Annotation of src/usr.bin/su/su.c, Revision 1.7
1.7 ! millert 1: /* $OpenBSD: su.c,v 1.6 1996/10/08 18:36:56 deraadt Exp $ */
1.4 deraadt 2:
1.1 deraadt 3: /*
4: * Copyright (c) 1988 The Regents of the University of California.
5: * All rights reserved.
6: *
7: * Redistribution and use in source and binary forms, with or without
8: * modification, are permitted provided that the following conditions
9: * are met:
10: * 1. Redistributions of source code must retain the above copyright
11: * notice, this list of conditions and the following disclaimer.
12: * 2. Redistributions in binary form must reproduce the above copyright
13: * notice, this list of conditions and the following disclaimer in the
14: * documentation and/or other materials provided with the distribution.
15: * 3. All advertising materials mentioning features or use of this software
16: * must display the following acknowledgement:
17: * This product includes software developed by the University of
18: * California, Berkeley and its contributors.
19: * 4. Neither the name of the University nor the names of its contributors
20: * may be used to endorse or promote products derived from this software
21: * without specific prior written permission.
22: *
23: * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
24: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26: * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
27: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33: * SUCH DAMAGE.
34: */
35:
36: #ifndef lint
37: char copyright[] =
38: "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
39: All rights reserved.\n";
40: #endif /* not lint */
41:
42: #ifndef lint
43: /*static char sccsid[] = "from: @(#)su.c 5.26 (Berkeley) 7/6/91";*/
1.7 ! millert 44: static char rcsid[] = "$OpenBSD: su.c,v 1.6 1996/10/08 18:36:56 deraadt Exp $";
1.1 deraadt 45: #endif /* not lint */
46:
47: #include <sys/param.h>
48: #include <sys/time.h>
49: #include <sys/resource.h>
50: #include <syslog.h>
51: #include <stdio.h>
52: #include <stdlib.h>
53: #include <pwd.h>
54: #include <grp.h>
55: #include <string.h>
56: #include <unistd.h>
57: #include <paths.h>
58:
59: #ifdef KERBEROS
60: #include <kerberosIV/des.h>
61: #include <kerberosIV/krb.h>
62: #include <netdb.h>
63:
64: #define ARGSTR "-Kflm"
65:
66: int use_kerberos = 1;
67: #else
68: #define ARGSTR "-flm"
69: #endif
70:
71: extern char *crypt();
72: int chshell();
73:
74: int
75: main(argc, argv)
76: int argc;
77: char **argv;
78: {
79: extern char **environ;
80: extern int errno, optind;
81: register struct passwd *pwd;
82: register char *p, **g;
83: struct group *gr;
84: uid_t ruid, getuid();
85: int asme, ch, asthem, fastlogin, prio;
86: enum { UNSET, YES, NO } iscsh = UNSET;
87: char *user, *shell, *avshell, *username, *cleanenv[10], **np;
88: char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
89: char *getpass(), *getenv(), *getlogin(), *ontty();
90:
91: asme = asthem = fastlogin = 0;
92: while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
93: switch((char)ch) {
94: #ifdef KERBEROS
95: case 'K':
96: use_kerberos = 0;
97: break;
98: #endif
99: case 'f':
100: fastlogin = 1;
101: break;
102: case '-':
103: case 'l':
104: asme = 0;
105: asthem = 1;
106: break;
107: case 'm':
108: asme = 1;
109: asthem = 0;
110: break;
111: case '?':
112: default:
1.7 ! millert 113: (void)fprintf(stderr,
! 114: "usage: su [%s] [login [shell arguments]]\n",
1.1 deraadt 115: ARGSTR);
116: exit(1);
117: }
118: argv += optind;
119:
120: errno = 0;
121: prio = getpriority(PRIO_PROCESS, 0);
122: if (errno)
123: prio = 0;
124: (void)setpriority(PRIO_PROCESS, 0, -2);
125: openlog("su", LOG_CONS, 0);
126:
127: /* get current login name and shell */
128: ruid = getuid();
129: username = getlogin();
130: if (username == NULL || (pwd = getpwnam(username)) == NULL ||
131: pwd->pw_uid != ruid)
132: pwd = getpwuid(ruid);
133: if (pwd == NULL) {
134: fprintf(stderr, "su: who are you?\n");
135: exit(1);
136: }
137: username = strdup(pwd->pw_name);
138: if (asme)
139: if (pwd->pw_shell && *pwd->pw_shell)
140: shell = strcpy(shellbuf, pwd->pw_shell);
141: else {
142: shell = _PATH_BSHELL;
143: iscsh = NO;
144: }
145:
146: /* get target login information, default to root */
147: user = *argv ? *argv : "root";
148: np = *argv ? argv : argv-1;
149:
150: if ((pwd = getpwnam(user)) == NULL) {
151: fprintf(stderr, "su: unknown login %s\n", user);
152: exit(1);
153: }
154:
155: if (ruid) {
156: #ifdef KERBEROS
157: if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
158: #endif
159: {
160: /* only allow those in group zero to su to root. */
1.3 deraadt 161: if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))
162: && gr->gr_mem && *(gr->gr_mem))
1.1 deraadt 163: for (g = gr->gr_mem;; ++g) {
164: if (!*g) {
165: (void)fprintf(stderr,
166: "su: you are not in the correct group to su %s.\n",
167: user);
168: exit(1);
169: }
170: if (!strcmp(username, *g))
171: break;
172: }
173: /* if target requires a password, verify it */
174: if (*pwd->pw_passwd) {
175: p = getpass("Password:");
176: #ifdef SKEY
177: if (strcasecmp(p, "s/key") == 0) {
178: if (skey_haskey(user)) {
179: fprintf(stderr, "Sorry, you have no s/key.\n");
180: exit(1);
181: } else {
182: if (skey_authenticate(user)) {
183: goto badlogin;
184: }
185: }
186:
187: } else
188: #endif
189: if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
190: badlogin:
191: fprintf(stderr, "Sorry\n");
192: syslog(LOG_AUTH|LOG_WARNING,
193: "BAD SU %s to %s%s", username,
194: user, ontty());
195: exit(1);
196: }
197: }
198: }
199: }
200:
201: if (asme) {
202: /* if asme and non-standard target shell, must be root */
203: if (!chshell(pwd->pw_shell) && ruid) {
204: (void)fprintf(stderr,
205: "su: permission denied (shell).\n");
206: exit(1);
207: }
208: } else if (pwd->pw_shell && *pwd->pw_shell) {
209: shell = pwd->pw_shell;
210: iscsh = UNSET;
211: } else {
212: shell = _PATH_BSHELL;
213: iscsh = NO;
214: }
215:
216: if (p = rindex(shell, '/'))
217: avshell = p+1;
218: else
219: avshell = shell;
220:
221: /* if we're forking a csh, we want to slightly muck the args */
222: if (iscsh == UNSET)
223: iscsh = strcmp(avshell, "csh") ? NO : YES;
224:
225: /* set permissions */
226: if (setgid(pwd->pw_gid) < 0) {
227: perror("su: setgid");
228: exit(1);
229: }
230: if (initgroups(user, pwd->pw_gid)) {
231: (void)fprintf(stderr, "su: initgroups failed.\n");
232: exit(1);
233: }
234: if (setuid(pwd->pw_uid) < 0) {
235: perror("su: setuid");
236: exit(1);
237: }
238:
239: if (!asme) {
240: if (asthem) {
241: p = getenv("TERM");
242: cleanenv[0] = NULL;
243: environ = cleanenv;
244: (void)setenv("PATH", _PATH_DEFPATH, 1);
1.6 deraadt 245: if (p)
246: (void)setenv("TERM", p, 1);
1.5 deraadt 247:
248: seteuid(pwd->pw_uid);
249: setegid(pwd->pw_gid);
1.1 deraadt 250: if (chdir(pwd->pw_dir) < 0) {
251: fprintf(stderr, "su: no directory\n");
252: exit(1);
253: }
1.5 deraadt 254: seteuid(0);
255: setegid(0); /* XXX use a saved gid instead? */
1.1 deraadt 256: }
257: if (asthem || pwd->pw_uid)
258: (void)setenv("USER", pwd->pw_name, 1);
259: (void)setenv("HOME", pwd->pw_dir, 1);
260: (void)setenv("SHELL", shell, 1);
261: }
262:
263: if (iscsh == YES) {
264: if (fastlogin)
265: *np-- = "-f";
266: if (asme)
267: *np-- = "-m";
268: }
269:
270: if (asthem) {
271: avshellbuf[0] = '-';
272: strcpy(avshellbuf+1, avshell);
273: avshell = avshellbuf;
274: } else if (iscsh == YES) {
275: /* csh strips the first character... */
276: avshellbuf[0] = '_';
277: strcpy(avshellbuf+1, avshell);
278: avshell = avshellbuf;
279: }
280:
281: *np = avshell;
282:
283: if (ruid != 0)
284: syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
285: username, user, ontty());
286:
287: (void)setpriority(PRIO_PROCESS, 0, prio);
288:
289: execv(shell, np);
290: (void)fprintf(stderr, "su: %s not found.\n", shell);
291: exit(1);
292: }
293:
294: int
295: chshell(sh)
296: char *sh;
297: {
298: register char *cp;
299: char *getusershell();
300:
301: while ((cp = getusershell()) != NULL)
302: if (!strcmp(cp, sh))
303: return (1);
304: return (0);
305: }
306:
307: char *
308: ontty()
309: {
310: char *p, *ttyname();
311: static char buf[MAXPATHLEN + 4];
312:
313: buf[0] = 0;
314: if (p = ttyname(STDERR_FILENO))
315: sprintf(buf, " on %s", p);
316: return (buf);
317: }
318:
319: #ifdef KERBEROS
320: kerberos(username, user, uid)
321: char *username, *user;
322: int uid;
323: {
324: KTEXT_ST ticket;
325: AUTH_DAT authdata;
326: struct hostent *hp;
327: register char *p;
328: int kerno;
329: u_long faddr;
330: char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
331: char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
332: char *ontty(), *krb_get_phost();
333:
334: if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
335: return (1);
336: if (koktologin(username, lrealm, user) && !uid) {
337: (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user);
338: return (1);
339: }
340: (void)sprintf(krbtkfile, "%s_%s_%d", TKT_ROOT, user, getuid());
341:
342: (void)setenv("KRBTKFILE", krbtkfile, 1);
343: (void)krb_set_tkt_string(krbtkfile);
344: /*
345: * Set real as well as effective ID to 0 for the moment,
346: * to make the kerberos library do the right thing.
347: */
348: if (setuid(0) < 0) {
349: perror("su: setuid");
350: return (1);
351: }
352:
353: /*
354: * Little trick here -- if we are su'ing to root,
355: * we need to get a ticket for "xxx.root", where xxx represents
356: * the name of the person su'ing. Otherwise (non-root case),
357: * we need to get a ticket for "yyy.", where yyy represents
358: * the name of the person being su'd to, and the instance is null
359: *
360: * We should have a way to set the ticket lifetime,
361: * with a system default for root.
362: */
363: kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
364: (uid == 0 ? "root" : ""), lrealm,
365: "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0);
366:
367: if (kerno != KSUCCESS) {
368: if (kerno == KDC_PR_UNKNOWN) {
369: fprintf(stderr, "principal unknown: %s.%s@%s\n",
370: (uid == 0 ? username : user),
371: (uid == 0 ? "root" : ""), lrealm);
372: return (1);
373: }
374: (void)fprintf(stderr, "su: unable to su: %s\n",
375: krb_err_txt[kerno]);
376: syslog(LOG_NOTICE|LOG_AUTH,
377: "BAD Kerberos SU: %s to %s%s: %s",
378: username, user, ontty(), krb_err_txt[kerno]);
379: return (1);
380: }
381:
382: if (chown(krbtkfile, uid, -1) < 0) {
383: perror("su: chown:");
384: (void)unlink(krbtkfile);
385: return (1);
386: }
387:
388: (void)setpriority(PRIO_PROCESS, 0, -2);
389:
390: if (gethostname(hostname, sizeof(hostname)) == -1) {
391: perror("su: gethostname");
392: dest_tkt();
393: return (1);
394: }
395:
396: (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost));
397: savehost[sizeof(savehost) - 1] = '\0';
398:
399: kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33);
400:
401: if (kerno == KDC_PR_UNKNOWN) {
402: (void)fprintf(stderr, "Warning: TGT not verified.\n");
403: syslog(LOG_NOTICE|LOG_AUTH,
404: "%s to %s%s, TGT not verified (%s); %s.%s not registered?",
405: username, user, ontty(), krb_err_txt[kerno],
406: "rcmd", savehost);
407: } else if (kerno != KSUCCESS) {
408: (void)fprintf(stderr, "Unable to use TGT: %s\n",
409: krb_err_txt[kerno]);
410: syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s",
411: username, user, ontty(), krb_err_txt[kerno]);
412: dest_tkt();
413: return (1);
414: } else {
415: if (!(hp = gethostbyname(hostname))) {
416: (void)fprintf(stderr, "su: can't get addr of %s\n",
417: hostname);
418: dest_tkt();
419: return (1);
420: }
421: (void)bcopy((char *)hp->h_addr, (char *)&faddr, sizeof(faddr));
422:
423: if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
424: &authdata, "")) != KSUCCESS) {
425: (void)fprintf(stderr,
426: "su: unable to verify rcmd ticket: %s\n",
427: krb_err_txt[kerno]);
428: syslog(LOG_NOTICE|LOG_AUTH,
429: "failed su: %s to %s%s: %s", username,
430: user, ontty(), krb_err_txt[kerno]);
431: dest_tkt();
432: return (1);
433: }
434: }
435: return (0);
436: }
437:
438: koktologin(name, realm, toname)
439: char *name, *realm, *toname;
440: {
441: register AUTH_DAT *kdata;
442: AUTH_DAT kdata_st;
443:
444: kdata = &kdata_st;
445: bzero((caddr_t) kdata, sizeof(*kdata));
446: (void)strcpy(kdata->pname, name);
447: (void)strcpy(kdata->pinst,
448: ((strcmp(toname, "root") == 0) ? "root" : ""));
449: (void)strcpy(kdata->prealm, realm);
450: return (kuserok(kdata, toname));
451: }
452: #endif