwd) == 0;
     }
+  } else {
+    ok = false;
   }
 
-  return false;
+  if (ok) {
+    rtems_shell_env_t *env = rtems_shell_get_current_env();
+
+    if (env != NULL) {
+      chown(env->devname, pw.pw_uid, 0);
+    }
+
+    setuid(pw.pw_uid);
+    setgid(pw.pw_gid);
+    seteuid(pw.pw_uid);
+    setegid(pw.pw_gid);
+  }
+
+  return ok;
 }

testsuites/libtests/Makefile.am

@@ -1,6 +1,7 @@
 ACLOCAL_AMFLAGS = -I ../aclocal
 
 _SUBDIRS = POSIX
+_SUBDIRS += shell01
 _SUBDIRS += pwdgrp01
 _SUBDIRS += crypt01
 _SUBDIRS += sha

testsuites/libtests/configure.ac

@@ -66,6 +66,7 @@ AS_IF([test x"$HAVE_LIBDL" = x"yes"],[
 
 # Explicitly list all Makefiles here
 AC_CONFIG_FILES([Makefile
+shell01/Makefile
 pwdgrp01/Makefile
 crypt01/Makefile
 sha/Makefile

testsuites/libtests/shell01/Makefile.am

@@ -0,0 +1,19 @@
+rtems_tests_PROGRAMS = shell01
+shell01_SOURCES = init.c
+
+dist_rtems_tests_DATA = shell01.scn shell01.doc
+
+include $(RTEMS_ROOT)/make/custom/@RTEMS_BSP@.cfg
+include $(top_srcdir)/../automake/compile.am
+include $(top_srcdir)/../automake/leaf.am
+
+AM_CPPFLAGS += -I$(top_srcdir)/../support/include
+
+LINK_OBJS = $(shell01_OBJECTS)
+LINK_LIBS = $(shell01_LDLIBS)
+
+shell01$(EXEEXT): $(shell01_OBJECTS) $(shell01_DEPENDENCIES)
+	@rm -f shell01$(EXEEXT)
+	$(make-exe)
+
+include $(top_srcdir)/../automake/local.am

testsuites/libtests/shell01/init.c

@@ -0,0 +1,145 @@
+/*
+ * Copyright (c) 2014 embedded brains GmbH.  All rights reserved.
+ *
+ *  embedded brains GmbH
+ *  Dornierstr. 4
+ *  82178 Puchheim
+ *  Germany
+ *  <rtems@embedded-brains.de>
+ *
+ * The license and distribution terms for this file may be
+ * found in the file LICENSE in this distribution or at
+ * http://www.rtems.org/license/LICENSE.
+ */
+
+#ifdef HAVE_CONFIG_H
+  #include "config.h"
+#endif
+
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
+#include <stdio.h>
+#include <unistd.h>
+
+#include <rtems/shell.h>
+
+#include "tmacros.h"
+
+const char rtems_test_name[] = "SHELL 1";
+
+static void create_file(const char *name, const char *content)
+{
+  FILE *fp;
+  int rv;
+
+  fp = fopen(name, "wx");
+  rtems_test_assert(fp != NULL);
+
+  rv = fputs(content, fp);
+  rtems_test_assert(rv == 0);
+
+  rv = fclose(fp);
+  rtems_test_assert(rv == 0);
+}
+
+static void test(void)
+{
+  bool ok;
+  int rv;
+
+  rv = mkdir("/etc", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+  rtems_test_assert(rv == 0);
+
+  create_file(
+    "/etc/passwd",
+    "moop:foo:1:3:blob:a::c\n"
+    "no:*:2:4::::\n"
+    "zero::3:5::::\n"
+    "shadow:x:4:6::::\n"
+  );
+
+  create_file(
+    "/etc/group",
+    "A::1:moop,u,v,w,zero\n"
+    "B::2:moop\n"
+    "blub:bar:3:moop\n"
+    "C::4:l,m,n,moop\n"
+    "D::5:moop,moop\n"
+    "E::6:x\n"
+    "E::7:y,z\n"
+    "F::8:s,moop,t\n"
+  );
+
+  rv = setuid(0);
+  rtems_test_assert(rv == 0);
+
+  rv = seteuid(0);
+  rtems_test_assert(rv == 0);
+
+  ok = rtems_shell_login_check("inv", NULL);
+  rtems_test_assert(!ok);
+
+  ok = rtems_shell_login_check("no", NULL);
+  rtems_test_assert(!ok);
+
+  ok = rtems_shell_login_check("shadow", NULL);
+  rtems_test_assert(!ok);
+
+  ok = rtems_shell_login_check("moop", "false");
+  rtems_test_assert(!ok);
+
+  rtems_test_assert(getuid() == 0);
+  rtems_test_assert(geteuid() == 0);
+  rtems_test_assert(getgid() == 0);
+  rtems_test_assert(getegid() == 0);
+
+  ok = rtems_shell_login_check("zero", NULL);
+  rtems_test_assert(ok);
+  rtems_test_assert(getuid() == 3);
+  rtems_test_assert(geteuid() == 3);
+  rtems_test_assert(getgid() == 5);
+  rtems_test_assert(getegid() == 5);
+
+  ok = rtems_shell_login_check("moop", "foo");
+  rtems_test_assert(ok);
+  rtems_test_assert(getuid() == 1);
+  rtems_test_assert(geteuid() == 1);
+  rtems_test_assert(getgid() == 3);
+  rtems_test_assert(getegid() == 3);
+}
+
+static void Init(rtems_task_argument arg)
+{
+  TEST_BEGIN();
+
+  test();
+
+  TEST_END();
+  rtems_test_exit(0);
+}
+
+#define CONFIGURE_APPLICATION_DOES_NOT_NEED_CLOCK_DRIVER
+#define CONFIGURE_APPLICATION_NEEDS_CONSOLE_DRIVER
+
+#define CONFIGURE_USE_IMFS_AS_BASE_FILESYSTEM
+
+#define CONFIGURE_LIBIO_MAXIMUM_FILE_DESCRIPTORS 4
+
+#define CONFIGURE_MAXIMUM_TASKS 1
+#define CONFIGURE_MAXIMUM_POSIX_KEYS 1
+#define CONFIGURE_MAXIMUM_POSIX_KEY_VALUE_PAIRS 1
+
+#define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION
+
+#define CONFIGURE_RTEMS_INIT_TASKS_TABLE
+
+#define CONFIGURE_INIT
+
+#include <rtems/confdefs.h>
+
+#define CONFIGURE_SHELL_COMMANDS_INIT
+
+#include <rtems/shellconfig.h>

testsuites/libtests/shell01/shell01.doc

@@ -0,0 +1,11 @@
+This file describes the directives and concepts tested by this test set.
+
+test set name: shell01
+
+directives:
+
+  - rtems_shell_login_check
+
+concepts:
+
+  - Ensure that rtems_shell_login_check() works as expected.

testsuites/libtests/shell01/shell01.scn

@@ -0,0 +1,2 @@
+*** BEGIN OF TEST SHELL 1 ***
+*** END OF TEST SHELL 1 ***

testsuites/samples/fileio/init.c

@@ -13,6 +13,7 @@
 
 #define CONFIGURE_INIT
 #include "system.h"
+#include <crypt.h>
 #include <stdio.h>
 #include <string.h>
 #include <unistd.h>
@@ -641,10 +642,11 @@ static void fileio_start_shell(void)
   writeFile(
     "/etc/passwd",
     0644,
-    "root:7QR4o148UPtb.:0:0:root::/:/bin/sh\n"
+    "root:$6$$FuPOhnllx6lhW2qqlnmWvZQLJ8Thr/09I7ESTdb9VbnTOn5.65"
-    "rtems:*:1:1:RTEMS Application::/:/bin/sh\n"
+      "/Vh2Mqa6FoKXwT0nHS/O7F0KfrDc6Svb/sH.:0:0:root::/:/bin/sh\n"
-    "test:8Yy.AaxynxbLI:2:2:test account::/:/bin/sh\n"
+    "rtems::1:1:RTEMS Application::/:/bin/sh\n"
-    "tty:!:3:3:tty owner::/:/bin/false\n"
+    "test:$1$$oPu1Xt2Pw0ngIc7LyDHqu1:2:2:test account::/:/bin/sh\n"
+    "tty:*:3:3:tty owner::/:/bin/false\n"
   );
   writeFile(
     "/etc/group",
@@ -1225,6 +1227,9 @@ Init (rtems_task_argument ignored)
 
   TEST_BEGIN();
 
+  crypt_add_format(&crypt_md5_format);
+  crypt_add_format(&crypt_sha512_format);
+
   status = rtems_shell_wait_for_input(
     STDIN_FILENO,
     20,