Annotation of src/usr.bin/su/su.c, Revision 1.36
1.36 ! millert 1: /* $OpenBSD: su.c,v 1.35 2000/12/02 22:44:49 hin Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
37: char copyright[] =
38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
43: /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
1.36 ! millert 44: static char rcsid[] = "$OpenBSD: su.c,v 1.35 2000/12/02 22:44:49 hin Exp $";
1.1 deraadt 45: #endif /* not lint */
46:
47: #include <sys/param.h>
48: #include <sys/time.h>
49: #include <sys/resource.h>
1.8 millert 50:
51: #include <err.h>
52: #include <errno.h>
53: #include <grp.h>
1.33 millert 54: #include <login_cap.h>
1.8 millert 55: #include <paths.h>
56: #include <pwd.h>
1.1 deraadt 57: #include <stdio.h>
58: #include <stdlib.h>
59: #include <string.h>
1.8 millert 60: #include <syslog.h>
1.1 deraadt 61: #include <unistd.h>
1.36 ! millert 62: #ifdef __STDC__
! 63: #include <stdarg.h>
1.1 deraadt 64: #else
1.36 ! millert 65: #include <varargs.h>
1.1 deraadt 66: #endif
1.36 ! millert 67: #include <bsd_auth.h>
! 68:
! 69: #define ARGSTR "-a:c:fKlm"
1.1 deraadt 70:
1.8 millert 71: char *ontty __P((void));
72: int chshell __P((char *));
1.36 ! millert 73: void usage __P((void));
! 74: void auth_err __P((auth_session_t *, int, const char *, ...));
! 75: void auth_errx __P((auth_session_t *, int, const char *, ...));
1.1 deraadt 76:
77: int
78: main(argc, argv)
79: int argc;
80: char **argv;
81: {
82: extern char **environ;
1.36 ! millert 83: enum { UNSET, YES, NO } iscsh;
! 84: struct passwd *pwd;
1.1 deraadt 85: struct group *gr;
1.9 millert 86: uid_t ruid;
1.33 millert 87: login_cap_t *lc;
1.36 ! millert 88: auth_session_t *as;
! 89: int asme, asthem, authok, ch, fastlogin, prio;
! 90: char *class, *style, *p, **g;
! 91: char *user, *shell, *avshell, *username, **np, *fullname;
1.1 deraadt 92: char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
93:
1.33 millert 94: iscsh = UNSET;
1.36 ! millert 95: class = shell = style = NULL;
1.1 deraadt 96: asme = asthem = fastlogin = 0;
1.18 millert 97: while ((ch = getopt(argc, argv, ARGSTR)) != -1)
1.36 ! millert 98: switch(ch) {
! 99: case 'a':
! 100: if (style)
! 101: usage();
! 102: style = optarg;
1.1 deraadt 103: break;
1.33 millert 104: case 'c':
1.36 ! millert 105: if (class)
! 106: usage();
1.33 millert 107: class = optarg;
108: break;
1.1 deraadt 109: case 'f':
110: fastlogin = 1;
111: break;
1.36 ! millert 112: case 'K':
! 113: if (style)
! 114: usage();
! 115: style = "passwd";
! 116: break;
1.1 deraadt 117: case '-':
118: case 'l':
119: asme = 0;
120: asthem = 1;
121: break;
122: case 'm':
123: asme = 1;
124: asthem = 0;
125: break;
126: case '?':
127: default:
1.36 ! millert 128: usage();
1.1 deraadt 129: }
130: argv += optind;
131:
132: errno = 0;
133: prio = getpriority(PRIO_PROCESS, 0);
134: if (errno)
135: prio = 0;
136: (void)setpriority(PRIO_PROCESS, 0, -2);
137: openlog("su", LOG_CONS, 0);
138:
1.36 ! millert 139: if ((as = auth_open()) == NULL) {
! 140: syslog(LOG_ERR, "auth_open: %m");
! 141: err(1, "unable to begin authentication");
! 142: }
! 143:
1.1 deraadt 144: /* get current login name and shell */
145: ruid = getuid();
146: username = getlogin();
147: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
148: pwd->pw_uid != ruid)
149: pwd = getpwuid(ruid);
1.8 millert 150: if (pwd == NULL)
1.36 ! millert 151: auth_errx(as, 1, "who are you?");
1.9 millert 152: if ((username = strdup(pwd->pw_name)) == NULL)
1.36 ! millert 153: auth_err(as, 1, "can't allocate memory");
1.31 art 154: if (asme) {
1.10 millert 155: if (pwd->pw_shell && *pwd->pw_shell) {
1.36 ! millert 156: strlcpy(shellbuf, pwd->pw_shell, sizeof(shellbuf));
! 157: shell = shellbuf;
1.10 millert 158: } else {
1.1 deraadt 159: shell = _PATH_BSHELL;
160: iscsh = NO;
161: }
1.31 art 162: }
1.1 deraadt 163:
164: /* get target login information, default to root */
165: user = *argv ? *argv : "root";
1.36 ! millert 166: np = *argv ? argv : argv - 1;
1.1 deraadt 167:
1.8 millert 168: if ((pwd = getpwnam(user)) == NULL)
1.36 ! millert 169: auth_errx(as, 1, "unknown login %s", user);
1.16 millert 170: if ((user = strdup(pwd->pw_name)) == NULL)
1.36 ! millert 171: auth_err(as, 1, "can't allocate memory");
1.1 deraadt 172:
1.33 millert 173: /* If the user specified a login class and we are root, use it */
174: if (ruid && class)
1.36 ! millert 175: auth_errx(as, 1, "only the superuser may specify a login class");
1.33 millert 176: if (class)
177: pwd->pw_class = class;
178: if ((lc = login_getclass(pwd->pw_class)) == NULL)
1.36 ! millert 179: auth_errx(as, 1, "no such login class: %s",
1.33 millert 180: class ? class : LOGIN_DEFCLASS);
181:
1.1 deraadt 182: if (ruid) {
1.36 ! millert 183: /*
! 184: * If we are trying to become root and the default style
! 185: * is being used, don't bother to look it up (we might be
! 186: * be su'ing up to fix /etc/login.conf)
! 187: */
! 188: if ((pwd->pw_uid || !style || strcmp(style, LOGIN_DEFSTYLE)) &&
! 189: (style = login_getstyle(lc, style, "auth-su")) == NULL)
! 190: auth_errx(as, 1, "invalid authentication type");
! 191: if (pwd->pw_uid || strcmp(user, "root") != 0)
! 192: fullname = user;
! 193: else {
! 194: if ((fullname =
! 195: malloc(strlen(username) + 6)) == NULL)
! 196: auth_err(as, 1, NULL);
! 197: (void)sprintf(fullname, "%s.root", username);
! 198: }
! 199: /*
! 200: * Let the authentication program know whether they are
! 201: * in group wheel or not (if trying to become super user)
! 202: */
1.3 deraadt 203: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))
1.36 ! millert 204: && gr->gr_mem && *(gr->gr_mem)) {
! 205: for (g = gr->gr_mem; *g; ++g) {
! 206: if (strcmp(username, *g) == 0) {
! 207: auth_setoption(as, "wheel", "yes");
1.1 deraadt 208: break;
1.36 ! millert 209: }
! 210: }
! 211: if (!*g)
! 212: auth_setoption(as, "wheel", "no");
1.1 deraadt 213: }
1.36 ! millert 214:
! 215: auth_verify(as, style, fullname, lc->lc_class, NULL);
! 216: authok = auth_getstate(as);
! 217: if ((authok & AUTH_ALLOW) == 0) {
! 218: if ((p = auth_getvalue(as, "errormsg")) != NULL)
! 219: fprintf(stderr, "%s\n", p);
! 220: fprintf(stderr, "Sorry\n");
! 221: syslog(LOG_AUTH|LOG_WARNING,
! 222: "BAD SU %s to %s%s", username, user, ontty());
! 223: auth_close(as);
! 224: exit(1);
1.1 deraadt 225: }
226: }
227:
228: if (asme) {
229: /* if asme and non-standard target shell, must be root */
1.8 millert 230: if (!chshell(pwd->pw_shell) && ruid)
1.36 ! millert 231: auth_errx(as, 1, "permission denied (shell).");
1.1 deraadt 232: } else if (pwd->pw_shell && *pwd->pw_shell) {
233: shell = pwd->pw_shell;
234: iscsh = UNSET;
235: } else {
236: shell = _PATH_BSHELL;
237: iscsh = NO;
238: }
239:
1.30 deraadt 240: if ((p = strrchr(shell, '/')))
1.1 deraadt 241: avshell = p+1;
242: else
243: avshell = shell;
244:
245: /* if we're forking a csh, we want to slightly muck the args */
246: if (iscsh == UNSET)
247: iscsh = strcmp(avshell, "csh") ? NO : YES;
248:
249: if (!asme) {
250: if (asthem) {
251: p = getenv("TERM");
1.23 deraadt 252: if ((environ = calloc(1, sizeof (char *))) == NULL)
1.36 ! millert 253: auth_errx(as, 1, "calloc");
1.33 millert 254: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH))
1.36 ! millert 255: auth_err(as, 1, "unable to set user context");
! 256: if (p && setenv("TERM", p, 1) == -1)
! 257: auth_err(as, 1, "unable to set environment");
1.5 deraadt 258:
259: seteuid(pwd->pw_uid);
260: setegid(pwd->pw_gid);
1.8 millert 261: if (chdir(pwd->pw_dir) < 0)
1.36 ! millert 262: auth_err(as, 1, "%s", pwd->pw_dir);
1.5 deraadt 263: seteuid(0);
264: setegid(0); /* XXX use a saved gid instead? */
1.33 millert 265: } else if (pwd->pw_uid == 0) {
266: if (setusercontext(lc,
267: pwd, pwd->pw_uid, LOGIN_SETPATH|LOGIN_SETUMASK))
1.36 ! millert 268: auth_err(as, 1, "unable to set user context");
1.1 deraadt 269: }
1.15 millert 270: if (asthem || pwd->pw_uid) {
1.34 deraadt 271: if (setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
272: setenv("USER", pwd->pw_name, 1) == -1)
1.36 ! millert 273: auth_err(as, 1, "unable to set environment");
1.15 millert 274: }
1.34 deraadt 275: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
276: setenv("SHELL", shell, 1) == -1)
1.36 ! millert 277: auth_err(as, 1, "unable to set environment");
1.34 deraadt 278: }
1.28 deraadt 279:
1.1 deraadt 280: if (iscsh == YES) {
281: if (fastlogin)
282: *np-- = "-f";
283: if (asme)
284: *np-- = "-m";
285: }
286:
287: if (asthem) {
288: avshellbuf[0] = '-';
1.36 ! millert 289: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 290: avshell = avshellbuf;
291: } else if (iscsh == YES) {
292: /* csh strips the first character... */
293: avshellbuf[0] = '_';
1.36 ! millert 294: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 295: avshell = avshellbuf;
296: }
297:
298: *np = avshell;
299:
300: if (ruid != 0)
301: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
302: username, user, ontty());
303:
304: (void)setpriority(PRIO_PROCESS, 0, prio);
1.33 millert 305: if (setusercontext(lc, pwd, pwd->pw_uid,
306: (asthem ? (LOGIN_SETPRIORITY | LOGIN_SETUMASK) : 0) |
307: LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETUSER))
1.36 ! millert 308: auth_err(as, 1, "unable to set user context");
! 309: if (pwd->pw_uid && auth_approval(as, lc, pwd->pw_name, "su") <= 0)
! 310: auth_err(as, 1, "approval failure");
! 311: auth_close(as);
1.1 deraadt 312:
313: execv(shell, np);
1.32 millert 314: err(1, "%s", shell);
1.1 deraadt 315: }
316:
317: int
318: chshell(sh)
319: char *sh;
320: {
1.36 ! millert 321: char *cp;
1.1 deraadt 322:
323: while ((cp = getusershell()) != NULL)
1.8 millert 324: if (strcmp(cp, sh) == 0)
1.1 deraadt 325: return (1);
326: return (0);
327: }
328:
329: char *
330: ontty()
331: {
332: static char buf[MAXPATHLEN + 4];
1.36 ! millert 333: char *p;
1.1 deraadt 334:
335: buf[0] = 0;
1.30 deraadt 336: if ((p = ttyname(STDERR_FILENO)))
1.8 millert 337: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 338: return (buf);
339: }
340:
1.36 ! millert 341: void
! 342: usage()
1.1 deraadt 343: {
1.36 ! millert 344: extern char *__progname;
1.1 deraadt 345:
1.36 ! millert 346: (void)fprintf(stderr, "usage: %s [%s] [-a auth-type] %s ",
! 347: "[-c login-class] [login [argument ...]]\n", __progname, ARGSTR);
! 348: exit(1);
1.1 deraadt 349: }
350:
1.36 ! millert 351: void
! 352: #ifdef __STDC__
! 353: auth_err(auth_session_t *as, int eval, const char *fmt, ...)
! 354: #else
! 355: auth_err(va_alist)
! 356: va_dcl
! 357: #endif
1.1 deraadt 358: {
1.36 ! millert 359: va_list ap;
! 360: #ifdef __STDC__
! 361: va_start(ap, fmt);
! 362: #else
! 363: auth_session_t *as;
! 364: int eval;
! 365: const char *fmt;
! 366:
! 367: va_start(ap);
! 368: as = va_arg(ap, auth_session_t *);
! 369: eval = va_arg(ap, int);
! 370: fmt = va_arg(ap, const char *);
! 371: #endif
! 372: verr(eval, fmt, ap);
! 373: auth_close(as);
! 374: va_end(ap);
1.28 deraadt 375: }
376:
1.36 ! millert 377: void
! 378: #ifdef __STDC__
! 379: auth_errx(auth_session_t *as, int eval, const char *fmt, ...)
! 380: #else
! 381: auth_errx(va_alist)
! 382: va_dcl
! 383: #endif
1.28 deraadt 384: {
1.36 ! millert 385: va_list ap;
! 386: #ifdef __STDC__
! 387: va_start(ap, fmt);
! 388: #else
! 389: auth_session_t *as;
! 390: int eval;
! 391: const char *fmt;
! 392:
! 393: va_start(ap);
! 394: as = va_arg(ap, auth_session_t *);
! 395: eval = va_arg(ap, int);
! 396: fmt = va_arg(ap, const char *);
! 397: #endif
! 398: verrx(eval, fmt, ap);
! 399: auth_close(as);
! 400: va_end(ap);
1.1 deraadt 401: }