[Patch]: SysRQ password protection and such for 2.1.10{7,8pre1}.

Myrdraal (myrdraal@jackalz.dyn.ml.org)
Sun, 28 Jun 1998 15:45:27 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Myrdraal: "[Patch]: SysRQ password protection and such for 2.1.10{7,8pre1}."
Previous message: Rik van Riel: "Re: egcs-1.0.3a weirdness with lynx-2.8 on v2.1.107"

--dkEUBIird37B8yKS
Content-Type: text/plain; charset=us-ascii

Hi,
I forgot to attach the patch again. This is becoming a habit.
-Myrdraal

-- 
Linux jackalz 2.1.108 #77 Sat Jun 27 00:55:49 EDT 1998 i486
3:45pm  up 1 day, 14:15, 16 users,  load average: 0.00, 0.00, 0.00

--dkEUBIird37B8yKS
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="sysrq-2.1.108pre1.diff"

diff -ur linpatch/drivers/char/keyboard.c linux/drivers/char/keyboard.c
--- linpatch/drivers/char/keyboard.c	Sun Jun 28 11:41:37 1998
+++ linux/drivers/char/keyboard.c	Sun Jun 28 13:52:33 1998
@@ -150,7 +150,7 @@
 struct pt_regs * kbd_pt_regs;
 
 #ifdef CONFIG_MAGIC_SYSRQ
-static int sysrq_pressed;
+extern int sysrq_pressed;
 #endif
 
 /*
diff -ur linpatch/drivers/char/sysrq.c linux/drivers/char/sysrq.c
--- linpatch/drivers/char/sysrq.c	Thu Jun 25 01:10:11 1998
+++ linux/drivers/char/sysrq.c	Sun Jun 28 14:55:47 1998
@@ -6,6 +6,9 @@
  *
  *	(c) 1997 Martin Mares <mj@atrey.karlin.mff.cuni.cz>
  *	based on ideas by Pavel Machek <pavel@atrey.karlin.mff.cuni.cz>
+ *
+ * [Sun Jun 28 14:53:44 EDT 1998]
+ * Password authentication added by Myrdraal <myrdraal@deathsdoor.com>
  */
 
 #include <linux/config.h>
@@ -22,6 +25,7 @@
 #include <linux/quotaops.h>
 #include <asm/ptrace.h>
 #include <asm/smp_lock.h>
+#include <linux/string.h>
 
 #ifdef CONFIG_APM
 #include <linux/apm_bios.h>
@@ -32,6 +36,23 @@
 extern int console_loglevel;
 extern struct vfsmount *vfsmntlist;
 
+/* Is sysrq pressed? (moved out of keyboard.c) */
+int sysrq_pressed = 0;
+/* Are we authenticated to use sysrq? */
+int sysrq_authenticated = 0;
+/* Is sysrq enabled? */
+int sysctl_sysrq_enable = 1;
+/* Do we require authentication to use sysrq? */
+int sysctl_sysrq_secure = 0;
+/* The password we require to use sysrq if sysrq_secure is set. */
+char sysctl_sysrq_password[64] = "";
+/* Our current position reading the password. */
+int sysrq_passpos = 0;
+/* They blew it. (Incorrect password.) */
+int sysrq_blewit = 0;
+/* We're waiting for the user to type 'password<ENTER>'. */
+int sysrq_authenticating = 0;
+
 /* Send a signal to all user processes */
 
 static void send_sig_all(int sig, int even_init)
@@ -47,6 +68,52 @@
 	}
 }
 
+/* Are we authenticated to perform a sysrq command? */
+int is_authenticated(void) {
+	if (!sysrq_authenticated && sysctl_sysrq_secure) {
+		/* Obviously we must not have authentication. */
+ 	printk("SysRq: You are not authenticated to use that SysRQ command.\n");
+		return 0;
+	} else {
+		/* Full speed ahead. */
+		sysrq_authenticated=0;
+		return 1;
+	}
+}
+
+/* Process in one character of the password. */
+void read_password_char(int key) {
+	if (key=='\r') {
+		/* They hit ENTER. */
+		if (sysrq_blewit || sysrq_passpos<strlen(sysctl_sysrq_password)) {
+			/* They typed incorrect characters, or they typed in a different
+			 * number of characters than the password contains. */
+			sysrq_authenticated=0;
+			printk("SysRq: Incorrect password. You are not authenticated.\n");
+		} else {
+			/* They typed in the correct password. */
+			printk("SysRq: Close enough. You are authenticated.\n");
+			sysrq_authenticated=1;
+		}
+		/* Now we reset everything (except sysrq_authenticated.) and return.*/
+		sysrq_authenticating=0;
+		sysrq_blewit=0;
+		sysrq_passpos=0;
+		return;
+	}
+	if (sysctl_sysrq_password[sysrq_passpos]=='\0') {
+		/* It appears that they typed in too many characters. */
+		sysrq_blewit=1;
+		return;
+	}
+	if (sysctl_sysrq_password[sysrq_passpos]!=key) {
+		/* They typed in character that wasn't in the password. */
+		sysrq_blewit=1;
+	}
+	/* Onward to the next position. */
+	sysrq_passpos++;
+}
+
 /*
  * This function is called by the keyboard handler when SysRq is pressed
  * and any other keycode arrives.
@@ -57,9 +124,31 @@
 {
 	int orig_log_level = console_loglevel;
 
-	if (!key)
+	if (!key || !sysctl_sysrq_enable)
 		return;
-
+	
+	if (sysrq_authenticating) {
+		/* Since we're in authenticate mode, we process each character that the
+		 * user types with the sysrq combination. */
+		read_password_char(key);
+		/* We don't need to do any more now. */
+		return;
+	}
+	if (key=='n' && sysctl_sysrq_secure) {
+		/* They hit the 'autheNticate' combo. */
+		printk("SysRq: You need to enter your password now. Remember to hold\n");
+		printk("SysRq: the sysrq sequence as you type it, including the ENTER.\n");
+		/* We prepare to authenticate. */
+		sysrq_authenticating=1;
+		sysrq_passpos=0;
+		sysrq_authenticated=0;
+		sysrq_blewit=0;
+		/* And we exit so they can start typing in the password. */
+		return;
+	}
+	if (!is_authenticated())
+		return;
+	
 	console_loglevel = 7;
 	printk(KERN_INFO "SysRq: ");
 	switch (key) {
@@ -128,6 +217,8 @@
 		orig_log_level = 8;
 		break;
 	default:					    /* Unknown: help */
+		if (sysctl_sysrq_secure)
+			printk("autheNticate ");
 		if (kbd)
 			printk("unRaw ");
 		if (tty)
diff -ur linpatch/include/linux/sysctl.h linux/include/linux/sysctl.h
--- linpatch/include/linux/sysctl.h	Thu Jun 25 01:09:30 1998
+++ linux/include/linux/sysctl.h	Sun Jun 28 14:10:40 1998
@@ -369,6 +369,11 @@
 };
 
 /* CTL_DEBUG names: */
+enum {
+	DEBUG_SYSRQ_ENABLE = 1,
+	DEBUG_SYSRQ_PASSWORD,
+	DEBUG_SYSRQ_SECURE,
+};
 
 /* CTL_DEV names: */
 enum {
diff -ur linpatch/kernel/sysctl.c linux/kernel/sysctl.c
--- linpatch/kernel/sysctl.c	Thu Jun 25 01:10:37 1998
+++ linux/kernel/sysctl.c	Sun Jun 28 14:55:07 1998
@@ -41,6 +41,11 @@
 extern int bdf_prm[], bdflush_min[], bdflush_max[];
 extern char binfmt_java_interpreter[], binfmt_java_appletviewer[];
 extern int sysctl_overcommit_memory;
+#ifdef CONFIG_MAGIC_SYSRQ
+extern int sysctl_sysrq_enable;
+extern int sysctl_sysrq_secure;
+extern char sysctl_sysrq_password[];
+#endif
 #ifdef CONFIG_KMOD
 extern char modprobe_path[];
 #endif
@@ -236,6 +241,14 @@
 };
 
 static ctl_table debug_table[] = {
+#ifdef CONFIG_MAGIC_SYSRQ
+	{DEBUG_SYSRQ_PASSWORD, "sysrq_password", &sysctl_sysrq_password, 64,
+	 0600, NULL, &proc_dostring, &sysctl_string},
+	{DEBUG_SYSRQ_ENABLE, "sysrq_enable", &sysctl_sysrq_enable, sizeof(int),
+	 0644, NULL, &proc_dointvec},
+	{DEBUG_SYSRQ_SECURE, "sysrq_secure", &sysctl_sysrq_secure, sizeof(int),
+	 0644, NULL, &proc_dointvec},
+#endif
 	{0}
 };
 

--dkEUBIird37B8yKS--

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Myrdraal: "[Patch]: SysRQ password protection and such for 2.1.10{7,8pre1}."
Previous message: Rik van Riel: "Re: egcs-1.0.3a weirdness with lynx-2.8 on v2.1.107"