Annotation of src/usr.bin/su/su.c, Revision 1.46
1.46 ! millert 1: /* $OpenBSD: su.c,v 1.45 2002/05/29 10:47:10 deraadt Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
1.41 millert 37: static const char copyright[] =
1.1 deraadt 38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
1.41 millert 43: #if 0
44: static const char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";
45: #else
1.46 ! millert 46: static const char rcsid[] = "$OpenBSD: su.c,v 1.45 2002/05/29 10:47:10 deraadt Exp $";
1.41 millert 47: #endif
1.1 deraadt 48: #endif /* not lint */
49:
50: #include <sys/param.h>
51: #include <sys/time.h>
52: #include <sys/resource.h>
1.8 millert 53:
54: #include <err.h>
55: #include <errno.h>
56: #include <grp.h>
1.33 millert 57: #include <login_cap.h>
1.8 millert 58: #include <paths.h>
59: #include <pwd.h>
1.1 deraadt 60: #include <stdio.h>
61: #include <stdlib.h>
62: #include <string.h>
1.8 millert 63: #include <syslog.h>
1.1 deraadt 64: #include <unistd.h>
1.36 millert 65: #include <stdarg.h>
66: #include <bsd_auth.h>
67:
1.43 millert 68: char *ontty(void);
69: int chshell(char *);
70: void usage(void);
71: void auth_err(auth_session_t *, int, const char *, ...);
72: void auth_errx(auth_session_t *, int, const char *, ...);
1.1 deraadt 73:
74: int
75: main(argc, argv)
76: int argc;
77: char **argv;
78: {
1.45 deraadt 79: int asme = 0, asthem = 0, authok, ch, fastlogin = 0, prio;
80: char *user, *shell = NULL, *avshell, *username, **np;
81: char *class = NULL, *style = NULL, *p, **g, *fullname;
82: enum { UNSET, YES, NO } iscsh = UNSET;
83: char avshellbuf[MAXPATHLEN];
1.1 deraadt 84: extern char **environ;
1.45 deraadt 85: auth_session_t *as;
1.36 millert 86: struct passwd *pwd;
1.1 deraadt 87: struct group *gr;
1.45 deraadt 88: login_cap_t *lc;
1.9 millert 89: uid_t ruid;
1.1 deraadt 90:
1.37 millert 91: while ((ch = getopt(argc, argv, "-a:c:fKlm")) != -1)
1.45 deraadt 92: switch (ch) {
1.36 millert 93: case 'a':
94: if (style)
95: usage();
96: style = optarg;
1.1 deraadt 97: break;
1.33 millert 98: case 'c':
1.36 millert 99: if (class)
100: usage();
1.33 millert 101: class = optarg;
102: break;
1.1 deraadt 103: case 'f':
104: fastlogin = 1;
105: break;
1.36 millert 106: case 'K':
107: if (style)
108: usage();
109: style = "passwd";
110: break;
1.1 deraadt 111: case '-':
112: case 'l':
113: asme = 0;
114: asthem = 1;
115: break;
116: case 'm':
117: asme = 1;
118: asthem = 0;
119: break;
120: default:
1.36 millert 121: usage();
1.1 deraadt 122: }
123: argv += optind;
124:
125: errno = 0;
126: prio = getpriority(PRIO_PROCESS, 0);
127: if (errno)
128: prio = 0;
129: (void)setpriority(PRIO_PROCESS, 0, -2);
130: openlog("su", LOG_CONS, 0);
131:
1.36 millert 132: if ((as = auth_open()) == NULL) {
133: syslog(LOG_ERR, "auth_open: %m");
1.39 millert 134: err(1, "unable to initialize BSD authentication");
1.36 millert 135: }
1.39 millert 136: auth_setoption(as, "login", "yes");
1.36 millert 137:
1.1 deraadt 138: /* get current login name and shell */
139: ruid = getuid();
140: username = getlogin();
1.40 hin 141:
1.41 millert 142: if (username != NULL)
1.40 hin 143: auth_setoption(as, "invokinguser", username);
144:
1.1 deraadt 145: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
146: pwd->pw_uid != ruid)
147: pwd = getpwuid(ruid);
1.8 millert 148: if (pwd == NULL)
1.36 millert 149: auth_errx(as, 1, "who are you?");
1.9 millert 150: if ((username = strdup(pwd->pw_name)) == NULL)
1.41 millert 151: auth_errx(as, 1, "can't allocate memory");
1.31 art 152: if (asme) {
1.10 millert 153: if (pwd->pw_shell && *pwd->pw_shell) {
1.42 millert 154: if ((shell = strdup(pwd->pw_shell)) == NULL)
155: auth_errx(as, 1, "can't allocate memory");
1.10 millert 156: } else {
1.1 deraadt 157: shell = _PATH_BSHELL;
158: iscsh = NO;
159: }
1.31 art 160: }
1.1 deraadt 161:
162: /* get target login information, default to root */
163: user = *argv ? *argv : "root";
1.36 millert 164: np = *argv ? argv : argv - 1;
1.1 deraadt 165:
1.8 millert 166: if ((pwd = getpwnam(user)) == NULL)
1.36 millert 167: auth_errx(as, 1, "unknown login %s", user);
1.41 millert 168: if ((pwd = pw_dup(pwd)) == NULL)
169: auth_errx(as, 1, "can't allocate memory");
170: user = pwd->pw_name;
1.1 deraadt 171:
1.33 millert 172: /* If the user specified a login class and we are root, use it */
173: if (ruid && class)
1.36 millert 174: auth_errx(as, 1, "only the superuser may specify a login class");
1.33 millert 175: if (class)
176: pwd->pw_class = class;
177: if ((lc = login_getclass(pwd->pw_class)) == NULL)
1.36 millert 178: auth_errx(as, 1, "no such login class: %s",
1.33 millert 179: class ? class : LOGIN_DEFCLASS);
180:
1.1 deraadt 181: if (ruid) {
1.36 millert 182: /*
183: * If we are trying to become root and the default style
184: * is being used, don't bother to look it up (we might be
185: * be su'ing up to fix /etc/login.conf)
186: */
187: if ((pwd->pw_uid || !style || strcmp(style, LOGIN_DEFSTYLE)) &&
188: (style = login_getstyle(lc, style, "auth-su")) == NULL)
189: auth_errx(as, 1, "invalid authentication type");
1.40 hin 190: fullname = user;
1.36 millert 191: /*
192: * Let the authentication program know whether they are
193: * in group wheel or not (if trying to become super user)
194: */
1.45 deraadt 195: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)) &&
196: gr->gr_mem && *(gr->gr_mem)) {
1.36 millert 197: for (g = gr->gr_mem; *g; ++g) {
198: if (strcmp(username, *g) == 0) {
199: auth_setoption(as, "wheel", "yes");
1.1 deraadt 200: break;
1.36 millert 201: }
202: }
203: if (!*g)
204: auth_setoption(as, "wheel", "no");
1.1 deraadt 205: }
1.36 millert 206:
207: auth_verify(as, style, fullname, lc->lc_class, NULL);
208: authok = auth_getstate(as);
209: if ((authok & AUTH_ALLOW) == 0) {
210: if ((p = auth_getvalue(as, "errormsg")) != NULL)
211: fprintf(stderr, "%s\n", p);
212: fprintf(stderr, "Sorry\n");
1.45 deraadt 213: syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s%s",
214: username, user, ontty());
1.36 millert 215: auth_close(as);
216: exit(1);
1.1 deraadt 217: }
218: }
219:
220: if (asme) {
221: /* if asme and non-standard target shell, must be root */
1.8 millert 222: if (!chshell(pwd->pw_shell) && ruid)
1.36 millert 223: auth_errx(as, 1, "permission denied (shell).");
1.1 deraadt 224: } else if (pwd->pw_shell && *pwd->pw_shell) {
225: shell = pwd->pw_shell;
226: iscsh = UNSET;
227: } else {
228: shell = _PATH_BSHELL;
229: iscsh = NO;
230: }
231:
1.30 deraadt 232: if ((p = strrchr(shell, '/')))
1.1 deraadt 233: avshell = p+1;
234: else
235: avshell = shell;
236:
237: /* if we're forking a csh, we want to slightly muck the args */
238: if (iscsh == UNSET)
239: iscsh = strcmp(avshell, "csh") ? NO : YES;
240:
241: if (!asme) {
242: if (asthem) {
243: p = getenv("TERM");
1.23 deraadt 244: if ((environ = calloc(1, sizeof (char *))) == NULL)
1.36 millert 245: auth_errx(as, 1, "calloc");
1.33 millert 246: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH))
1.36 millert 247: auth_err(as, 1, "unable to set user context");
248: if (p && setenv("TERM", p, 1) == -1)
249: auth_err(as, 1, "unable to set environment");
1.5 deraadt 250:
251: seteuid(pwd->pw_uid);
252: setegid(pwd->pw_gid);
1.8 millert 253: if (chdir(pwd->pw_dir) < 0)
1.36 millert 254: auth_err(as, 1, "%s", pwd->pw_dir);
1.5 deraadt 255: seteuid(0);
256: setegid(0); /* XXX use a saved gid instead? */
1.33 millert 257: } else if (pwd->pw_uid == 0) {
258: if (setusercontext(lc,
259: pwd, pwd->pw_uid, LOGIN_SETPATH|LOGIN_SETUMASK))
1.36 millert 260: auth_err(as, 1, "unable to set user context");
1.1 deraadt 261: }
1.15 millert 262: if (asthem || pwd->pw_uid) {
1.34 deraadt 263: if (setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
264: setenv("USER", pwd->pw_name, 1) == -1)
1.36 millert 265: auth_err(as, 1, "unable to set environment");
1.15 millert 266: }
1.34 deraadt 267: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
268: setenv("SHELL", shell, 1) == -1)
1.36 millert 269: auth_err(as, 1, "unable to set environment");
1.34 deraadt 270: }
1.28 deraadt 271:
1.1 deraadt 272: if (iscsh == YES) {
273: if (fastlogin)
274: *np-- = "-f";
275: if (asme)
276: *np-- = "-m";
277: }
278:
279: if (asthem) {
280: avshellbuf[0] = '-';
1.36 millert 281: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 282: avshell = avshellbuf;
283: } else if (iscsh == YES) {
284: /* csh strips the first character... */
285: avshellbuf[0] = '_';
1.36 millert 286: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 287: avshell = avshellbuf;
288: }
1.45 deraadt 289:
1.1 deraadt 290: *np = avshell;
291:
292: if (ruid != 0)
293: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
294: username, user, ontty());
295:
296: (void)setpriority(PRIO_PROCESS, 0, prio);
1.33 millert 297: if (setusercontext(lc, pwd, pwd->pw_uid,
298: (asthem ? (LOGIN_SETPRIORITY | LOGIN_SETUMASK) : 0) |
299: LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETUSER))
1.36 millert 300: auth_err(as, 1, "unable to set user context");
301: if (pwd->pw_uid && auth_approval(as, lc, pwd->pw_name, "su") <= 0)
302: auth_err(as, 1, "approval failure");
303: auth_close(as);
1.1 deraadt 304:
305: execv(shell, np);
1.32 millert 306: err(1, "%s", shell);
1.1 deraadt 307: }
308:
309: int
310: chshell(sh)
311: char *sh;
312: {
1.36 millert 313: char *cp;
1.1 deraadt 314:
315: while ((cp = getusershell()) != NULL)
1.8 millert 316: if (strcmp(cp, sh) == 0)
1.1 deraadt 317: return (1);
318: return (0);
319: }
320:
321: char *
322: ontty()
323: {
324: static char buf[MAXPATHLEN + 4];
1.36 millert 325: char *p;
1.1 deraadt 326:
327: buf[0] = 0;
1.30 deraadt 328: if ((p = ttyname(STDERR_FILENO)))
1.8 millert 329: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 330: return (buf);
331: }
332:
1.36 millert 333: void
334: usage()
1.1 deraadt 335: {
1.36 millert 336: extern char *__progname;
1.1 deraadt 337:
1.37 millert 338: fprintf(stderr, "usage: %s [-fKlm] [-a auth-type] %s ", __progname,
1.38 millert 339: "[-c login-class] [login [shell arguments]]\n");
1.36 millert 340: exit(1);
1.1 deraadt 341: }
342:
1.36 millert 343: void
344: auth_err(auth_session_t *as, int eval, const char *fmt, ...)
1.1 deraadt 345: {
1.36 millert 346: va_list ap;
1.46 ! millert 347:
1.36 millert 348: va_start(ap, fmt);
1.46 ! millert 349: vwarn(fmt, ap);
! 350: va_end(ap);
1.36 millert 351: auth_close(as);
1.46 ! millert 352: exit(eval);
1.28 deraadt 353: }
354:
1.36 millert 355: void
356: auth_errx(auth_session_t *as, int eval, const char *fmt, ...)
1.28 deraadt 357: {
1.36 millert 358: va_list ap;
1.46 ! millert 359:
1.36 millert 360: va_start(ap, fmt);
1.46 ! millert 361: vwarnx(fmt, ap);
! 362: va_end(ap);
1.36 millert 363: auth_close(as);
1.46 ! millert 364: exit(eval);
1.1 deraadt 365: }