sulogin - single-user login program (Enhanced Security)
The sulogin program is run by the init process on the console terminal when entering single-user mode. The sulogin program checks the system configuration to determine whether entering single-user mode requires entering the root password. If it does not, then sulogin execs /sbin/sh with its argv set to "-". That same exec is also done if the root password is correctly entered.
The decision to enter the single-user mode depends on the state of the system configuration files. If the files cannot be read, then defaults are assumed (as described below). Therefore, the loss of a configuration file does not prevent access to the system console for repairing the problem.
The sulogin program first checks the /etc/rc.config file for a the SECURE_CONSOLE variable. If such a variable is present, and it is set to a true value (either "TRUE", "ON", "YES", or "1"), then the program asks for the root password. The value of the SECURE_CONSOLE variable is checked in a case-independent fashion, and only a minimal match is necessary. Thus, the value is really checked against the following regular expression:
If the SECURE_CONSOLE variable is present, but does not have one of the true values, then sulogin does not ask for the root password, but simply execs /sbin/sh as previously described.
If the SECURE_CONSOLE variable is not found in the /etc/rc.config file, or if that file is missing or unreadable, then an attempt is made to obtain the value of the console firmware setting of the SECURE variable, using the GSI_PROM_ENV function of the getsysinfo() system call. If the check determines the console commands are password- protected, the sulogin program requests the root password.
If sulogin has made the decision to request the root password, it also determines whether BASE or ENHANCED security should be used to validate that password. This is done using the value of the SECURITY variable from the /etc/rc.config file, unless that file was not readable, in which case the /etc/sia/matrix.conf file is read, looking for a line beginning with the string "siad_ses_init=", and containing either "(OSFC2," or "(BSD,". If the /etc/rc.config file was readable, but the SECURITY variable was not set, then BASE security is assumed. (This is how the /sbin/init.d/security script initializes the /etc/sia/matrix.conf file, as well). If the /etc/rc.config file can not be read and the /etc/sia/matrix.conf file either can not be read or does not have an appropriate siad_ses_init line, then the sulogin program checks to see whether the /etc/passwd file contains a valid entry for root and whether the getespwnam("root") function returns a valid extended profile. If both profile entries exist, but only one has a valid encrypted password field, that profile (and thus that security policy) is used. If both passwords are valid, the BASE security policy is used.
Once the sulogin program has determined which security policy to use, it checks whether that policy has a valid account entry for user root (if not already checked while determining which policy to use), and whether that entry has a password that can be matched. If the password is impossible to match, or if no valid root profile exists, then sulogin prints a warning and execs /sbin/sh as previously described. For BASE security, a null encrypted password field for root causes the program to exec /sbin/sh without complaining.
If there is a matchable root password, sulogin prints out "Single-user root login" and prompts for the password. If the entered password does not match (after the appropriate encryption if non-null), the program waits for 5 seconds (to deter break-in attempts, displays "Sorry", and re-prompts. If the program is interrupted or receives and end-of-file condition while attempting to read a password from the console terminal, it simply exits. This normally causes init to enter multi-user mode (It depends on system configuration information in /etc/inittab, specifically the entry marked with "initdefault", which ships at run-level "3"). This may also cause init to prompt for a run level, or to restart the sulogin program.
Finally, if a password was collected, and it did match, the exec of /sbin/sh is done. If that exec fails, the reason for the failure is displayed, and the program sleeps for 5 seconds before exiting. Upon exiting control of the console is returned to the init process, as previously described for interrupt or end-of-file.
login(1), getpwnam(3), getespwnam(3), dispcrypt(3), matrix.conf(4), init(8)
Security delim off