Annotation of src/usr.bin/su/su.c, Revision 1.19
1.19 ! tholo 1: /* $OpenBSD: su.c,v 1.18 1997/01/15 23:43:16 millert Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
37: char copyright[] =
38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
43: /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
1.19 ! tholo 44: static char rcsid[] = "$OpenBSD: su.c,v 1.18 1997/01/15 23:43:16 millert Exp $";
1.1 deraadt 45: #endif /* not lint */
46:
47: #include <sys/param.h>
48: #include <sys/time.h>
49: #include <sys/resource.h>
1.8 millert 50:
51: #include <err.h>
52: #include <errno.h>
53: #include <grp.h>
54: #include <paths.h>
55: #include <pwd.h>
1.1 deraadt 56: #include <stdio.h>
57: #include <stdlib.h>
58: #include <string.h>
1.8 millert 59: #include <syslog.h>
1.1 deraadt 60: #include <unistd.h>
1.8 millert 61:
62: #ifdef SKEY
63: #include <skey.h>
64: #endif
1.1 deraadt 65:
66: #ifdef KERBEROS
67: #include <kerberosIV/des.h>
68: #include <kerberosIV/krb.h>
69: #include <netdb.h>
1.19 ! tholo 70: #include <fcntl.h>
! 71: #include <sys/stat.h>
1.1 deraadt 72:
73: #define ARGSTR "-Kflm"
74:
1.19 ! tholo 75: void kdestroy __P((void));
! 76: void dofork __P((void));
! 77:
1.1 deraadt 78: int use_kerberos = 1;
1.19 ! tholo 79: char krbtkfile[MAXPATHLEN];
1.1 deraadt 80: #else
81: #define ARGSTR "-flm"
82: #endif
83:
1.8 millert 84: char *ontty __P((void));
85: int chshell __P((char *));
1.1 deraadt 86:
1.19 ! tholo 87: #ifdef KERBEROS
! 88: void
! 89: dofork()
! 90: {
! 91: pid_t child;
! 92:
! 93: if (!(child = fork()))
! 94: return; /* Child process */
! 95:
! 96: /* Setup stuff? This would be things we could do in parallel with login */
! 97: (void) chdir("/"); /* Let's not keep the fs busy... */
! 98:
! 99: /* If we're the parent, watch the child until it dies */
! 100: while (wait(0) != child)
! 101: ;
! 102:
! 103: /* Run kdestroy to destroy tickets */
! 104: kdestroy();
! 105:
! 106: /* Leave */
! 107: exit(0);
! 108: }
! 109: #endif
! 110:
1.1 deraadt 111: int
112: main(argc, argv)
113: int argc;
114: char **argv;
115: {
116: extern char **environ;
117: register struct passwd *pwd;
118: register char *p, **g;
119: struct group *gr;
1.9 millert 120: uid_t ruid;
1.1 deraadt 121: int asme, ch, asthem, fastlogin, prio;
122: enum { UNSET, YES, NO } iscsh = UNSET;
123: char *user, *shell, *avshell, *username, *cleanenv[10], **np;
124: char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
125:
126: asme = asthem = fastlogin = 0;
1.18 millert 127: while ((ch = getopt(argc, argv, ARGSTR)) != -1)
1.1 deraadt 128: switch((char)ch) {
129: #ifdef KERBEROS
130: case 'K':
131: use_kerberos = 0;
132: break;
133: #endif
134: case 'f':
135: fastlogin = 1;
136: break;
137: case '-':
138: case 'l':
139: asme = 0;
140: asthem = 1;
141: break;
142: case 'm':
143: asme = 1;
144: asthem = 0;
145: break;
146: case '?':
147: default:
1.7 millert 148: (void)fprintf(stderr,
149: "usage: su [%s] [login [shell arguments]]\n",
1.1 deraadt 150: ARGSTR);
151: exit(1);
152: }
153: argv += optind;
154:
155: errno = 0;
156: prio = getpriority(PRIO_PROCESS, 0);
157: if (errno)
158: prio = 0;
159: (void)setpriority(PRIO_PROCESS, 0, -2);
160: openlog("su", LOG_CONS, 0);
161:
162: /* get current login name and shell */
163: ruid = getuid();
164: username = getlogin();
165: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
166: pwd->pw_uid != ruid)
167: pwd = getpwuid(ruid);
1.8 millert 168: if (pwd == NULL)
169: errx(1, "who are you?");
1.9 millert 170: if ((username = strdup(pwd->pw_name)) == NULL)
171: err(1, "can't allocate memory");
1.1 deraadt 172: if (asme)
1.10 millert 173: if (pwd->pw_shell && *pwd->pw_shell) {
1.11 millert 174: shell = strncpy(shellbuf, pwd->pw_shell, sizeof(shellbuf) - 1);
1.10 millert 175: shellbuf[sizeof(shellbuf) - 1] = '\0';
176: } else {
1.1 deraadt 177: shell = _PATH_BSHELL;
178: iscsh = NO;
179: }
180:
181: /* get target login information, default to root */
182: user = *argv ? *argv : "root";
183: np = *argv ? argv : argv-1;
184:
1.8 millert 185: if ((pwd = getpwnam(user)) == NULL)
186: errx(1, "unknown login %s", user);
1.16 millert 187: if ((user = strdup(pwd->pw_name)) == NULL)
188: err(1, "can't allocate memory");
1.1 deraadt 189:
190: if (ruid) {
191: #ifdef KERBEROS
192: if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
193: #endif
194: {
1.19 ! tholo 195: use_kerberos = 0;
1.1 deraadt 196: /* only allow those in group zero to su to root. */
1.3 deraadt 197: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))
198: && gr->gr_mem && *(gr->gr_mem))
1.1 deraadt 199: for (g = gr->gr_mem;; ++g) {
1.8 millert 200: if (!*g)
201: errx(1, "you are not in the correct group to su %s.", user);
202: if (strcmp(username, *g) == 0)
1.1 deraadt 203: break;
204: }
205: /* if target requires a password, verify it */
206: if (*pwd->pw_passwd) {
207: p = getpass("Password:");
208: #ifdef SKEY
209: if (strcasecmp(p, "s/key") == 0) {
1.14 millert 210: if (skey_authenticate(user))
1.8 millert 211: goto badlogin;
1.1 deraadt 212: } else
213: #endif
214: if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
215: badlogin:
216: fprintf(stderr, "Sorry\n");
217: syslog(LOG_AUTH|LOG_WARNING,
218: "BAD SU %s to %s%s", username,
219: user, ontty());
220: exit(1);
221: }
222: }
223: }
1.8 millert 224: if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) {
225: fprintf(stderr, "Sorry - account expired\n");
226: syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s%s", username,
227: user, ontty());
228: exit(1);
229: }
1.1 deraadt 230: }
231:
232: if (asme) {
233: /* if asme and non-standard target shell, must be root */
1.8 millert 234: if (!chshell(pwd->pw_shell) && ruid)
235: errx(1, "permission denied (shell).");
1.1 deraadt 236: } else if (pwd->pw_shell && *pwd->pw_shell) {
237: shell = pwd->pw_shell;
238: iscsh = UNSET;
239: } else {
240: shell = _PATH_BSHELL;
241: iscsh = NO;
242: }
243:
1.8 millert 244: if (p = strrchr(shell, '/'))
1.1 deraadt 245: avshell = p+1;
246: else
247: avshell = shell;
248:
249: /* if we're forking a csh, we want to slightly muck the args */
250: if (iscsh == UNSET)
251: iscsh = strcmp(avshell, "csh") ? NO : YES;
252:
1.19 ! tholo 253: #if defined(KERBEROS) || defined(KERBEROS5)
! 254: /* Fork so that we can call kdestroy */
! 255: if (use_kerberos)
! 256: dofork();
! 257: #endif
! 258:
1.1 deraadt 259: /* set permissions */
1.17 tholo 260: if (setegid(pwd->pw_gid) < 0)
261: err(1, "setegid");
1.8 millert 262: if (setgid(pwd->pw_gid) < 0)
263: err(1, "setgid");
264: if (initgroups(user, pwd->pw_gid))
265: err(1, "initgroups failed");
1.17 tholo 266: if (seteuid(pwd->pw_uid) < 0)
267: err(1, "seteuid");
1.8 millert 268: if (setuid(pwd->pw_uid) < 0)
269: err(1, "setuid");
1.1 deraadt 270:
271: if (!asme) {
272: if (asthem) {
273: p = getenv("TERM");
274: cleanenv[0] = NULL;
275: environ = cleanenv;
276: (void)setenv("PATH", _PATH_DEFPATH, 1);
1.6 deraadt 277: if (p)
278: (void)setenv("TERM", p, 1);
1.5 deraadt 279:
280: seteuid(pwd->pw_uid);
281: setegid(pwd->pw_gid);
1.8 millert 282: if (chdir(pwd->pw_dir) < 0)
283: errx(1, "no directory");
1.5 deraadt 284: seteuid(0);
285: setegid(0); /* XXX use a saved gid instead? */
1.1 deraadt 286: }
1.15 millert 287: if (asthem || pwd->pw_uid) {
288: (void)setenv("LOGNAME", pwd->pw_name, 1);
1.1 deraadt 289: (void)setenv("USER", pwd->pw_name, 1);
1.15 millert 290: }
1.1 deraadt 291: (void)setenv("HOME", pwd->pw_dir, 1);
292: (void)setenv("SHELL", shell, 1);
293: }
294:
295: if (iscsh == YES) {
296: if (fastlogin)
297: *np-- = "-f";
298: if (asme)
299: *np-- = "-m";
300: }
301:
302: if (asthem) {
303: avshellbuf[0] = '-';
1.11 millert 304: strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2);
1.10 millert 305: avshellbuf[sizeof(avshellbuf) - 1] = '\0';
1.1 deraadt 306: avshell = avshellbuf;
307: } else if (iscsh == YES) {
308: /* csh strips the first character... */
309: avshellbuf[0] = '_';
1.11 millert 310: strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2);
1.10 millert 311: avshellbuf[sizeof(avshellbuf) - 1] = '\0';
1.1 deraadt 312: avshell = avshellbuf;
313: }
314:
315: *np = avshell;
316:
317: if (ruid != 0)
318: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
319: username, user, ontty());
320:
321: (void)setpriority(PRIO_PROCESS, 0, prio);
322:
323: execv(shell, np);
1.9 millert 324: err(1, shell);
1.1 deraadt 325: }
326:
327: int
328: chshell(sh)
329: char *sh;
330: {
331: register char *cp;
332:
333: while ((cp = getusershell()) != NULL)
1.8 millert 334: if (strcmp(cp, sh) == 0)
1.1 deraadt 335: return (1);
336: return (0);
337: }
338:
339: char *
340: ontty()
341: {
342: char *p, *ttyname();
343: static char buf[MAXPATHLEN + 4];
344:
345: buf[0] = 0;
346: if (p = ttyname(STDERR_FILENO))
1.8 millert 347: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 348: return (buf);
349: }
350:
351: #ifdef KERBEROS
352: kerberos(username, user, uid)
353: char *username, *user;
354: int uid;
355: {
356: KTEXT_ST ticket;
357: AUTH_DAT authdata;
358: struct hostent *hp;
359: register char *p;
360: int kerno;
361: u_long faddr;
1.19 ! tholo 362: char lrealm[REALM_SZ];
1.1 deraadt 363: char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
364: char *ontty(), *krb_get_phost();
365:
366: if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
367: return (1);
368: if (koktologin(username, lrealm, user) && !uid) {
369: (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user);
370: return (1);
371: }
1.8 millert 372: (void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%d", TKT_ROOT,
373: user, getuid());
1.1 deraadt 374:
375: (void)setenv("KRBTKFILE", krbtkfile, 1);
376: (void)krb_set_tkt_string(krbtkfile);
377: /*
378: * Set real as well as effective ID to 0 for the moment,
379: * to make the kerberos library do the right thing.
380: */
381: if (setuid(0) < 0) {
1.8 millert 382: warn("setuid");
1.1 deraadt 383: return (1);
384: }
385:
386: /*
387: * Little trick here -- if we are su'ing to root,
388: * we need to get a ticket for "xxx.root", where xxx represents
389: * the name of the person su'ing. Otherwise (non-root case),
390: * we need to get a ticket for "yyy.", where yyy represents
391: * the name of the person being su'd to, and the instance is null
392: *
393: * We should have a way to set the ticket lifetime,
394: * with a system default for root.
395: */
396: kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
397: (uid == 0 ? "root" : ""), lrealm,
398: "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0);
399:
400: if (kerno != KSUCCESS) {
401: if (kerno == KDC_PR_UNKNOWN) {
1.8 millert 402: warnx("kerberos principal unknown: %s.%s@%s",
1.1 deraadt 403: (uid == 0 ? username : user),
404: (uid == 0 ? "root" : ""), lrealm);
405: return (1);
406: }
1.8 millert 407: warnx("unable to su: %s", krb_err_txt[kerno]);
1.1 deraadt 408: syslog(LOG_NOTICE|LOG_AUTH,
409: "BAD Kerberos SU: %s to %s%s: %s",
410: username, user, ontty(), krb_err_txt[kerno]);
411: return (1);
412: }
413:
414: if (chown(krbtkfile, uid, -1) < 0) {
1.8 millert 415: warn("chown");
1.1 deraadt 416: (void)unlink(krbtkfile);
417: return (1);
418: }
419:
420: (void)setpriority(PRIO_PROCESS, 0, -2);
421:
422: if (gethostname(hostname, sizeof(hostname)) == -1) {
1.8 millert 423: warn("gethostname");
1.1 deraadt 424: dest_tkt();
425: return (1);
426: }
427:
1.11 millert 428: (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost) - 1);
1.1 deraadt 429: savehost[sizeof(savehost) - 1] = '\0';
430:
431: kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33);
432:
433: if (kerno == KDC_PR_UNKNOWN) {
1.8 millert 434: warnx("Warning: TGT not verified.");
1.1 deraadt 435: syslog(LOG_NOTICE|LOG_AUTH,
436: "%s to %s%s, TGT not verified (%s); %s.%s not registered?",
437: username, user, ontty(), krb_err_txt[kerno],
438: "rcmd", savehost);
439: } else if (kerno != KSUCCESS) {
1.8 millert 440: warnx("Unable to use TGT: %s", krb_err_txt[kerno]);
1.1 deraadt 441: syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s",
442: username, user, ontty(), krb_err_txt[kerno]);
443: dest_tkt();
444: return (1);
445: } else {
446: if (!(hp = gethostbyname(hostname))) {
1.8 millert 447: warnx("can't get addr of %s", hostname);
1.1 deraadt 448: dest_tkt();
449: return (1);
450: }
1.10 millert 451: (void)memcpy((void *)&faddr, (void *)hp->h_addr, sizeof(faddr));
1.1 deraadt 452:
453: if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
454: &authdata, "")) != KSUCCESS) {
1.8 millert 455: warnx("unable to verify rcmd ticket: %s",
456: krb_err_txt[kerno]);
1.1 deraadt 457: syslog(LOG_NOTICE|LOG_AUTH,
458: "failed su: %s to %s%s: %s", username,
459: user, ontty(), krb_err_txt[kerno]);
460: dest_tkt();
461: return (1);
462: }
463: }
464: return (0);
465: }
466:
467: koktologin(name, realm, toname)
468: char *name, *realm, *toname;
469: {
470: register AUTH_DAT *kdata;
471: AUTH_DAT kdata_st;
472:
1.13 deraadt 473: memset((void *)&kdata_st, 0, sizeof(kdata_st));
1.1 deraadt 474: kdata = &kdata_st;
1.10 millert 475:
1.11 millert 476: (void)strncpy(kdata->pname, name, sizeof(kdata->pname) - 1);
1.10 millert 477: kdata->pname[sizeof(kdata->pname) - 1] = '\0';
478:
479: (void)strncpy(kdata->pinst,
1.11 millert 480: ((strcmp(toname, "root") == 0) ? "root" : ""), sizeof(kdata->pinst) - 1);
1.13 deraadt 481: kdata->pinst[sizeof(kdata->pinst) -1] = '\0';
1.10 millert 482:
1.11 millert 483: (void)strncpy(kdata->prealm, realm, sizeof(kdata->prealm) - 1);
1.10 millert 484: kdata->prealm[sizeof(kdata->prealm) -1] = '\0';
485:
1.1 deraadt 486: return (kuserok(kdata, toname));
1.19 ! tholo 487: }
! 488:
! 489: void
! 490: kdestroy()
! 491: {
! 492: char *file = krbtkfile;
! 493: int i, fd;
! 494: extern int errno;
! 495: struct stat statb;
! 496: char buf[BUFSIZ];
! 497: #ifdef TKT_SHMEM
! 498: char shmidname[MAXPATHLEN];
! 499: #endif /* TKT_SHMEM */
! 500:
! 501: if (use_kerberos == 0)
! 502: return;
! 503:
! 504: errno = 0;
! 505: if (lstat(file, &statb) < 0)
! 506: goto out;
! 507:
! 508: if (!(statb.st_mode & S_IFREG)
! 509: #ifdef notdef
! 510: || statb.st_mode & 077
! 511: #endif
! 512: )
! 513: goto out;
! 514:
! 515: if ((fd = open(file, O_RDWR, 0)) < 0)
! 516: goto out;
! 517:
! 518: bzero(buf, BUFSIZ);
! 519:
! 520: for (i = 0; i < statb.st_size; i += BUFSIZ)
! 521: if (write(fd, buf, BUFSIZ) != BUFSIZ) {
! 522: (void) fsync(fd);
! 523: (void) close(fd);
! 524: goto out;
! 525: }
! 526:
! 527: (void) fsync(fd);
! 528: (void) close(fd);
! 529:
! 530: (void) unlink(file);
! 531:
! 532: out:
! 533: if (errno != 0) return;
! 534: #ifdef TKT_SHMEM
! 535: /*
! 536: * handle the shared memory case
! 537: */
! 538: (void) strcpy(shmidname, file);
! 539: (void) strcat(shmidname, ".shm");
! 540: if (krb_shm_dest(shmidname) != KSUCCESS)
! 541: return;
! 542: #endif /* TKT_SHMEM */
! 543: return;
1.1 deraadt 544: }
545: #endif