Annotation of src/usr.bin/su/su.c, Revision 1.10
1.10 ! millert 1: /* $OpenBSD: su.c,v 1.9 1996/10/16 00:37:11 millert Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
37: char copyright[] =
38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
43: /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
1.10 ! millert 44: static char rcsid[] = "$OpenBSD: su.c,v 1.9 1996/10/16 00:37:11 millert Exp $";
1.1 deraadt 45: #endif /* not lint */
46:
47: #include <sys/param.h>
48: #include <sys/time.h>
49: #include <sys/resource.h>
1.8 millert 50:
51: #include <err.h>
52: #include <errno.h>
53: #include <grp.h>
54: #include <paths.h>
55: #include <pwd.h>
1.1 deraadt 56: #include <stdio.h>
57: #include <stdlib.h>
58: #include <string.h>
1.8 millert 59: #include <syslog.h>
1.1 deraadt 60: #include <unistd.h>
1.8 millert 61:
62: #ifdef SKEY
63: #include <skey.h>
64: #endif
1.1 deraadt 65:
66: #ifdef KERBEROS
67: #include <kerberosIV/des.h>
68: #include <kerberosIV/krb.h>
69: #include <netdb.h>
70:
71: #define ARGSTR "-Kflm"
72:
73: int use_kerberos = 1;
74: #else
75: #define ARGSTR "-flm"
76: #endif
77:
1.8 millert 78: char *ontty __P((void));
79: int chshell __P((char *));
1.1 deraadt 80:
81: int
82: main(argc, argv)
83: int argc;
84: char **argv;
85: {
86: extern char **environ;
87: register struct passwd *pwd;
88: register char *p, **g;
89: struct group *gr;
1.9 millert 90: uid_t ruid;
1.1 deraadt 91: int asme, ch, asthem, fastlogin, prio;
92: enum { UNSET, YES, NO } iscsh = UNSET;
93: char *user, *shell, *avshell, *username, *cleanenv[10], **np;
94: char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
95:
96: asme = asthem = fastlogin = 0;
97: while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
98: switch((char)ch) {
99: #ifdef KERBEROS
100: case 'K':
101: use_kerberos = 0;
102: break;
103: #endif
104: case 'f':
105: fastlogin = 1;
106: break;
107: case '-':
108: case 'l':
109: asme = 0;
110: asthem = 1;
111: break;
112: case 'm':
113: asme = 1;
114: asthem = 0;
115: break;
116: case '?':
117: default:
1.7 millert 118: (void)fprintf(stderr,
119: "usage: su [%s] [login [shell arguments]]\n",
1.1 deraadt 120: ARGSTR);
121: exit(1);
122: }
123: argv += optind;
124:
125: errno = 0;
126: prio = getpriority(PRIO_PROCESS, 0);
127: if (errno)
128: prio = 0;
129: (void)setpriority(PRIO_PROCESS, 0, -2);
130: openlog("su", LOG_CONS, 0);
131:
132: /* get current login name and shell */
133: ruid = getuid();
134: username = getlogin();
135: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
136: pwd->pw_uid != ruid)
137: pwd = getpwuid(ruid);
1.8 millert 138: if (pwd == NULL)
139: errx(1, "who are you?");
1.9 millert 140: if ((username = strdup(pwd->pw_name)) == NULL)
141: err(1, "can't allocate memory");
1.1 deraadt 142: if (asme)
1.10 ! millert 143: if (pwd->pw_shell && *pwd->pw_shell) {
! 144: shell = strncpy(shellbuf, pwd->pw_shell, sizeof(shellbuf));
! 145: shellbuf[sizeof(shellbuf) - 1] = '\0';
! 146: } else {
1.1 deraadt 147: shell = _PATH_BSHELL;
148: iscsh = NO;
149: }
150:
151: /* get target login information, default to root */
152: user = *argv ? *argv : "root";
153: np = *argv ? argv : argv-1;
154:
1.8 millert 155: if ((pwd = getpwnam(user)) == NULL)
156: errx(1, "unknown login %s", user);
1.1 deraadt 157:
158: if (ruid) {
159: #ifdef KERBEROS
160: if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
161: #endif
162: {
163: /* only allow those in group zero to su to root. */
1.3 deraadt 164: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))
165: && gr->gr_mem && *(gr->gr_mem))
1.1 deraadt 166: for (g = gr->gr_mem;; ++g) {
1.8 millert 167: if (!*g)
168: errx(1, "you are not in the correct group to su %s.", user);
169: if (strcmp(username, *g) == 0)
1.1 deraadt 170: break;
171: }
172: /* if target requires a password, verify it */
173: if (*pwd->pw_passwd) {
174: p = getpass("Password:");
175: #ifdef SKEY
176: if (strcasecmp(p, "s/key") == 0) {
1.8 millert 177: if (skey_haskey(user))
178: errx(1, "Sorry, you have no s/key.");
179: else if (skey_authenticate(user))
180: goto badlogin;
1.1 deraadt 181: } else
182: #endif
183: if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
184: badlogin:
185: fprintf(stderr, "Sorry\n");
186: syslog(LOG_AUTH|LOG_WARNING,
187: "BAD SU %s to %s%s", username,
188: user, ontty());
189: exit(1);
190: }
191: }
192: }
1.8 millert 193: if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) {
194: fprintf(stderr, "Sorry - account expired\n");
195: syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s%s", username,
196: user, ontty());
197: exit(1);
198: }
1.1 deraadt 199: }
200:
201: if (asme) {
202: /* if asme and non-standard target shell, must be root */
1.8 millert 203: if (!chshell(pwd->pw_shell) && ruid)
204: errx(1, "permission denied (shell).");
1.1 deraadt 205: } else if (pwd->pw_shell && *pwd->pw_shell) {
206: shell = pwd->pw_shell;
207: iscsh = UNSET;
208: } else {
209: shell = _PATH_BSHELL;
210: iscsh = NO;
211: }
212:
1.8 millert 213: if (p = strrchr(shell, '/'))
1.1 deraadt 214: avshell = p+1;
215: else
216: avshell = shell;
217:
218: /* if we're forking a csh, we want to slightly muck the args */
219: if (iscsh == UNSET)
220: iscsh = strcmp(avshell, "csh") ? NO : YES;
221:
222: /* set permissions */
1.8 millert 223: if (setgid(pwd->pw_gid) < 0)
224: err(1, "setgid");
225: if (initgroups(user, pwd->pw_gid))
226: err(1, "initgroups failed");
227: if (setuid(pwd->pw_uid) < 0)
228: err(1, "setuid");
1.1 deraadt 229:
230: if (!asme) {
231: if (asthem) {
232: p = getenv("TERM");
233: cleanenv[0] = NULL;
234: environ = cleanenv;
235: (void)setenv("PATH", _PATH_DEFPATH, 1);
1.6 deraadt 236: if (p)
237: (void)setenv("TERM", p, 1);
1.5 deraadt 238:
239: seteuid(pwd->pw_uid);
240: setegid(pwd->pw_gid);
1.8 millert 241: if (chdir(pwd->pw_dir) < 0)
242: errx(1, "no directory");
1.5 deraadt 243: seteuid(0);
244: setegid(0); /* XXX use a saved gid instead? */
1.1 deraadt 245: }
246: if (asthem || pwd->pw_uid)
247: (void)setenv("USER", pwd->pw_name, 1);
248: (void)setenv("HOME", pwd->pw_dir, 1);
249: (void)setenv("SHELL", shell, 1);
250: }
251:
252: if (iscsh == YES) {
253: if (fastlogin)
254: *np-- = "-f";
255: if (asme)
256: *np-- = "-m";
257: }
258:
259: if (asthem) {
260: avshellbuf[0] = '-';
1.10 ! millert 261: strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
! 262: avshellbuf[sizeof(avshellbuf) - 1] = '\0';
1.1 deraadt 263: avshell = avshellbuf;
264: } else if (iscsh == YES) {
265: /* csh strips the first character... */
266: avshellbuf[0] = '_';
1.10 ! millert 267: strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
! 268: avshellbuf[sizeof(avshellbuf) - 1] = '\0';
1.1 deraadt 269: avshell = avshellbuf;
270: }
271:
272: *np = avshell;
273:
274: if (ruid != 0)
275: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
276: username, user, ontty());
277:
278: (void)setpriority(PRIO_PROCESS, 0, prio);
279:
280: execv(shell, np);
1.9 millert 281: err(1, shell);
1.1 deraadt 282: }
283:
284: int
285: chshell(sh)
286: char *sh;
287: {
288: register char *cp;
289:
290: while ((cp = getusershell()) != NULL)
1.8 millert 291: if (strcmp(cp, sh) == 0)
1.1 deraadt 292: return (1);
293: return (0);
294: }
295:
296: char *
297: ontty()
298: {
299: char *p, *ttyname();
300: static char buf[MAXPATHLEN + 4];
301:
302: buf[0] = 0;
303: if (p = ttyname(STDERR_FILENO))
1.8 millert 304: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 305: return (buf);
306: }
307:
308: #ifdef KERBEROS
309: kerberos(username, user, uid)
310: char *username, *user;
311: int uid;
312: {
313: KTEXT_ST ticket;
314: AUTH_DAT authdata;
315: struct hostent *hp;
316: register char *p;
317: int kerno;
318: u_long faddr;
319: char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
320: char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
321: char *ontty(), *krb_get_phost();
322:
323: if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
324: return (1);
325: if (koktologin(username, lrealm, user) && !uid) {
326: (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user);
327: return (1);
328: }
1.8 millert 329: (void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%d", TKT_ROOT,
330: user, getuid());
1.1 deraadt 331:
332: (void)setenv("KRBTKFILE", krbtkfile, 1);
333: (void)krb_set_tkt_string(krbtkfile);
334: /*
335: * Set real as well as effective ID to 0 for the moment,
336: * to make the kerberos library do the right thing.
337: */
338: if (setuid(0) < 0) {
1.8 millert 339: warn("setuid");
1.1 deraadt 340: return (1);
341: }
342:
343: /*
344: * Little trick here -- if we are su'ing to root,
345: * we need to get a ticket for "xxx.root", where xxx represents
346: * the name of the person su'ing. Otherwise (non-root case),
347: * we need to get a ticket for "yyy.", where yyy represents
348: * the name of the person being su'd to, and the instance is null
349: *
350: * We should have a way to set the ticket lifetime,
351: * with a system default for root.
352: */
353: kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
354: (uid == 0 ? "root" : ""), lrealm,
355: "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0);
356:
357: if (kerno != KSUCCESS) {
358: if (kerno == KDC_PR_UNKNOWN) {
1.8 millert 359: warnx("kerberos principal unknown: %s.%s@%s",
1.1 deraadt 360: (uid == 0 ? username : user),
361: (uid == 0 ? "root" : ""), lrealm);
362: return (1);
363: }
1.8 millert 364: warnx("unable to su: %s", krb_err_txt[kerno]);
1.1 deraadt 365: syslog(LOG_NOTICE|LOG_AUTH,
366: "BAD Kerberos SU: %s to %s%s: %s",
367: username, user, ontty(), krb_err_txt[kerno]);
368: return (1);
369: }
370:
371: if (chown(krbtkfile, uid, -1) < 0) {
1.8 millert 372: warn("chown");
1.1 deraadt 373: (void)unlink(krbtkfile);
374: return (1);
375: }
376:
377: (void)setpriority(PRIO_PROCESS, 0, -2);
378:
379: if (gethostname(hostname, sizeof(hostname)) == -1) {
1.8 millert 380: warn("gethostname");
1.1 deraadt 381: dest_tkt();
382: return (1);
383: }
384:
385: (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost));
386: savehost[sizeof(savehost) - 1] = '\0';
387:
388: kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33);
389:
390: if (kerno == KDC_PR_UNKNOWN) {
1.8 millert 391: warnx("Warning: TGT not verified.");
1.1 deraadt 392: syslog(LOG_NOTICE|LOG_AUTH,
393: "%s to %s%s, TGT not verified (%s); %s.%s not registered?",
394: username, user, ontty(), krb_err_txt[kerno],
395: "rcmd", savehost);
396: } else if (kerno != KSUCCESS) {
1.8 millert 397: warnx("Unable to use TGT: %s", krb_err_txt[kerno]);
1.1 deraadt 398: syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s",
399: username, user, ontty(), krb_err_txt[kerno]);
400: dest_tkt();
401: return (1);
402: } else {
403: if (!(hp = gethostbyname(hostname))) {
1.8 millert 404: warnx("can't get addr of %s", hostname);
1.1 deraadt 405: dest_tkt();
406: return (1);
407: }
1.10 ! millert 408: (void)memcpy((void *)&faddr, (void *)hp->h_addr, sizeof(faddr));
1.1 deraadt 409:
410: if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
411: &authdata, "")) != KSUCCESS) {
1.8 millert 412: warnx("unable to verify rcmd ticket: %s",
413: krb_err_txt[kerno]);
1.1 deraadt 414: syslog(LOG_NOTICE|LOG_AUTH,
415: "failed su: %s to %s%s: %s", username,
416: user, ontty(), krb_err_txt[kerno]);
417: dest_tkt();
418: return (1);
419: }
420: }
421: return (0);
422: }
423:
424: koktologin(name, realm, toname)
425: char *name, *realm, *toname;
426: {
427: register AUTH_DAT *kdata;
428: AUTH_DAT kdata_st;
429:
1.10 ! millert 430: memset((void *)kdata_st, 0, sizeof(*kdata_st));
1.1 deraadt 431: kdata = &kdata_st;
1.10 ! millert 432:
! 433: (void)strncpy(kdata->pname, name, sizeof(kdata->pname));
! 434: kdata->pname[sizeof(kdata->pname) - 1] = '\0';
! 435:
! 436: (void)strncpy(kdata->pinst,
! 437: ((strcmp(toname, "root") == 0) ? "root" : ""), sizeof(kdata->pinst));
! 438: kdata->pinst[sizeof(kdata->pinst) -1] '\0';
! 439:
! 440: (void)strncpy(kdata->prealm, realm, sizeof(kdata->prealm));
! 441: kdata->prealm[sizeof(kdata->prealm) -1] = '\0';
! 442:
1.1 deraadt 443: return (kuserok(kdata, toname));
444: }
445: #endif