Annotation of src/usr.bin/su/su.c, Revision 1.39
1.39 ! millert 1: /* $OpenBSD: su.c,v 1.38 2001/05/31 18:41:16 millert Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
37: char copyright[] =
38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
43: /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
1.39 ! millert 44: static char rcsid[] = "$OpenBSD: su.c,v 1.38 2001/05/31 18:41:16 millert Exp $";
1.1 deraadt 45: #endif /* not lint */
46:
47: #include <sys/param.h>
48: #include <sys/time.h>
49: #include <sys/resource.h>
1.8 millert 50:
51: #include <err.h>
52: #include <errno.h>
53: #include <grp.h>
1.33 millert 54: #include <login_cap.h>
1.8 millert 55: #include <paths.h>
56: #include <pwd.h>
1.1 deraadt 57: #include <stdio.h>
58: #include <stdlib.h>
59: #include <string.h>
1.8 millert 60: #include <syslog.h>
1.1 deraadt 61: #include <unistd.h>
1.36 millert 62: #ifdef __STDC__
63: #include <stdarg.h>
1.1 deraadt 64: #else
1.36 millert 65: #include <varargs.h>
1.1 deraadt 66: #endif
1.36 millert 67: #include <bsd_auth.h>
68:
1.8 millert 69: char *ontty __P((void));
70: int chshell __P((char *));
1.36 millert 71: void usage __P((void));
72: void auth_err __P((auth_session_t *, int, const char *, ...));
73: void auth_errx __P((auth_session_t *, int, const char *, ...));
1.1 deraadt 74:
75: int
76: main(argc, argv)
77: int argc;
78: char **argv;
79: {
80: extern char **environ;
1.36 millert 81: enum { UNSET, YES, NO } iscsh;
82: struct passwd *pwd;
1.1 deraadt 83: struct group *gr;
1.9 millert 84: uid_t ruid;
1.33 millert 85: login_cap_t *lc;
1.36 millert 86: auth_session_t *as;
87: int asme, asthem, authok, ch, fastlogin, prio;
88: char *class, *style, *p, **g;
89: char *user, *shell, *avshell, *username, **np, *fullname;
1.1 deraadt 90: char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
91:
1.33 millert 92: iscsh = UNSET;
1.36 millert 93: class = shell = style = NULL;
1.1 deraadt 94: asme = asthem = fastlogin = 0;
1.37 millert 95: while ((ch = getopt(argc, argv, "-a:c:fKlm")) != -1)
1.36 millert 96: switch(ch) {
97: case 'a':
98: if (style)
99: usage();
100: style = optarg;
1.1 deraadt 101: break;
1.33 millert 102: case 'c':
1.36 millert 103: if (class)
104: usage();
1.33 millert 105: class = optarg;
106: break;
1.1 deraadt 107: case 'f':
108: fastlogin = 1;
109: break;
1.36 millert 110: case 'K':
111: if (style)
112: usage();
113: style = "passwd";
114: break;
1.1 deraadt 115: case '-':
116: case 'l':
117: asme = 0;
118: asthem = 1;
119: break;
120: case 'm':
121: asme = 1;
122: asthem = 0;
123: break;
124: case '?':
125: default:
1.36 millert 126: usage();
1.1 deraadt 127: }
128: argv += optind;
129:
130: errno = 0;
131: prio = getpriority(PRIO_PROCESS, 0);
132: if (errno)
133: prio = 0;
134: (void)setpriority(PRIO_PROCESS, 0, -2);
135: openlog("su", LOG_CONS, 0);
136:
1.36 millert 137: if ((as = auth_open()) == NULL) {
138: syslog(LOG_ERR, "auth_open: %m");
1.39 ! millert 139: err(1, "unable to initialize BSD authentication");
1.36 millert 140: }
1.39 ! millert 141: auth_setoption(as, "login", "yes");
1.36 millert 142:
1.1 deraadt 143: /* get current login name and shell */
144: ruid = getuid();
145: username = getlogin();
146: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
147: pwd->pw_uid != ruid)
148: pwd = getpwuid(ruid);
1.8 millert 149: if (pwd == NULL)
1.36 millert 150: auth_errx(as, 1, "who are you?");
1.9 millert 151: if ((username = strdup(pwd->pw_name)) == NULL)
1.36 millert 152: auth_err(as, 1, "can't allocate memory");
1.31 art 153: if (asme) {
1.10 millert 154: if (pwd->pw_shell && *pwd->pw_shell) {
1.36 millert 155: strlcpy(shellbuf, pwd->pw_shell, sizeof(shellbuf));
156: shell = shellbuf;
1.10 millert 157: } else {
1.1 deraadt 158: shell = _PATH_BSHELL;
159: iscsh = NO;
160: }
1.31 art 161: }
1.1 deraadt 162:
163: /* get target login information, default to root */
164: user = *argv ? *argv : "root";
1.36 millert 165: np = *argv ? argv : argv - 1;
1.1 deraadt 166:
1.8 millert 167: if ((pwd = getpwnam(user)) == NULL)
1.36 millert 168: auth_errx(as, 1, "unknown login %s", user);
1.16 millert 169: if ((user = strdup(pwd->pw_name)) == NULL)
1.36 millert 170: auth_err(as, 1, "can't allocate memory");
1.1 deraadt 171:
1.33 millert 172: /* If the user specified a login class and we are root, use it */
173: if (ruid && class)
1.36 millert 174: auth_errx(as, 1, "only the superuser may specify a login class");
1.33 millert 175: if (class)
176: pwd->pw_class = class;
177: if ((lc = login_getclass(pwd->pw_class)) == NULL)
1.36 millert 178: auth_errx(as, 1, "no such login class: %s",
1.33 millert 179: class ? class : LOGIN_DEFCLASS);
180:
1.1 deraadt 181: if (ruid) {
1.36 millert 182: /*
183: * If we are trying to become root and the default style
184: * is being used, don't bother to look it up (we might be
185: * be su'ing up to fix /etc/login.conf)
186: */
187: if ((pwd->pw_uid || !style || strcmp(style, LOGIN_DEFSTYLE)) &&
188: (style = login_getstyle(lc, style, "auth-su")) == NULL)
189: auth_errx(as, 1, "invalid authentication type");
190: if (pwd->pw_uid || strcmp(user, "root") != 0)
191: fullname = user;
192: else {
193: if ((fullname =
194: malloc(strlen(username) + 6)) == NULL)
195: auth_err(as, 1, NULL);
196: (void)sprintf(fullname, "%s.root", username);
197: }
198: /*
199: * Let the authentication program know whether they are
200: * in group wheel or not (if trying to become super user)
201: */
1.3 deraadt 202: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))
1.36 millert 203: && gr->gr_mem && *(gr->gr_mem)) {
204: for (g = gr->gr_mem; *g; ++g) {
205: if (strcmp(username, *g) == 0) {
206: auth_setoption(as, "wheel", "yes");
1.1 deraadt 207: break;
1.36 millert 208: }
209: }
210: if (!*g)
211: auth_setoption(as, "wheel", "no");
1.1 deraadt 212: }
1.36 millert 213:
214: auth_verify(as, style, fullname, lc->lc_class, NULL);
215: authok = auth_getstate(as);
216: if ((authok & AUTH_ALLOW) == 0) {
217: if ((p = auth_getvalue(as, "errormsg")) != NULL)
218: fprintf(stderr, "%s\n", p);
219: fprintf(stderr, "Sorry\n");
220: syslog(LOG_AUTH|LOG_WARNING,
221: "BAD SU %s to %s%s", username, user, ontty());
222: auth_close(as);
223: exit(1);
1.1 deraadt 224: }
225: }
226:
227: if (asme) {
228: /* if asme and non-standard target shell, must be root */
1.8 millert 229: if (!chshell(pwd->pw_shell) && ruid)
1.36 millert 230: auth_errx(as, 1, "permission denied (shell).");
1.1 deraadt 231: } else if (pwd->pw_shell && *pwd->pw_shell) {
232: shell = pwd->pw_shell;
233: iscsh = UNSET;
234: } else {
235: shell = _PATH_BSHELL;
236: iscsh = NO;
237: }
238:
1.30 deraadt 239: if ((p = strrchr(shell, '/')))
1.1 deraadt 240: avshell = p+1;
241: else
242: avshell = shell;
243:
244: /* if we're forking a csh, we want to slightly muck the args */
245: if (iscsh == UNSET)
246: iscsh = strcmp(avshell, "csh") ? NO : YES;
247:
248: if (!asme) {
249: if (asthem) {
250: p = getenv("TERM");
1.23 deraadt 251: if ((environ = calloc(1, sizeof (char *))) == NULL)
1.36 millert 252: auth_errx(as, 1, "calloc");
1.33 millert 253: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH))
1.36 millert 254: auth_err(as, 1, "unable to set user context");
255: if (p && setenv("TERM", p, 1) == -1)
256: auth_err(as, 1, "unable to set environment");
1.5 deraadt 257:
258: seteuid(pwd->pw_uid);
259: setegid(pwd->pw_gid);
1.8 millert 260: if (chdir(pwd->pw_dir) < 0)
1.36 millert 261: auth_err(as, 1, "%s", pwd->pw_dir);
1.5 deraadt 262: seteuid(0);
263: setegid(0); /* XXX use a saved gid instead? */
1.33 millert 264: } else if (pwd->pw_uid == 0) {
265: if (setusercontext(lc,
266: pwd, pwd->pw_uid, LOGIN_SETPATH|LOGIN_SETUMASK))
1.36 millert 267: auth_err(as, 1, "unable to set user context");
1.1 deraadt 268: }
1.15 millert 269: if (asthem || pwd->pw_uid) {
1.34 deraadt 270: if (setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
271: setenv("USER", pwd->pw_name, 1) == -1)
1.36 millert 272: auth_err(as, 1, "unable to set environment");
1.15 millert 273: }
1.34 deraadt 274: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
275: setenv("SHELL", shell, 1) == -1)
1.36 millert 276: auth_err(as, 1, "unable to set environment");
1.34 deraadt 277: }
1.28 deraadt 278:
1.1 deraadt 279: if (iscsh == YES) {
280: if (fastlogin)
281: *np-- = "-f";
282: if (asme)
283: *np-- = "-m";
284: }
285:
286: if (asthem) {
287: avshellbuf[0] = '-';
1.36 millert 288: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 289: avshell = avshellbuf;
290: } else if (iscsh == YES) {
291: /* csh strips the first character... */
292: avshellbuf[0] = '_';
1.36 millert 293: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 294: avshell = avshellbuf;
295: }
296:
297: *np = avshell;
298:
299: if (ruid != 0)
300: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
301: username, user, ontty());
302:
303: (void)setpriority(PRIO_PROCESS, 0, prio);
1.33 millert 304: if (setusercontext(lc, pwd, pwd->pw_uid,
305: (asthem ? (LOGIN_SETPRIORITY | LOGIN_SETUMASK) : 0) |
306: LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETUSER))
1.36 millert 307: auth_err(as, 1, "unable to set user context");
308: if (pwd->pw_uid && auth_approval(as, lc, pwd->pw_name, "su") <= 0)
309: auth_err(as, 1, "approval failure");
310: auth_close(as);
1.1 deraadt 311:
312: execv(shell, np);
1.32 millert 313: err(1, "%s", shell);
1.1 deraadt 314: }
315:
316: int
317: chshell(sh)
318: char *sh;
319: {
1.36 millert 320: char *cp;
1.1 deraadt 321:
322: while ((cp = getusershell()) != NULL)
1.8 millert 323: if (strcmp(cp, sh) == 0)
1.1 deraadt 324: return (1);
325: return (0);
326: }
327:
328: char *
329: ontty()
330: {
331: static char buf[MAXPATHLEN + 4];
1.36 millert 332: char *p;
1.1 deraadt 333:
334: buf[0] = 0;
1.30 deraadt 335: if ((p = ttyname(STDERR_FILENO)))
1.8 millert 336: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 337: return (buf);
338: }
339:
1.36 millert 340: void
341: usage()
1.1 deraadt 342: {
1.36 millert 343: extern char *__progname;
1.1 deraadt 344:
1.37 millert 345: fprintf(stderr, "usage: %s [-fKlm] [-a auth-type] %s ", __progname,
1.38 millert 346: "[-c login-class] [login [shell arguments]]\n");
1.36 millert 347: exit(1);
1.1 deraadt 348: }
349:
1.36 millert 350: void
351: #ifdef __STDC__
352: auth_err(auth_session_t *as, int eval, const char *fmt, ...)
353: #else
354: auth_err(va_alist)
355: va_dcl
356: #endif
1.1 deraadt 357: {
1.36 millert 358: va_list ap;
359: #ifdef __STDC__
360: va_start(ap, fmt);
361: #else
362: auth_session_t *as;
363: int eval;
364: const char *fmt;
365:
366: va_start(ap);
367: as = va_arg(ap, auth_session_t *);
368: eval = va_arg(ap, int);
369: fmt = va_arg(ap, const char *);
370: #endif
371: verr(eval, fmt, ap);
372: auth_close(as);
373: va_end(ap);
1.28 deraadt 374: }
375:
1.36 millert 376: void
377: #ifdef __STDC__
378: auth_errx(auth_session_t *as, int eval, const char *fmt, ...)
379: #else
380: auth_errx(va_alist)
381: va_dcl
382: #endif
1.28 deraadt 383: {
1.36 millert 384: va_list ap;
385: #ifdef __STDC__
386: va_start(ap, fmt);
387: #else
388: auth_session_t *as;
389: int eval;
390: const char *fmt;
391:
392: va_start(ap);
393: as = va_arg(ap, auth_session_t *);
394: eval = va_arg(ap, int);
395: fmt = va_arg(ap, const char *);
396: #endif
397: verrx(eval, fmt, ap);
398: auth_close(as);
399: va_end(ap);
1.1 deraadt 400: }