Annotation of src/usr.bin/su/su.c, Revision 1.47
1.47 ! millert 1: /* $OpenBSD: su.c,v 1.46 2002/07/22 04:51:17 millert Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
1.41 millert 37: static const char copyright[] =
1.1 deraadt 38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
1.41 millert 43: #if 0
44: static const char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";
45: #else
1.47 ! millert 46: static const char rcsid[] = "$OpenBSD: su.c,v 1.46 2002/07/22 04:51:17 millert Exp $";
1.41 millert 47: #endif
1.1 deraadt 48: #endif /* not lint */
49:
50: #include <sys/param.h>
51: #include <sys/time.h>
52: #include <sys/resource.h>
1.8 millert 53:
54: #include <err.h>
55: #include <errno.h>
56: #include <grp.h>
1.33 millert 57: #include <login_cap.h>
1.8 millert 58: #include <paths.h>
59: #include <pwd.h>
1.1 deraadt 60: #include <stdio.h>
61: #include <stdlib.h>
62: #include <string.h>
1.8 millert 63: #include <syslog.h>
1.1 deraadt 64: #include <unistd.h>
1.47 ! millert 65: #include <utmp.h>
1.36 millert 66: #include <stdarg.h>
67: #include <bsd_auth.h>
68:
1.47 ! millert 69: char *getloginname(void);
1.43 millert 70: char *ontty(void);
71: int chshell(char *);
1.47 ! millert 72: int verify_user(char *, struct passwd *, char *, login_cap_t *,
! 73: auth_session_t *);
1.43 millert 74: void usage(void);
75: void auth_err(auth_session_t *, int, const char *, ...);
76: void auth_errx(auth_session_t *, int, const char *, ...);
1.1 deraadt 77:
78: int
1.47 ! millert 79: main(int argc, char **argv)
1.1 deraadt 80: {
1.47 ! millert 81: int asme = 0, asthem = 0, ch, fastlogin = 0, emlogin = 0, prio;
1.45 deraadt 82: char *user, *shell = NULL, *avshell, *username, **np;
1.47 ! millert 83: char *class = NULL, *style = NULL, *p;
1.45 deraadt 84: enum { UNSET, YES, NO } iscsh = UNSET;
85: char avshellbuf[MAXPATHLEN];
1.1 deraadt 86: extern char **environ;
1.45 deraadt 87: auth_session_t *as;
1.36 millert 88: struct passwd *pwd;
1.45 deraadt 89: login_cap_t *lc;
1.9 millert 90: uid_t ruid;
1.1 deraadt 91:
1.47 ! millert 92: while ((ch = getopt(argc, argv, "-a:c:fKLlm")) != -1)
1.45 deraadt 93: switch (ch) {
1.36 millert 94: case 'a':
95: if (style)
96: usage();
97: style = optarg;
1.1 deraadt 98: break;
1.33 millert 99: case 'c':
1.36 millert 100: if (class)
101: usage();
1.33 millert 102: class = optarg;
103: break;
1.1 deraadt 104: case 'f':
105: fastlogin = 1;
106: break;
1.36 millert 107: case 'K':
108: if (style)
109: usage();
110: style = "passwd";
111: break;
1.47 ! millert 112: case 'L':
! 113: emlogin = 1;
! 114: break;
! 115: case 'l':
1.1 deraadt 116: case '-':
117: asme = 0;
118: asthem = 1;
119: break;
120: case 'm':
121: asme = 1;
122: asthem = 0;
123: break;
124: default:
1.36 millert 125: usage();
1.1 deraadt 126: }
127: argv += optind;
128:
129: errno = 0;
130: prio = getpriority(PRIO_PROCESS, 0);
131: if (errno)
132: prio = 0;
133: (void)setpriority(PRIO_PROCESS, 0, -2);
134: openlog("su", LOG_CONS, 0);
135:
1.36 millert 136: if ((as = auth_open()) == NULL) {
137: syslog(LOG_ERR, "auth_open: %m");
1.39 millert 138: err(1, "unable to initialize BSD authentication");
1.36 millert 139: }
1.39 millert 140: auth_setoption(as, "login", "yes");
1.36 millert 141:
1.1 deraadt 142: /* get current login name and shell */
143: ruid = getuid();
144: username = getlogin();
1.40 hin 145:
1.47 ! millert 146: if (ruid && class)
! 147: auth_errx(as, 1, "only the superuser may specify a login class");
! 148:
1.41 millert 149: if (username != NULL)
1.40 hin 150: auth_setoption(as, "invokinguser", username);
151:
1.1 deraadt 152: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
153: pwd->pw_uid != ruid)
154: pwd = getpwuid(ruid);
1.8 millert 155: if (pwd == NULL)
1.36 millert 156: auth_errx(as, 1, "who are you?");
1.9 millert 157: if ((username = strdup(pwd->pw_name)) == NULL)
1.41 millert 158: auth_errx(as, 1, "can't allocate memory");
1.31 art 159: if (asme) {
1.10 millert 160: if (pwd->pw_shell && *pwd->pw_shell) {
1.42 millert 161: if ((shell = strdup(pwd->pw_shell)) == NULL)
162: auth_errx(as, 1, "can't allocate memory");
1.10 millert 163: } else {
1.1 deraadt 164: shell = _PATH_BSHELL;
165: iscsh = NO;
166: }
1.31 art 167: }
1.1 deraadt 168:
1.47 ! millert 169: for (;;) {
! 170: /* get target user, default to root unless in -L mode */
! 171: if (*argv) {
! 172: user = *argv;
! 173: } else if (emlogin) {
! 174: if ((user = getloginname()) == NULL) {
! 175: auth_close(as);
! 176: exit(1);
! 177: }
! 178: } else {
! 179: user = "root";
! 180: }
! 181: /* style may be specified as part of the username */
! 182: if ((p = strchr(user, ':')) != NULL) {
! 183: *p++ = '\0';
! 184: style = p;
! 185: } else
! 186: style = NULL; /* XXX overrides -a flag */
! 187:
1.36 millert 188: /*
1.47 ! millert 189: * Clean and setup our current authentication session.
! 190: * Note that options *are* not cleared.
1.36 millert 191: */
1.47 ! millert 192: auth_clean(as);
! 193: if (auth_setitem(as, AUTHV_INTERACTIVE, "True") != 0 ||
! 194: auth_setitem(as, AUTHV_NAME, user) != 0)
! 195: auth_errx(as, 1, "can't allocate memory");
! 196: if ((user = auth_getitem(as, AUTHV_NAME)) == NULL)
! 197: auth_errx(as, 1, "internal error");
! 198: if (auth_setpwd(as, NULL) || (pwd = auth_getpwd(as)) == NULL) {
! 199: if (emlogin)
! 200: pwd = NULL;
! 201: else
! 202: auth_errx(as, 1, "unknown login %s", user);
1.1 deraadt 203: }
1.36 millert 204:
1.47 ! millert 205: /* If the user specified a login class, use it */
! 206: if (!class && pwd && pwd->pw_class && pwd->pw_class[0] != '\0')
! 207: class = pwd->pw_class;
! 208: if ((lc = login_getclass(class)) == NULL)
! 209: auth_errx(as, 1, "no such login class: %s",
! 210: class ? class : LOGIN_DEFCLASS);
! 211:
! 212: if ((ruid == 0 && !emlogin) ||
! 213: verify_user(username, pwd, style, lc, as) == 0)
! 214: break;
! 215: syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s%s",
! 216: username, user, ontty());
! 217: if (!emlogin) {
1.36 millert 218: fprintf(stderr, "Sorry\n");
219: auth_close(as);
220: exit(1);
1.1 deraadt 221: }
1.47 ! millert 222: fprintf(stderr, "Login incorrect\n");
1.1 deraadt 223: }
224:
225: if (asme) {
226: /* if asme and non-standard target shell, must be root */
1.8 millert 227: if (!chshell(pwd->pw_shell) && ruid)
1.36 millert 228: auth_errx(as, 1, "permission denied (shell).");
1.1 deraadt 229: } else if (pwd->pw_shell && *pwd->pw_shell) {
1.47 ! millert 230: if ((shell = strdup(pwd->pw_shell)) == NULL)
! 231: auth_errx(as, 1, "can't allocate memory");
1.1 deraadt 232: iscsh = UNSET;
233: } else {
234: shell = _PATH_BSHELL;
235: iscsh = NO;
236: }
237:
1.30 deraadt 238: if ((p = strrchr(shell, '/')))
1.1 deraadt 239: avshell = p+1;
240: else
241: avshell = shell;
242:
243: /* if we're forking a csh, we want to slightly muck the args */
244: if (iscsh == UNSET)
245: iscsh = strcmp(avshell, "csh") ? NO : YES;
246:
247: if (!asme) {
248: if (asthem) {
249: p = getenv("TERM");
1.23 deraadt 250: if ((environ = calloc(1, sizeof (char *))) == NULL)
1.36 millert 251: auth_errx(as, 1, "calloc");
1.33 millert 252: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH))
1.36 millert 253: auth_err(as, 1, "unable to set user context");
254: if (p && setenv("TERM", p, 1) == -1)
255: auth_err(as, 1, "unable to set environment");
1.5 deraadt 256:
257: seteuid(pwd->pw_uid);
258: setegid(pwd->pw_gid);
1.8 millert 259: if (chdir(pwd->pw_dir) < 0)
1.36 millert 260: auth_err(as, 1, "%s", pwd->pw_dir);
1.5 deraadt 261: seteuid(0);
262: setegid(0); /* XXX use a saved gid instead? */
1.33 millert 263: } else if (pwd->pw_uid == 0) {
264: if (setusercontext(lc,
265: pwd, pwd->pw_uid, LOGIN_SETPATH|LOGIN_SETUMASK))
1.36 millert 266: auth_err(as, 1, "unable to set user context");
1.1 deraadt 267: }
1.15 millert 268: if (asthem || pwd->pw_uid) {
1.34 deraadt 269: if (setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
270: setenv("USER", pwd->pw_name, 1) == -1)
1.36 millert 271: auth_err(as, 1, "unable to set environment");
1.15 millert 272: }
1.34 deraadt 273: if (setenv("HOME", pwd->pw_dir, 1) == -1 ||
274: setenv("SHELL", shell, 1) == -1)
1.36 millert 275: auth_err(as, 1, "unable to set environment");
1.34 deraadt 276: }
1.28 deraadt 277:
1.47 ! millert 278: np = *argv ? argv : argv - 1;
1.1 deraadt 279: if (iscsh == YES) {
280: if (fastlogin)
281: *np-- = "-f";
282: if (asme)
283: *np-- = "-m";
284: }
285:
286: if (asthem) {
287: avshellbuf[0] = '-';
1.36 millert 288: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 289: avshell = avshellbuf;
290: } else if (iscsh == YES) {
291: /* csh strips the first character... */
292: avshellbuf[0] = '_';
1.36 millert 293: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 294: avshell = avshellbuf;
295: }
1.45 deraadt 296:
1.1 deraadt 297: *np = avshell;
298:
299: if (ruid != 0)
300: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
301: username, user, ontty());
302:
303: (void)setpriority(PRIO_PROCESS, 0, prio);
1.33 millert 304: if (setusercontext(lc, pwd, pwd->pw_uid,
305: (asthem ? (LOGIN_SETPRIORITY | LOGIN_SETUMASK) : 0) |
306: LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETUSER))
1.36 millert 307: auth_err(as, 1, "unable to set user context");
308: if (pwd->pw_uid && auth_approval(as, lc, pwd->pw_name, "su") <= 0)
309: auth_err(as, 1, "approval failure");
310: auth_close(as);
1.1 deraadt 311:
312: execv(shell, np);
1.32 millert 313: err(1, "%s", shell);
1.1 deraadt 314: }
315:
316: int
1.47 ! millert 317: verify_user(char *from, struct passwd *pwd, char *style,
! 318: login_cap_t *lc, auth_session_t *as)
! 319: {
! 320: struct group *gr;
! 321: char **g, *cp;
! 322: int authok;
! 323:
! 324: /*
! 325: * If we are trying to become root and the default style
! 326: * is being used, don't bother to look it up (we might be
! 327: * be su'ing up to fix /etc/login.conf)
! 328: */
! 329: if ((pwd == NULL || pwd->pw_uid != 0 || style == NULL ||
! 330: strcmp(style, LOGIN_DEFSTYLE) != 0) &&
! 331: (style = login_getstyle(lc, style, "auth-su")) == NULL)
! 332: auth_errx(as, 1, "invalid authentication type");
! 333:
! 334: /*
! 335: * Let the authentication program know whether they are
! 336: * in group wheel or not (if trying to become super user)
! 337: */
! 338: if (pwd != NULL && pwd->pw_uid == 0 && (gr = getgrgid(0)) != NULL &&
! 339: gr->gr_mem != NULL && *(gr->gr_mem) != NULL) {
! 340: for (g = gr->gr_mem; *g; ++g) {
! 341: if (strcmp(from, *g) == 0) {
! 342: auth_setoption(as, "wheel", "yes");
! 343: break;
! 344: }
! 345: }
! 346: if (!*g)
! 347: auth_setoption(as, "wheel", "no");
! 348: }
! 349:
! 350: auth_verify(as, style, NULL, lc->lc_class, (char *)NULL);
! 351: authok = auth_getstate(as);
! 352: if ((authok & AUTH_ALLOW) == 0) {
! 353: if ((cp = auth_getvalue(as, "errormsg")) != NULL)
! 354: fprintf(stderr, "%s\n", cp);
! 355: return(1);
! 356: }
! 357: return(0);
! 358: }
! 359:
! 360: int
! 361: chshell(char *sh)
1.1 deraadt 362: {
1.36 millert 363: char *cp;
1.1 deraadt 364:
365: while ((cp = getusershell()) != NULL)
1.8 millert 366: if (strcmp(cp, sh) == 0)
1.1 deraadt 367: return (1);
368: return (0);
369: }
370:
371: char *
1.47 ! millert 372: ontty(void)
1.1 deraadt 373: {
374: static char buf[MAXPATHLEN + 4];
1.36 millert 375: char *p;
1.1 deraadt 376:
377: buf[0] = 0;
1.30 deraadt 378: if ((p = ttyname(STDERR_FILENO)))
1.8 millert 379: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 380: return (buf);
381: }
382:
1.47 ! millert 383: /*
! 384: * Allow for a '.' and 16 characters for any instance as well as
! 385: * space for a ':' and 16 charcters defining the authentication type.
! 386: */
! 387: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
! 388:
! 389: char *
! 390: getloginname(void)
! 391: {
! 392: static char nbuf[NBUFSIZ], *p;
! 393: int ch;
! 394:
! 395: for (;;) {
! 396: (void)printf("login: ");
! 397: for (p = nbuf; (ch = getchar()) != '\n'; ) {
! 398: if (ch == EOF)
! 399: return (NULL);
! 400: if (p < nbuf + (NBUFSIZ - 1))
! 401: *p++ = ch;
! 402: }
! 403: if (p > nbuf) {
! 404: if (nbuf[0] == '-') {
! 405: (void)fprintf(stderr,
! 406: "login names may not start with '-'.\n");
! 407: } else {
! 408: *p = '\0';
! 409: break;
! 410: }
! 411: }
! 412: }
! 413: return (nbuf);
! 414: }
! 415:
1.36 millert 416: void
1.47 ! millert 417: usage(void)
1.1 deraadt 418: {
1.36 millert 419: extern char *__progname;
1.1 deraadt 420:
1.47 ! millert 421: fprintf(stderr, "usage: %s [-fKLlm] [-a auth-type] [-c login-class] "
! 422: "[login [shell arguments]]\n", __progname);
1.36 millert 423: exit(1);
1.1 deraadt 424: }
425:
1.36 millert 426: void
427: auth_err(auth_session_t *as, int eval, const char *fmt, ...)
1.1 deraadt 428: {
1.36 millert 429: va_list ap;
1.46 millert 430:
1.36 millert 431: va_start(ap, fmt);
1.46 millert 432: vwarn(fmt, ap);
433: va_end(ap);
1.36 millert 434: auth_close(as);
1.46 millert 435: exit(eval);
1.28 deraadt 436: }
437:
1.36 millert 438: void
439: auth_errx(auth_session_t *as, int eval, const char *fmt, ...)
1.28 deraadt 440: {
1.36 millert 441: va_list ap;
1.46 millert 442:
1.36 millert 443: va_start(ap, fmt);
1.46 millert 444: vwarnx(fmt, ap);
445: va_end(ap);
1.36 millert 446: auth_close(as);
1.46 millert 447: exit(eval);
1.1 deraadt 448: }