Annotation of src/usr.bin/su/su.c, Revision 1.31.10.1
1.31.10.1! jason 1: /* $OpenBSD: su.c,v 1.31 1998/03/25 21:27:27 art Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
37: char copyright[] =
38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
43: /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
1.31.10.1! jason 44: static char rcsid[] = "$OpenBSD: su.c,v 1.31 1998/03/25 21:27:27 art Exp $";
1.1 deraadt 45: #endif /* not lint */
46:
47: #include <sys/param.h>
48: #include <sys/time.h>
49: #include <sys/resource.h>
1.8 millert 50:
51: #include <err.h>
52: #include <errno.h>
53: #include <grp.h>
54: #include <paths.h>
55: #include <pwd.h>
1.1 deraadt 56: #include <stdio.h>
57: #include <stdlib.h>
58: #include <string.h>
1.8 millert 59: #include <syslog.h>
1.1 deraadt 60: #include <unistd.h>
1.8 millert 61:
62: #ifdef SKEY
63: #include <skey.h>
64: #endif
1.1 deraadt 65:
66: #ifdef KERBEROS
1.29 provos 67: #include <des.h>
1.1 deraadt 68: #include <kerberosIV/krb.h>
69: #include <netdb.h>
70:
1.30 deraadt 71: int kerberos __P((char *username, char *user, int uid));
72:
1.1 deraadt 73: #define ARGSTR "-Kflm"
74:
75: int use_kerberos = 1;
1.28 deraadt 76: char krbtkfile[MAXPATHLEN];
77: char lrealm[REALM_SZ];
78: int ksettkfile(char *);
1.1 deraadt 79: #else
80: #define ARGSTR "-flm"
81: #endif
82:
1.8 millert 83: char *ontty __P((void));
84: int chshell __P((char *));
1.1 deraadt 85:
86: int
87: main(argc, argv)
88: int argc;
89: char **argv;
90: {
91: extern char **environ;
92: register struct passwd *pwd;
93: register char *p, **g;
94: struct group *gr;
1.9 millert 95: uid_t ruid;
1.1 deraadt 96: int asme, ch, asthem, fastlogin, prio;
97: enum { UNSET, YES, NO } iscsh = UNSET;
1.31 art 98: char *user, *shell = NULL, *avshell, *username, **np;
1.1 deraadt 99: char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
100:
101: asme = asthem = fastlogin = 0;
1.18 millert 102: while ((ch = getopt(argc, argv, ARGSTR)) != -1)
1.1 deraadt 103: switch((char)ch) {
104: #ifdef KERBEROS
105: case 'K':
106: use_kerberos = 0;
107: break;
108: #endif
109: case 'f':
110: fastlogin = 1;
111: break;
112: case '-':
113: case 'l':
114: asme = 0;
115: asthem = 1;
116: break;
117: case 'm':
118: asme = 1;
119: asthem = 0;
120: break;
121: case '?':
122: default:
1.7 millert 123: (void)fprintf(stderr,
124: "usage: su [%s] [login [shell arguments]]\n",
1.1 deraadt 125: ARGSTR);
126: exit(1);
127: }
128: argv += optind;
129:
130: errno = 0;
131: prio = getpriority(PRIO_PROCESS, 0);
132: if (errno)
133: prio = 0;
134: (void)setpriority(PRIO_PROCESS, 0, -2);
135: openlog("su", LOG_CONS, 0);
136:
137: /* get current login name and shell */
138: ruid = getuid();
139: username = getlogin();
140: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
141: pwd->pw_uid != ruid)
142: pwd = getpwuid(ruid);
1.8 millert 143: if (pwd == NULL)
144: errx(1, "who are you?");
1.9 millert 145: if ((username = strdup(pwd->pw_name)) == NULL)
146: err(1, "can't allocate memory");
1.31 art 147: if (asme) {
1.10 millert 148: if (pwd->pw_shell && *pwd->pw_shell) {
1.11 millert 149: shell = strncpy(shellbuf, pwd->pw_shell, sizeof(shellbuf) - 1);
1.10 millert 150: shellbuf[sizeof(shellbuf) - 1] = '\0';
151: } else {
1.1 deraadt 152: shell = _PATH_BSHELL;
153: iscsh = NO;
154: }
1.31 art 155: }
1.1 deraadt 156:
157: /* get target login information, default to root */
158: user = *argv ? *argv : "root";
159: np = *argv ? argv : argv-1;
160:
1.8 millert 161: if ((pwd = getpwnam(user)) == NULL)
162: errx(1, "unknown login %s", user);
1.16 millert 163: if ((user = strdup(pwd->pw_name)) == NULL)
164: err(1, "can't allocate memory");
1.1 deraadt 165:
1.28 deraadt 166: #if KERBEROS
167: if (ksettkfile(user))
168: use_kerberos = 0;
169: #endif
170:
1.1 deraadt 171: if (ruid) {
172: #ifdef KERBEROS
1.21 tholo 173: if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
1.1 deraadt 174: #endif
175: {
176: /* only allow those in group zero to su to root. */
1.3 deraadt 177: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))
178: && gr->gr_mem && *(gr->gr_mem))
1.1 deraadt 179: for (g = gr->gr_mem;; ++g) {
1.8 millert 180: if (!*g)
181: errx(1, "you are not in the correct group to su %s.", user);
182: if (strcmp(username, *g) == 0)
1.1 deraadt 183: break;
184: }
185: /* if target requires a password, verify it */
186: if (*pwd->pw_passwd) {
187: p = getpass("Password:");
188: #ifdef SKEY
189: if (strcasecmp(p, "s/key") == 0) {
1.14 millert 190: if (skey_authenticate(user))
1.8 millert 191: goto badlogin;
1.1 deraadt 192: } else
193: #endif
194: if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
195: badlogin:
196: fprintf(stderr, "Sorry\n");
197: syslog(LOG_AUTH|LOG_WARNING,
198: "BAD SU %s to %s%s", username,
199: user, ontty());
200: exit(1);
201: }
202: }
203: }
1.8 millert 204: if (pwd->pw_expire && time(NULL) >= pwd->pw_expire) {
205: fprintf(stderr, "Sorry - account expired\n");
206: syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s%s", username,
207: user, ontty());
208: exit(1);
209: }
1.1 deraadt 210: }
211:
212: if (asme) {
213: /* if asme and non-standard target shell, must be root */
1.8 millert 214: if (!chshell(pwd->pw_shell) && ruid)
215: errx(1, "permission denied (shell).");
1.1 deraadt 216: } else if (pwd->pw_shell && *pwd->pw_shell) {
217: shell = pwd->pw_shell;
218: iscsh = UNSET;
219: } else {
220: shell = _PATH_BSHELL;
221: iscsh = NO;
222: }
223:
1.30 deraadt 224: if ((p = strrchr(shell, '/')))
1.1 deraadt 225: avshell = p+1;
226: else
227: avshell = shell;
228:
229: /* if we're forking a csh, we want to slightly muck the args */
230: if (iscsh == UNSET)
231: iscsh = strcmp(avshell, "csh") ? NO : YES;
232:
233: /* set permissions */
1.17 tholo 234: if (setegid(pwd->pw_gid) < 0)
235: err(1, "setegid");
1.8 millert 236: if (setgid(pwd->pw_gid) < 0)
237: err(1, "setgid");
238: if (initgroups(user, pwd->pw_gid))
239: err(1, "initgroups failed");
1.17 tholo 240: if (seteuid(pwd->pw_uid) < 0)
241: err(1, "seteuid");
1.8 millert 242: if (setuid(pwd->pw_uid) < 0)
243: err(1, "setuid");
1.1 deraadt 244:
245: if (!asme) {
246: if (asthem) {
247: p = getenv("TERM");
1.23 deraadt 248: if ((environ = calloc(1, sizeof (char *))) == NULL)
1.22 deraadt 249: errx(1, "calloc");
1.1 deraadt 250: (void)setenv("PATH", _PATH_DEFPATH, 1);
1.6 deraadt 251: if (p)
252: (void)setenv("TERM", p, 1);
1.5 deraadt 253:
254: seteuid(pwd->pw_uid);
255: setegid(pwd->pw_gid);
1.8 millert 256: if (chdir(pwd->pw_dir) < 0)
257: errx(1, "no directory");
1.5 deraadt 258: seteuid(0);
259: setegid(0); /* XXX use a saved gid instead? */
1.1 deraadt 260: }
1.15 millert 261: if (asthem || pwd->pw_uid) {
262: (void)setenv("LOGNAME", pwd->pw_name, 1);
1.1 deraadt 263: (void)setenv("USER", pwd->pw_name, 1);
1.15 millert 264: }
1.1 deraadt 265: (void)setenv("HOME", pwd->pw_dir, 1);
266: (void)setenv("SHELL", shell, 1);
267: }
268:
1.28 deraadt 269: #ifdef KERBEROS
270: if (*krbtkfile)
271: (void)setenv("KRBTKFILE", krbtkfile, 1);
272: #endif
273:
1.1 deraadt 274: if (iscsh == YES) {
275: if (fastlogin)
276: *np-- = "-f";
277: if (asme)
278: *np-- = "-m";
279: }
280:
281: if (asthem) {
282: avshellbuf[0] = '-';
1.11 millert 283: strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2);
1.10 millert 284: avshellbuf[sizeof(avshellbuf) - 1] = '\0';
1.1 deraadt 285: avshell = avshellbuf;
286: } else if (iscsh == YES) {
287: /* csh strips the first character... */
288: avshellbuf[0] = '_';
1.11 millert 289: strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2);
1.10 millert 290: avshellbuf[sizeof(avshellbuf) - 1] = '\0';
1.1 deraadt 291: avshell = avshellbuf;
292: }
293:
294: *np = avshell;
295:
296: if (ruid != 0)
297: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
298: username, user, ontty());
299:
300: (void)setpriority(PRIO_PROCESS, 0, prio);
301:
302: execv(shell, np);
1.31.10.1! jason 303: err(1, "%s", shell);
1.1 deraadt 304: }
305:
306: int
307: chshell(sh)
308: char *sh;
309: {
310: register char *cp;
311:
312: while ((cp = getusershell()) != NULL)
1.8 millert 313: if (strcmp(cp, sh) == 0)
1.1 deraadt 314: return (1);
315: return (0);
316: }
317:
318: char *
319: ontty()
320: {
321: char *p, *ttyname();
322: static char buf[MAXPATHLEN + 4];
323:
324: buf[0] = 0;
1.30 deraadt 325: if ((p = ttyname(STDERR_FILENO)))
1.8 millert 326: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 327: return (buf);
328: }
329:
330: #ifdef KERBEROS
1.31 art 331: int koktologin __P((char *, char *, char *));
332:
1.30 deraadt 333: int
1.1 deraadt 334: kerberos(username, user, uid)
335: char *username, *user;
336: int uid;
337: {
338: KTEXT_ST ticket;
339: AUTH_DAT authdata;
340: struct hostent *hp;
341: int kerno;
1.27 deraadt 342: in_addr_t faddr;
1.1 deraadt 343: char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
344: char *ontty(), *krb_get_phost();
345:
346: if (koktologin(username, lrealm, user) && !uid) {
347: (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user);
348: return (1);
349: }
1.28 deraadt 350: (void)krb_set_tkt_string(krbtkfile);
1.1 deraadt 351:
352: /*
353: * Set real as well as effective ID to 0 for the moment,
354: * to make the kerberos library do the right thing.
355: */
356: if (setuid(0) < 0) {
1.8 millert 357: warn("setuid");
1.1 deraadt 358: return (1);
359: }
360:
361: /*
362: * Little trick here -- if we are su'ing to root,
363: * we need to get a ticket for "xxx.root", where xxx represents
364: * the name of the person su'ing. Otherwise (non-root case),
365: * we need to get a ticket for "yyy.", where yyy represents
366: * the name of the person being su'd to, and the instance is null
367: */
1.31 art 368:
369: printf("%s%s@%s's ", (uid == 0 ? username : user),
370: (uid == 0 ? ".root" : ""), lrealm);
371: fflush(stdout);
1.1 deraadt 372: kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
373: (uid == 0 ? "root" : ""), lrealm,
374: "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0);
375:
376: if (kerno != KSUCCESS) {
377: if (kerno == KDC_PR_UNKNOWN) {
1.8 millert 378: warnx("kerberos principal unknown: %s.%s@%s",
1.1 deraadt 379: (uid == 0 ? username : user),
380: (uid == 0 ? "root" : ""), lrealm);
381: return (1);
382: }
1.8 millert 383: warnx("unable to su: %s", krb_err_txt[kerno]);
1.1 deraadt 384: syslog(LOG_NOTICE|LOG_AUTH,
385: "BAD Kerberos SU: %s to %s%s: %s",
386: username, user, ontty(), krb_err_txt[kerno]);
387: return (1);
388: }
389:
390: if (chown(krbtkfile, uid, -1) < 0) {
1.8 millert 391: warn("chown");
1.1 deraadt 392: (void)unlink(krbtkfile);
393: return (1);
394: }
395:
396: (void)setpriority(PRIO_PROCESS, 0, -2);
397:
398: if (gethostname(hostname, sizeof(hostname)) == -1) {
1.8 millert 399: warn("gethostname");
1.1 deraadt 400: dest_tkt();
401: return (1);
402: }
403:
1.11 millert 404: (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost) - 1);
1.1 deraadt 405: savehost[sizeof(savehost) - 1] = '\0';
406:
407: kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33);
408:
409: if (kerno == KDC_PR_UNKNOWN) {
1.8 millert 410: warnx("Warning: TGT not verified.");
1.1 deraadt 411: syslog(LOG_NOTICE|LOG_AUTH,
412: "%s to %s%s, TGT not verified (%s); %s.%s not registered?",
413: username, user, ontty(), krb_err_txt[kerno],
414: "rcmd", savehost);
415: } else if (kerno != KSUCCESS) {
1.8 millert 416: warnx("Unable to use TGT: %s", krb_err_txt[kerno]);
1.1 deraadt 417: syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s",
418: username, user, ontty(), krb_err_txt[kerno]);
419: dest_tkt();
420: return (1);
421: } else {
422: if (!(hp = gethostbyname(hostname))) {
1.8 millert 423: warnx("can't get addr of %s", hostname);
1.1 deraadt 424: dest_tkt();
425: return (1);
426: }
1.10 millert 427: (void)memcpy((void *)&faddr, (void *)hp->h_addr, sizeof(faddr));
1.1 deraadt 428:
429: if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
430: &authdata, "")) != KSUCCESS) {
1.8 millert 431: warnx("unable to verify rcmd ticket: %s",
432: krb_err_txt[kerno]);
1.1 deraadt 433: syslog(LOG_NOTICE|LOG_AUTH,
434: "failed su: %s to %s%s: %s", username,
435: user, ontty(), krb_err_txt[kerno]);
436: dest_tkt();
437: return (1);
438: }
439: }
440: return (0);
441: }
442:
1.31 art 443: int
1.1 deraadt 444: koktologin(name, realm, toname)
445: char *name, *realm, *toname;
446: {
447: register AUTH_DAT *kdata;
448: AUTH_DAT kdata_st;
449:
1.13 deraadt 450: memset((void *)&kdata_st, 0, sizeof(kdata_st));
1.1 deraadt 451: kdata = &kdata_st;
1.10 millert 452:
1.11 millert 453: (void)strncpy(kdata->pname, name, sizeof(kdata->pname) - 1);
1.10 millert 454: kdata->pname[sizeof(kdata->pname) - 1] = '\0';
455:
456: (void)strncpy(kdata->pinst,
1.11 millert 457: ((strcmp(toname, "root") == 0) ? "root" : ""), sizeof(kdata->pinst) - 1);
1.13 deraadt 458: kdata->pinst[sizeof(kdata->pinst) -1] = '\0';
1.10 millert 459:
1.11 millert 460: (void)strncpy(kdata->prealm, realm, sizeof(kdata->prealm) - 1);
1.10 millert 461: kdata->prealm[sizeof(kdata->prealm) -1] = '\0';
462:
1.1 deraadt 463: return (kuserok(kdata, toname));
1.28 deraadt 464: }
465:
466: int
467: ksettkfile(user)
468: char *user;
469: {
470: if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
471: return (1);
472: (void)snprintf(krbtkfile, sizeof(krbtkfile), "%s_%s_%u", TKT_ROOT,
473: user, getuid());
474: return (0);
1.1 deraadt 475: }
476: #endif