1.2-dev #9
@@ -236,19 +236,18 @@ local function nextUID()
|
|||||||
return max + 1
|
return max + 1
|
||||||
end
|
end
|
||||||
|
|
||||||
function auth.login(username, password)
|
function auth.login(uid, password)
|
||||||
if type(username) ~= "string" or type(password) ~= "string" then
|
if type(uid) ~= "number" or type(password) ~= "string" then
|
||||||
return nil, "Authentication failure"
|
return nil, "Authentication failure"
|
||||||
end
|
end
|
||||||
|
|
||||||
local entry = getPasswdByUsername(username)
|
local entry = getPasswdByUID(uid)
|
||||||
if not entry then
|
if not entry then
|
||||||
-- timing attack resistance
|
-- timing attack resistance
|
||||||
hashPassword(password, "aaaaaaaaaaaaaaaa")
|
hashPassword(password, "aaaaaaaaaaaaaaaa")
|
||||||
return nil, "Authentication failure"
|
return nil, "Authentication failure"
|
||||||
end
|
end
|
||||||
|
|
||||||
local uid = tonumber(entry[1])
|
|
||||||
local sEntry = getShadowByUID(uid)
|
local sEntry = getShadowByUID(uid)
|
||||||
if not sEntry then
|
if not sEntry then
|
||||||
hashPassword(password, "aaaaaaaaaaaaaaaa")
|
hashPassword(password, "aaaaaaaaaaaaaaaa")
|
||||||
@@ -273,7 +272,7 @@ function auth.login(username, password)
|
|||||||
_task.egid = tonumber(entry[2]) or uid
|
_task.egid = tonumber(entry[2]) or uid
|
||||||
end
|
end
|
||||||
|
|
||||||
kernel.log("AUTH: login uid=" .. tostring(uid) .. " (" .. username .. ")")
|
kernel.log("AUTH: login uid=" .. tostring(uid) .. " (" .. getPasswdByUID(uid)[3] .. ")")
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
@@ -619,4 +618,4 @@ if kernel.syscalls then
|
|||||||
kernel.syscalls["setshell"] = auth.setShell
|
kernel.syscalls["setshell"] = auth.setShell
|
||||||
kernel.syscalls["sethomedir"] = auth.setHomedir
|
kernel.syscalls["sethomedir"] = auth.setHomedir
|
||||||
kernel.syscalls["setgid"] = auth.setGID
|
kernel.syscalls["setgid"] = auth.setGID
|
||||||
end
|
end
|
||||||
@@ -96,8 +96,8 @@ if kernel.firstBoot then
|
|||||||
{"sbin", REG, 0, 0, RWX_RX_RX},
|
{"sbin", REG, 0, 0, RWX_RX_RX},
|
||||||
{"tmp", REG, 0, 0, RWXRWXRWX},
|
{"tmp", REG, 0, 0, RWXRWXRWX},
|
||||||
{"usr", REG, 0, 0, RWX_RX_RX},
|
{"usr", REG, 0, 0, RWX_RX_RX},
|
||||||
{"var", REG, 0, 0, RWX_RX_RX},
|
{"var", REG, 0, 0, RWXRWXRWX},
|
||||||
{"opt", REG, 0, 0, RWXRWXRWX},
|
{"opt", REG, 0, 0, RWX_RX_RX},
|
||||||
})
|
})
|
||||||
|
|
||||||
mergeMeta("/bin", {
|
mergeMeta("/bin", {
|
||||||
|
|||||||
@@ -130,8 +130,9 @@ local function doLogin()
|
|||||||
|
|
||||||
syscall.write(1, "Password: ")
|
syscall.write(1, "Password: ")
|
||||||
local password = readLine("*")
|
local password = readLine("*")
|
||||||
|
local uid = syscall.getuidbyname(username)
|
||||||
local ok, err = syscall.login(username, password)
|
|
||||||
|
local ok, err = syscall.login(uid, password)
|
||||||
if ok then
|
if ok then
|
||||||
local uid = syscall.getuid()
|
local uid = syscall.getuid()
|
||||||
local pwent = syscall.getpasswd(uid)
|
local pwent = syscall.getpasswd(uid)
|
||||||
|
|||||||
@@ -9,7 +9,7 @@ local currentUid = syscall.getuid()
|
|||||||
|
|
||||||
local targetUid
|
local targetUid
|
||||||
if targetName then
|
if targetName then
|
||||||
targetUid = syscall.getuid(targetName)
|
targetUid = syscall.getuid()
|
||||||
if not targetUid then
|
if not targetUid then
|
||||||
print("passwd: user '" .. targetName .. "' does not exist")
|
print("passwd: user '" .. targetName .. "' does not exist")
|
||||||
syscall.exit(1); return
|
syscall.exit(1); return
|
||||||
@@ -36,7 +36,7 @@ if currentUid ~= 0 then
|
|||||||
if #cur > 0 then cur=cur:sub(1,-2); syscall.write(1,"\b \b") end
|
if #cur > 0 then cur=cur:sub(1,-2); syscall.write(1,"\b \b") end
|
||||||
else cur=cur..ch; syscall.write(1,"*") end
|
else cur=cur..ch; syscall.write(1,"*") end
|
||||||
end
|
end
|
||||||
local ok, err = syscall.elevate(targetName, cur)
|
local ok, err = syscall.login(targetUid, cur)
|
||||||
if not ok then
|
if not ok then
|
||||||
sleep(1)
|
sleep(1)
|
||||||
print("passwd: authentication failure")
|
print("passwd: authentication failure")
|
||||||
|
|||||||
@@ -1,7 +1,12 @@
|
|||||||
--:Minify:--
|
--:Minify:--
|
||||||
local targetUser = ({ ... })[1] or "root"
|
local targetUser = ({ ... })[1]
|
||||||
local currentUid = syscall.getuid()
|
local currentUid = syscall.getuid()
|
||||||
local targetUid = syscall.getuidbyname(targetUser)
|
local targetUid
|
||||||
|
if targetUser then
|
||||||
|
targetUid = syscall.getuidbyname(targetUser)
|
||||||
|
else
|
||||||
|
targetUid = 0
|
||||||
|
end
|
||||||
|
|
||||||
if not targetUid then
|
if not targetUid then
|
||||||
print("su: user '" .. targetUser .. "' does not exist")
|
print("su: user '" .. targetUser .. "' does not exist")
|
||||||
@@ -25,20 +30,21 @@ if currentUid ~= 0 then
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
local ok, err = syscall.elevate(targetUser, pw)
|
local ok, err = syscall.login(targetUid, pw)
|
||||||
if not ok then
|
if not ok then
|
||||||
sleep(1)
|
sleep(1)
|
||||||
print("su: Authentication failure")
|
print("su: Authentication failure")
|
||||||
syscall.exit(1)
|
syscall.exit(1)
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
else
|
||||||
|
syscall.setuid(targetUid)
|
||||||
end
|
end
|
||||||
|
|
||||||
syscall.setuid(targetUid)
|
|
||||||
|
|
||||||
local pwent = syscall.getpasswd(targetUid)
|
local pwent = syscall.getpasswd(targetUid)
|
||||||
local shell = (pwent and pwent.shell) or "/bin/hysh"
|
local shell = (pwent and pwent.shell) or "/bin/hysh"
|
||||||
local homedir = (pwent and pwent.homedir) or "/"
|
local homedir = (pwent and pwent.homedir) or "/"
|
||||||
|
local username= (pwent and pwent.username)or "Unknown"
|
||||||
|
|
||||||
local ok_cd, err_cd = pcall(syscall.chdir, homedir)
|
local ok_cd, err_cd = pcall(syscall.chdir, homedir)
|
||||||
if not ok_cd then
|
if not ok_cd then
|
||||||
@@ -46,11 +52,11 @@ if not ok_cd then
|
|||||||
syscall.chdir(homedir)
|
syscall.chdir(homedir)
|
||||||
end
|
end
|
||||||
syscall.setEnviron("HOME", homedir)
|
syscall.setEnviron("HOME", homedir)
|
||||||
syscall.setEnviron("USER", targetUser)
|
syscall.setEnviron("USER", username)
|
||||||
syscall.setEnviron("SHELL", shell)
|
syscall.setEnviron("SHELL", shell)
|
||||||
|
|
||||||
local ok, err = pcall(syscall.exec, shell)
|
local ok, err = pcall(syscall.exec, shell)
|
||||||
if not ok then
|
if not ok then
|
||||||
print("su: cannot exec shell '" .. shell .. "': " .. tostring(err))
|
print("su: cannot exec shell '" .. shell .. "': " .. tostring(err))
|
||||||
syscall.exit(1)
|
syscall.exit(1)
|
||||||
end
|
end
|
||||||
@@ -55,7 +55,7 @@ if currentUid ~= 0 then
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
local ok, err = syscall.elevate("root", pw)
|
local ok, err = syscall.login(0, pw)
|
||||||
if not ok then
|
if not ok then
|
||||||
sleep(1)
|
sleep(1)
|
||||||
print("sudo: Authentication failure")
|
print("sudo: Authentication failure")
|
||||||
|
|||||||
18
manifest.lua
18
manifest.lua
@@ -3,6 +3,8 @@
|
|||||||
--- @diagnostic disable: duplicate-set-field
|
--- @diagnostic disable: duplicate-set-field
|
||||||
syscall={}
|
syscall={}
|
||||||
|
|
||||||
|
--- @alias userinfo {username:string,homedir:string,shell:string,uid:number,gid:number}
|
||||||
|
|
||||||
--- Sets home directory of User with corresponding uid to homedir
|
--- Sets home directory of User with corresponding uid to homedir
|
||||||
--- @param uid integer
|
--- @param uid integer
|
||||||
--- @param homedir string
|
--- @param homedir string
|
||||||
@@ -164,7 +166,7 @@ syscall.setpassword=function(uid, newPassword) end
|
|||||||
|
|
||||||
--- Set environment variable
|
--- Set environment variable
|
||||||
--- @param key string
|
--- @param key string
|
||||||
--- @param value string
|
--- @param value any
|
||||||
--- @return boolean
|
--- @return boolean
|
||||||
syscall.setEnviron=function(key, value) end
|
syscall.setEnviron=function(key, value) end
|
||||||
|
|
||||||
@@ -197,7 +199,7 @@ syscall.exit=function(code) end
|
|||||||
|
|
||||||
--- Get environment variable
|
--- Get environment variable
|
||||||
--- @param key string
|
--- @param key string
|
||||||
--- @return string|nil
|
--- @return any
|
||||||
syscall.getEnviron=function(key) end
|
syscall.getEnviron=function(key) end
|
||||||
|
|
||||||
--- Continue a stopped task
|
--- Continue a stopped task
|
||||||
@@ -337,7 +339,7 @@ syscall.remove=function(path) end
|
|||||||
--- @return string|nil
|
--- @return string|nil
|
||||||
syscall.type=function(path) end
|
syscall.type=function(path) end
|
||||||
|
|
||||||
--- Elevate to another user with password
|
--- Elevate to root with password (Disabled due to VULN)
|
||||||
--- @param targetUsername string
|
--- @param targetUsername string
|
||||||
--- @param password string
|
--- @param password string
|
||||||
--- @return boolean
|
--- @return boolean
|
||||||
@@ -374,11 +376,11 @@ syscall.setusername=function(uid, newUsername) end
|
|||||||
--- @return integer
|
--- @return integer
|
||||||
syscall.geteuid=function() end
|
syscall.geteuid=function() end
|
||||||
|
|
||||||
--- Login user
|
--- Login as user
|
||||||
--- @param username string
|
--- @param uid integer
|
||||||
--- @param password string
|
--- @param password string
|
||||||
--- @return boolean
|
--- @return boolean
|
||||||
syscall.login=function(username, password) end
|
syscall.login=function(uid, password) end
|
||||||
|
|
||||||
--- Get system hostname
|
--- Get system hostname
|
||||||
--- @return string
|
--- @return string
|
||||||
@@ -514,9 +516,9 @@ syscall.access=function(path, mode) end
|
|||||||
--- Ignore current signal
|
--- Ignore current signal
|
||||||
syscall.sigignore=function() end
|
syscall.sigignore=function() end
|
||||||
|
|
||||||
--- Get user password hash
|
--- Get user information
|
||||||
--- @param uid integer
|
--- @param uid integer
|
||||||
--- @return string|nil
|
--- @return userinfo|nil
|
||||||
syscall.getpasswd=function(uid) end
|
syscall.getpasswd=function(uid) end
|
||||||
|
|
||||||
--- Get OS version
|
--- Get OS version
|
||||||
|
|||||||
Reference in New Issue
Block a user