system: a bit more magic to keep things from breaking; closes #2154

src/etc/config.xml.sample

@@ -204,7 +204,6 @@
       <groupname>admins</groupname>
       <password>$2b$10$YRVoF4SgskIsrXOvOQjGieB9XqHPRra9R7d80B3BZdbY/j21TwBfS</password>
       <uid>0</uid>
-      <shell>/bin/csh</shell>
     </user>
     <nextuid>2000</nextuid>
     <nextgid>2000</nextgid>

src/etc/inc/auth.inc

@@ -356,16 +356,21 @@ function userHasPrivilege($userent, $privid = false)
     return true;
 }
 
-function auth_get_shells()
+function auth_get_shells($uid = 0)
 {
     $shells = array('' => '/sbin/nologin');
 
+    if ($uid == 0) {
+        $shells = array('' => '/usr/local/etc/rc.initial');
+    }
+
     $etc_shells = @file_get_contents('/etc/shells');
     if (!empty($etc_shells)) {
         $etc_shells = explode("\n", $etc_shells);
         foreach ($etc_shells as $shell) {
             $shell = trim($shell);
-            if (!empty($shell) && strpos($shell, '#') !== 0) {
+            if (!empty($shell) && strpos($shell, '#') !== 0 &&
+                strpos($shell, '/usr/local/etc/rc') !== 0) {
                 $shells[$shell] = $shell;
             }
         }
@@ -440,14 +445,21 @@ function local_user_set(&$user, $force_password = false)
         return;
     }
 
-    $user_uid = $user['uid'];
-    $user_name = $user['name'];
     $user_pass = $user['password'];
-    $user_home = "/home/{$user_name}";
-    $user_shell = isset($user['shell']) ? $user['shell'] : '/sbin/nologin';
-    $user_group = 'nobody';
+    $user_name = $user['name'];
+    $user_uid = $user['uid'];
     $lock_account = 'lock';
 
+    if ($user_uid == 0) {
+        $user_shell = isset($user['shell']) ? $user['shell'] : '/usr/local/etc/rc.initial';
+        $user_group = 'wheel';
+        $user_home = '/root';
+    } else {
+        $user_shell = isset($user['shell']) ? $user['shell'] : '/sbin/nologin';
+        $user_home = "/home/{$user_name}";
+        $user_group = 'nobody';
+    }
+
     @mkdir('/home', 0755);
 
     /* admins access gives wheely rights */
@@ -465,12 +477,6 @@ function local_user_set(&$user, $force_password = false)
         $user_pass = '*';
     }
 
-    /* root user special handling */
-    if ($user_uid == 0) {
-        $user_shell = isset($user['shell']) ? $user['shell'] : '/usr/local/etc/rc.initial';
-        $user_group = 'wheel';
-        $user_home = '/root';
-    }
 
     /* read from pw db */
     $fd = popen("/usr/sbin/pw usershow -n {$user_name} 2>&1", "r");

src/etc/rc.importer

@@ -27,6 +27,11 @@
 INSTALL="/.probe.for.install.media"
 MNT="/tmp/hdrescue"
 
+if [ "$(id -u)" != "0" ]; then
+	echo "Must be root."
+	exit 1
+fi
+
 bootstrap_and_exit()
 {
 	# ensure config directory structure

src/etc/rc.initial

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2014-2017 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2014-2018 Franco Fichtner <franco@opnsense.org>
 # Copyright (c) 2004-2011 Scott Ullrich <sullrich@gmail.com>
 # Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>
 # All rights reserved.
@@ -9,6 +9,11 @@
 trap : 2
 trap : 3
 
+if [ "$(id -u)" != "0" ]; then
+	echo "Must be root."
+	exit 1
+fi
+
 # shell started with parameters, passthrough to real shell
 if [ -n "${*}" ]; then
 	/bin/csh "${@}"

src/etc/rc.initial.password

@@ -76,6 +76,9 @@ if (isset($argv[2]) && isset($argv[3]) && $argv[2] === '-h' && $argv[3] === '0')
     if (isset($admin_user['disabled'])) {
         unset($admin_user['disabled']);
     }
+    if (isset($admin_user['shell'])) {
+        unset($admin_user['shell']);
+    }
 
     echo "new password for user {$admin_user['name']}:";
     shell_exec('/bin/stty -echo');
@@ -127,6 +130,9 @@ $admin_user['name'] = 'root';
 if (isset($admin_user['disabled'])) {
     unset($admin_user['disabled']);
 }
+if (isset($admin_user['shell'])) {
+    unset($admin_user['shell']);
+}
 
 echo "\nType a new password: ";
 

src/etc/rc.installer

@@ -1,6 +1,6 @@
 #!/bin/sh
 
-# Copyright (c) 2014-2017 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2014-2018 Franco Fichtner <franco@opnsense.org>
 # Copyright (c) 2004-2009 Scott Ullrich <sullrich@gmail.com>
 #
 # Redistribution and use in source and binary forms, with or without
@@ -24,6 +24,11 @@
 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 # POSSIBILITY OF SUCH DAMAGE.
 
+if [ "$(id -u)" != "0" ]; then
+	echo "Must be root."
+	exit 1
+fi
+
 sysctl kern.geom.debugflags=16 >/dev/null
 sysctl net.link.ether.inet.log_arp_wrong_iface=0 >/dev/null
 

src/www/system_usermanager.php

@@ -76,7 +76,6 @@ function get_user_privdesc(& $user)
     return $privs;
 }
 
-// link user section
 $a_user = &config_read_array('system', 'user');
 
 // reset errors and action
@@ -95,7 +94,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
     }
     if ($act == "expcert" && isset($id)) {
         // export certificate
-        $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
+        $cert = &lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
 
         $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.crt");
         $exp_data = base64_decode($cert['crt']);
@@ -108,7 +107,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
         exit;
     } elseif ($act == "expckey" && isset($id)) {
         // export private key
-        $cert =& lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
+        $cert = &lookup_cert($a_user[$id]['cert'][$_GET['certid']]);
         $exp_name = urlencode("{$a_user[$id]['name']}-{$cert['descr']}.key");
         $exp_data = base64_decode($cert['prv']);
         $exp_size = strlen($exp_data);
@@ -304,7 +303,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'GET') {
             }
         }
 
-        if (count($input_errors)==0) {
+        if (!empty($pconfig['shell']) && !in_array($pconfig['shell'], auth_get_shells(isset($id) ? $a_user[$id]['uid'] : $config['system']['nextuid']))) {
+            $input_errors[] = gettext('Invalid login shell provided.');
+        }
+
+        if (!count($input_errors)) {
             $userent = array();
 
             if (isset($id)) {
@@ -646,8 +649,8 @@ $( document ).ready(function() {
                     <td>
                       <select name="shell" class="selectpicker" data-style="btn-default">
 <?php
-                      foreach (auth_get_shells() as $shell_key => $shell_value) :?>
-                        <option value="<?= html_safe($shell_key) ?>" <?= $pconfig['shell'] == $shell_key ? 'selected="selected"' : '' ?>><?= $shell_value ?></option>
+                      foreach (auth_get_shells(isset($id) ? $a_user[$id]['uid'] : $config['system']['nextuid']) as $shell_key => $shell_value) :?>
+                        <option value="<?= html_safe($shell_key) ?>" <?= $pconfig['shell'] == $shell_key ? 'selected="selected"' : '' ?>><?= html_safe($shell_value) ?></option>
 <?php
                       endforeach;?>
                       </select>