Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!zaphod.mps.ohio-state.edu!cis.ohio-state.edu!ucbvax!AEDC-VAX.AF.MIL!mcdonald
From: mcdonald@AEDC-VAX.AF.MIL
Newsgroups: comp.sys.sgi
Subject: Re: Graphics Console Woes
Message-ID: <9106251258.AA09539@ccfiris.aedc>
Date: 25 Jun 91 12:58:07 GMT
References: <9106250455.AA07119@gsusgi1.gsu.edu>
Sender: daemon@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 131

In response to Randy Carpenter:
>
>
>I've talked to a couple of SGI folks about this one and they say:
>"It can't be done.".   Tell me it ain't so... 
>
>We have a 4d/280gtx that we use for a graphics class (as well as some
>general-purpose UNIX stuff) here at the University. Unfortunately, 
>we don't have any PI's, and the way our funds look now we probably
>won't be getting any for some time :(.  So, we need to open the
>graphics console up to the class by putting it in a public area 
>like our student computer lab (so it can be available 24 hours a
>day).  This will all work ok...until the system goes down for some 
>reason and thus displays the System Maintenance Menu on the graphics 
>console, whereby a clever student can proceed to boot the system in
>single-user mode and change my root password.  Doing a...
>
>           setenv console d 
>
>...in the PROM Monitor doesn't help because you lose the graphics
>monitor altogether.
>
>Can we we make /dev/ttyd1 the full-time console and have a graphics
>monitor at the same time?  
>
>======================================================================
>Randy Carpenter                                       rcarpent@gsu.edu
>Georgia State University      "mother."               (404) 651-2648
>Wells Computer Center             - W. E. Coyote
>


You could invoke the following program in /.login which will execute when
root logs in.  It asks for the root password if the runstate of the computer
is not multi-user.  Look at the comment above XXXX in the source code.

-----------------------------------<cut>--------------------------------------
#include <stdio.h>
#include <signal.h>
#include <pwd.h>
#include <stdlib.h>

int getPassword(argv)
char *argv[];
{
#define PASSLENGTH 20
    char        buffer[PASSLENGTH];
    char        rootpass[PASSLENGTH];
    char	altrootpass[PASSLENGTH];
    char        cmd[100];
    char	runstate[10];
    char 	*pss,*getpass();
    struct passwd *pw;
    char	*info = "Please enter the ROOT password to continue: ";
    FILE 	*fp;
    int		done=0,count=0;

/* REPLACE XXXX WITH THE ENCRYPTED ALTERNATE MAINTENANCE PASSWORD */
/* JUST CLIP THE CURRENT ROOT PASSWORD FROM /etc/passwd IS OK */

    strcpy(altrootpass,"XXXX");
    sprintf (cmd,"/bin/who -r | /usr/bin/tr -s \" \" \" \" 2> /dev/null | /usr/bin/cut -d\" \" -f4 2> /dev/null\0");
    if ((fp = popen (cmd,"r")) == NULL) {
       printf ("error: %s executing runstate command\n",argv[0]);
       return(0);
    }
    fgets (runstate,sizeof(runstate),fp);
    runstate[strlen(runstate)-1] = '\0'; 
    if (strcmp(runstate,"2")==0) {
       printf ("runstate: multi-user\n");
       return(1);
    }
    else printf ("runstate: not multi-user\n");
    pw = getpwuid(0);
    strcpy(rootpass, pw->pw_passwd);
    while (!done) {
        pss = getpass(info);
        strcpy(buffer,pss);
        done = !(strcmp(crypt(buffer, rootpass), rootpass) && strcmp(crypt(buffer,altrootpass), altrootpass));
        count++;
        if (!done && count==3) {
           printf ("Runstate not multi-user & you don't seem to know the password!\n");
           printf ("Last chance to enter the root password or alternate maintenance password!\n");
           pss = getpass(info);
           strcpy(buffer,pss);
           done = !(strcmp(crypt(buffer, rootpass), rootpass) && strcmp(crypt(buffer,altrootpass), altrootpass));
           if (done)
              return(1);
           else
              return(0);
        }
    }
    return(1);
}

void main(argc,argv)
int argc;
char *argv[];
{
   int retval;

   if (getuid()) {
      printf ("You must be ROOT to run this program\n");
      exit(1);
   }
   signal (SIGINT, SIG_IGN);
   signal (SIGQUIT, SIG_IGN);
   signal (SIGSEGV, SIG_IGN);
   signal (SIGHUP, SIG_IGN);
   signal (SIGABRT, SIG_IGN);
   signal (SIGTSTP, SIG_IGN);
   retval = getPassword(argv);
   if (!retval) {
      printf ("ZAPP!\n");
      system ("/etc/init 0");
   }
   else
      printf ("AOK...here we go!\n");
}
-----------------------------------<cut>--------------------------------------


  vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
  | Kenneth M. McDonald * OAO Corp * Arnold Engineering Development Center |
  |          MS 120 * Arnold AFS, TN 37389-9998 * (615) 454-3413           |
  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  INTERNET:
  mcdonald@aedc-vax.af.mil

  LOCAL:
  c60244@ccfiris