Annotation of src/usr.bin/su/su.c, Revision 1.65
1.65 ! robert 1: /* $OpenBSD: su.c,v 1.64 2010/12/13 14:46:19 millert Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
1.52 millert 15: * 3. Neither the name of the University nor the names of its contributors
1.1 deraadt 16: * may be used to endorse or promote products derived from this software
17: * without specific prior written permission.
18: *
19: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
20: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
23: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29: * SUCH DAMAGE.
30: */
31:
32: #include <sys/param.h>
33: #include <sys/time.h>
34: #include <sys/resource.h>
1.8 millert 35:
36: #include <err.h>
37: #include <errno.h>
38: #include <grp.h>
1.33 millert 39: #include <login_cap.h>
1.8 millert 40: #include <paths.h>
41: #include <pwd.h>
1.1 deraadt 42: #include <stdio.h>
43: #include <stdlib.h>
44: #include <string.h>
1.8 millert 45: #include <syslog.h>
1.1 deraadt 46: #include <unistd.h>
1.47 millert 47: #include <utmp.h>
1.36 millert 48: #include <stdarg.h>
49: #include <bsd_auth.h>
50:
1.47 millert 51: char *getloginname(void);
1.43 millert 52: char *ontty(void);
1.53 millert 53: int chshell(const char *);
1.47 millert 54: int verify_user(char *, struct passwd *, char *, login_cap_t *,
55: auth_session_t *);
1.43 millert 56: void usage(void);
57: void auth_err(auth_session_t *, int, const char *, ...);
58: void auth_errx(auth_session_t *, int, const char *, ...);
1.1 deraadt 59:
60: int
1.47 millert 61: main(int argc, char **argv)
1.1 deraadt 62: {
1.54 deraadt 63: int asme = 0, asthem = 0, ch, fastlogin = 0, emlogin = 0, prio;
1.65 ! robert 64: int altshell = 0, homeless = 0;
1.45 deraadt 65: char *user, *shell = NULL, *avshell, *username, **np;
1.47 millert 66: char *class = NULL, *style = NULL, *p;
1.45 deraadt 67: enum { UNSET, YES, NO } iscsh = UNSET;
68: char avshellbuf[MAXPATHLEN];
1.1 deraadt 69: extern char **environ;
1.45 deraadt 70: auth_session_t *as;
1.36 millert 71: struct passwd *pwd;
1.45 deraadt 72: login_cap_t *lc;
1.9 millert 73: uid_t ruid;
1.54 deraadt 74: u_int flags;
1.1 deraadt 75:
1.59 millert 76: while ((ch = getopt(argc, argv, "a:c:fKLlms:-")) != -1)
1.45 deraadt 77: switch (ch) {
1.36 millert 78: case 'a':
79: if (style)
80: usage();
81: style = optarg;
1.1 deraadt 82: break;
1.33 millert 83: case 'c':
1.36 millert 84: if (class)
85: usage();
1.33 millert 86: class = optarg;
87: break;
1.1 deraadt 88: case 'f':
89: fastlogin = 1;
90: break;
1.36 millert 91: case 'K':
92: if (style)
93: usage();
94: style = "passwd";
95: break;
1.47 millert 96: case 'L':
97: emlogin = 1;
98: break;
99: case 'l':
1.1 deraadt 100: case '-':
101: asme = 0;
102: asthem = 1;
103: break;
104: case 'm':
105: asme = 1;
106: asthem = 0;
107: break;
1.59 millert 108: case 's':
109: altshell = 1;
110: shell = optarg;
111: break;
1.1 deraadt 112: default:
1.36 millert 113: usage();
1.1 deraadt 114: }
115: argv += optind;
116:
117: errno = 0;
118: prio = getpriority(PRIO_PROCESS, 0);
119: if (errno)
120: prio = 0;
121: (void)setpriority(PRIO_PROCESS, 0, -2);
122: openlog("su", LOG_CONS, 0);
123:
1.36 millert 124: if ((as = auth_open()) == NULL) {
125: syslog(LOG_ERR, "auth_open: %m");
1.39 millert 126: err(1, "unable to initialize BSD authentication");
1.36 millert 127: }
1.39 millert 128: auth_setoption(as, "login", "yes");
1.36 millert 129:
1.1 deraadt 130: /* get current login name and shell */
131: ruid = getuid();
132: username = getlogin();
1.40 hin 133:
1.47 millert 134: if (ruid && class)
135: auth_errx(as, 1, "only the superuser may specify a login class");
136:
1.59 millert 137: if (ruid && altshell)
138: auth_errx(as, 1, "only the superuser may specify a login shell");
139:
1.41 millert 140: if (username != NULL)
1.40 hin 141: auth_setoption(as, "invokinguser", username);
142:
1.1 deraadt 143: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
144: pwd->pw_uid != ruid)
145: pwd = getpwuid(ruid);
1.8 millert 146: if (pwd == NULL)
1.36 millert 147: auth_errx(as, 1, "who are you?");
1.9 millert 148: if ((username = strdup(pwd->pw_name)) == NULL)
1.41 millert 149: auth_errx(as, 1, "can't allocate memory");
1.59 millert 150: if (asme && !altshell) {
1.10 millert 151: if (pwd->pw_shell && *pwd->pw_shell) {
1.42 millert 152: if ((shell = strdup(pwd->pw_shell)) == NULL)
153: auth_errx(as, 1, "can't allocate memory");
1.10 millert 154: } else {
1.1 deraadt 155: shell = _PATH_BSHELL;
156: iscsh = NO;
157: }
1.31 art 158: }
1.1 deraadt 159:
1.47 millert 160: for (;;) {
161: /* get target user, default to root unless in -L mode */
162: if (*argv) {
163: user = *argv;
164: } else if (emlogin) {
165: if ((user = getloginname()) == NULL) {
166: auth_close(as);
167: exit(1);
168: }
169: } else {
170: user = "root";
171: }
172: /* style may be specified as part of the username */
173: if ((p = strchr(user, ':')) != NULL) {
174: *p++ = '\0';
1.49 millert 175: style = p; /* XXX overrides -a flag */
176: }
1.65 ! robert 177:
1.36 millert 178: /*
1.47 millert 179: * Clean and setup our current authentication session.
180: * Note that options *are* not cleared.
1.36 millert 181: */
1.47 millert 182: auth_clean(as);
183: if (auth_setitem(as, AUTHV_INTERACTIVE, "True") != 0 ||
184: auth_setitem(as, AUTHV_NAME, user) != 0)
185: auth_errx(as, 1, "can't allocate memory");
186: if ((user = auth_getitem(as, AUTHV_NAME)) == NULL)
187: auth_errx(as, 1, "internal error");
188: if (auth_setpwd(as, NULL) || (pwd = auth_getpwd(as)) == NULL) {
189: if (emlogin)
190: pwd = NULL;
191: else
192: auth_errx(as, 1, "unknown login %s", user);
1.1 deraadt 193: }
1.36 millert 194:
1.47 millert 195: /* If the user specified a login class, use it */
196: if (!class && pwd && pwd->pw_class && pwd->pw_class[0] != '\0')
1.63 martynas 197: class = strdup(pwd->pw_class);
1.47 millert 198: if ((lc = login_getclass(class)) == NULL)
199: auth_errx(as, 1, "no such login class: %s",
200: class ? class : LOGIN_DEFCLASS);
201:
202: if ((ruid == 0 && !emlogin) ||
203: verify_user(username, pwd, style, lc, as) == 0)
204: break;
205: syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s%s",
206: username, user, ontty());
207: if (!emlogin) {
1.36 millert 208: fprintf(stderr, "Sorry\n");
209: auth_close(as);
210: exit(1);
1.1 deraadt 211: }
1.47 millert 212: fprintf(stderr, "Login incorrect\n");
1.1 deraadt 213: }
214:
1.59 millert 215: if (!altshell) {
216: if (asme) {
217: /* if asme and non-std target shell, must be root */
218: if (ruid && !chshell(shell))
219: auth_errx(as, 1, "permission denied (shell).");
220: } else if (pwd->pw_shell && *pwd->pw_shell) {
221: if ((shell = strdup(pwd->pw_shell)) == NULL)
222: auth_errx(as, 1, "can't allocate memory");
223: iscsh = UNSET;
224: } else {
225: shell = _PATH_BSHELL;
226: iscsh = NO;
227: }
1.1 deraadt 228: }
229:
1.30 deraadt 230: if ((p = strrchr(shell, '/')))
1.1 deraadt 231: avshell = p+1;
232: else
233: avshell = shell;
234:
235: /* if we're forking a csh, we want to slightly muck the args */
236: if (iscsh == UNSET)
237: iscsh = strcmp(avshell, "csh") ? NO : YES;
238:
239: if (!asme) {
240: if (asthem) {
241: p = getenv("TERM");
1.23 deraadt 242: if ((environ = calloc(1, sizeof (char *))) == NULL)
1.36 millert 243: auth_errx(as, 1, "calloc");
1.33 millert 244: if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH))
1.36 millert 245: auth_err(as, 1, "unable to set user context");
246: if (p && setenv("TERM", p, 1) == -1)
247: auth_err(as, 1, "unable to set environment");
1.5 deraadt 248:
1.57 deraadt 249: setegid(pwd->pw_gid);
1.5 deraadt 250: seteuid(pwd->pw_uid);
1.65 ! robert 251:
! 252: homeless = chdir(pwd->pw_dir);
! 253: if (homeless) {
! 254: if (login_getcapbool(lc, "requirehome", 0)) {
! 255: auth_err(as, 1, "%s", pwd->pw_dir);
! 256: } else {
! 257: (void)printf("No home directory %s!\n", pwd->pw_dir);
! 258: (void)printf("Logging in with home = \"/\".\n");
! 259: if (chdir("/") < 0)
! 260: auth_err(as, 1, "/");
! 261: }
! 262: }
1.57 deraadt 263: setegid(0); /* XXX use a saved gid instead? */
1.5 deraadt 264: seteuid(0);
1.33 millert 265: } else if (pwd->pw_uid == 0) {
266: if (setusercontext(lc,
267: pwd, pwd->pw_uid, LOGIN_SETPATH|LOGIN_SETUMASK))
1.36 millert 268: auth_err(as, 1, "unable to set user context");
1.1 deraadt 269: }
1.15 millert 270: if (asthem || pwd->pw_uid) {
1.34 deraadt 271: if (setenv("LOGNAME", pwd->pw_name, 1) == -1 ||
272: setenv("USER", pwd->pw_name, 1) == -1)
1.36 millert 273: auth_err(as, 1, "unable to set environment");
1.15 millert 274: }
1.65 ! robert 275: if (setenv("HOME", homeless ? "/" : pwd->pw_dir, 1) == -1 ||
1.34 deraadt 276: setenv("SHELL", shell, 1) == -1)
1.59 millert 277: auth_err(as, 1, "unable to set environment");
278: } else if (altshell) {
279: if (setenv("SHELL", shell, 1) == -1)
1.36 millert 280: auth_err(as, 1, "unable to set environment");
1.34 deraadt 281: }
1.28 deraadt 282:
1.47 millert 283: np = *argv ? argv : argv - 1;
1.1 deraadt 284: if (iscsh == YES) {
285: if (fastlogin)
286: *np-- = "-f";
287: if (asme)
288: *np-- = "-m";
289: }
290:
291: if (asthem) {
292: avshellbuf[0] = '-';
1.36 millert 293: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 294: avshell = avshellbuf;
295: } else if (iscsh == YES) {
296: /* csh strips the first character... */
297: avshellbuf[0] = '_';
1.36 millert 298: strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
1.1 deraadt 299: avshell = avshellbuf;
300: }
1.45 deraadt 301:
1.1 deraadt 302: *np = avshell;
303:
304: if (ruid != 0)
305: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
306: username, user, ontty());
307:
308: (void)setpriority(PRIO_PROCESS, 0, prio);
1.51 millert 309: if (emlogin) {
1.48 millert 310: flags = LOGIN_SETALL & ~LOGIN_SETPATH;
1.51 millert 311: /*
1.55 miod 312: * Only call setlogin() if this process is a session leader.
1.51 millert 313: * In practice, this means the login name will be set only if
314: * we are exec'd by a shell. This is important because
315: * otherwise the parent shell's login name would change too.
316: */
317: if (getsid(0) != getpid())
318: flags &= ~LOGIN_SETLOGIN;
1.64 millert 319: } else {
320: flags = LOGIN_SETRESOURCES|LOGIN_SETGROUP|LOGIN_SETUSER;
321: if (asthem)
322: flags |= LOGIN_SETENV|LOGIN_SETPRIORITY|LOGIN_SETUMASK;
323: }
1.48 millert 324: if (setusercontext(lc, pwd, pwd->pw_uid, flags) != 0)
1.36 millert 325: auth_err(as, 1, "unable to set user context");
326: if (pwd->pw_uid && auth_approval(as, lc, pwd->pw_name, "su") <= 0)
327: auth_err(as, 1, "approval failure");
328: auth_close(as);
1.1 deraadt 329:
330: execv(shell, np);
1.32 millert 331: err(1, "%s", shell);
1.1 deraadt 332: }
333:
334: int
1.47 millert 335: verify_user(char *from, struct passwd *pwd, char *style,
336: login_cap_t *lc, auth_session_t *as)
337: {
338: struct group *gr;
339: char **g, *cp;
340: int authok;
341:
342: /*
343: * If we are trying to become root and the default style
344: * is being used, don't bother to look it up (we might be
345: * be su'ing up to fix /etc/login.conf)
346: */
347: if ((pwd == NULL || pwd->pw_uid != 0 || style == NULL ||
348: strcmp(style, LOGIN_DEFSTYLE) != 0) &&
349: (style = login_getstyle(lc, style, "auth-su")) == NULL)
350: auth_errx(as, 1, "invalid authentication type");
351:
352: /*
353: * Let the authentication program know whether they are
354: * in group wheel or not (if trying to become super user)
355: */
356: if (pwd != NULL && pwd->pw_uid == 0 && (gr = getgrgid(0)) != NULL &&
357: gr->gr_mem != NULL && *(gr->gr_mem) != NULL) {
358: for (g = gr->gr_mem; *g; ++g) {
359: if (strcmp(from, *g) == 0) {
360: auth_setoption(as, "wheel", "yes");
361: break;
362: }
363: }
364: if (!*g)
365: auth_setoption(as, "wheel", "no");
366: }
367:
368: auth_verify(as, style, NULL, lc->lc_class, (char *)NULL);
369: authok = auth_getstate(as);
370: if ((authok & AUTH_ALLOW) == 0) {
371: if ((cp = auth_getvalue(as, "errormsg")) != NULL)
372: fprintf(stderr, "%s\n", cp);
373: return(1);
374: }
375: return(0);
376: }
377:
378: int
1.53 millert 379: chshell(const char *sh)
1.1 deraadt 380: {
1.36 millert 381: char *cp;
1.53 millert 382: int found = 0;
1.1 deraadt 383:
1.53 millert 384: setusershell();
385: while ((cp = getusershell()) != NULL) {
386: if (strcmp(cp, sh) == 0) {
387: found = 1;
388: break;
389: }
390: }
391: endusershell();
392: return (found);
1.1 deraadt 393: }
394:
395: char *
1.47 millert 396: ontty(void)
1.1 deraadt 397: {
398: static char buf[MAXPATHLEN + 4];
1.36 millert 399: char *p;
1.1 deraadt 400:
401: buf[0] = 0;
1.30 deraadt 402: if ((p = ttyname(STDERR_FILENO)))
1.8 millert 403: snprintf(buf, sizeof(buf), " on %s", p);
1.1 deraadt 404: return (buf);
405: }
406:
1.47 millert 407: /*
408: * Allow for a '.' and 16 characters for any instance as well as
1.56 otto 409: * space for a ':' and 16 characters defining the authentication type.
1.47 millert 410: */
411: #define NBUFSIZ (UT_NAMESIZE + 1 + 16 + 1 + 16)
412:
413: char *
414: getloginname(void)
415: {
416: static char nbuf[NBUFSIZ], *p;
417: int ch;
418:
419: for (;;) {
420: (void)printf("login: ");
421: for (p = nbuf; (ch = getchar()) != '\n'; ) {
422: if (ch == EOF)
423: return (NULL);
424: if (p < nbuf + (NBUFSIZ - 1))
425: *p++ = ch;
426: }
427: if (p > nbuf) {
428: if (nbuf[0] == '-') {
429: (void)fprintf(stderr,
430: "login names may not start with '-'.\n");
431: } else {
432: *p = '\0';
433: break;
434: }
435: }
436: }
437: return (nbuf);
438: }
439:
1.36 millert 440: void
1.47 millert 441: usage(void)
1.1 deraadt 442: {
1.36 millert 443: extern char *__progname;
1.1 deraadt 444:
1.47 millert 445: fprintf(stderr, "usage: %s [-fKLlm] [-a auth-type] [-c login-class] "
1.61 sobrado 446: "[-s login-shell]\n"
447: "%-*s[login [shell arguments]]\n", __progname,
1.62 sobrado 448: (int)strlen(__progname) + 8, "");
1.36 millert 449: exit(1);
1.1 deraadt 450: }
451:
1.36 millert 452: void
453: auth_err(auth_session_t *as, int eval, const char *fmt, ...)
1.1 deraadt 454: {
1.36 millert 455: va_list ap;
1.46 millert 456:
1.36 millert 457: va_start(ap, fmt);
1.46 millert 458: vwarn(fmt, ap);
459: va_end(ap);
1.36 millert 460: auth_close(as);
1.46 millert 461: exit(eval);
1.28 deraadt 462: }
463:
1.36 millert 464: void
465: auth_errx(auth_session_t *as, int eval, const char *fmt, ...)
1.28 deraadt 466: {
1.36 millert 467: va_list ap;
1.46 millert 468:
1.36 millert 469: va_start(ap, fmt);
1.46 millert 470: vwarnx(fmt, ap);
471: va_end(ap);
1.36 millert 472: auth_close(as);
1.46 millert 473: exit(eval);
1.1 deraadt 474: }