Home | History | Annotate | Line # | Download | only in su
su.c revision 1.51
      1  1.51    itojun /*	$NetBSD: su.c,v 1.51 2002/11/16 15:59:31 itojun Exp $	*/
      2  1.12  christos 
      3   1.1       cgd /*
      4   1.1       cgd  * Copyright (c) 1988 The Regents of the University of California.
      5   1.1       cgd  * All rights reserved.
      6   1.1       cgd  *
      7   1.1       cgd  * Redistribution and use in source and binary forms, with or without
      8   1.1       cgd  * modification, are permitted provided that the following conditions
      9   1.1       cgd  * are met:
     10   1.1       cgd  * 1. Redistributions of source code must retain the above copyright
     11   1.1       cgd  *    notice, this list of conditions and the following disclaimer.
     12   1.1       cgd  * 2. Redistributions in binary form must reproduce the above copyright
     13   1.1       cgd  *    notice, this list of conditions and the following disclaimer in the
     14   1.1       cgd  *    documentation and/or other materials provided with the distribution.
     15   1.1       cgd  * 3. All advertising materials mentioning features or use of this software
     16   1.1       cgd  *    must display the following acknowledgement:
     17   1.1       cgd  *	This product includes software developed by the University of
     18   1.1       cgd  *	California, Berkeley and its contributors.
     19   1.1       cgd  * 4. Neither the name of the University nor the names of its contributors
     20   1.1       cgd  *    may be used to endorse or promote products derived from this software
     21   1.1       cgd  *    without specific prior written permission.
     22   1.1       cgd  *
     23   1.1       cgd  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
     24   1.1       cgd  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     25   1.1       cgd  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     26   1.1       cgd  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
     27   1.1       cgd  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     28   1.1       cgd  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     29   1.1       cgd  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     30   1.1       cgd  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     31   1.1       cgd  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     32   1.1       cgd  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     33   1.1       cgd  * SUCH DAMAGE.
     34   1.1       cgd  */
     35   1.1       cgd 
     36  1.19     lukem #include <sys/cdefs.h>
     37   1.1       cgd #ifndef lint
     38  1.19     lukem __COPYRIGHT(
     39  1.19     lukem     "@(#) Copyright (c) 1988 The Regents of the University of California.\n\
     40  1.19     lukem  All rights reserved.\n");
     41   1.1       cgd #endif /* not lint */
     42   1.1       cgd 
     43   1.1       cgd #ifndef lint
     44  1.12  christos #if 0
     45  1.13       tls static char sccsid[] = "@(#)su.c	8.3 (Berkeley) 4/2/94";*/
     46  1.12  christos #else
     47  1.51    itojun __RCSID("$NetBSD: su.c,v 1.51 2002/11/16 15:59:31 itojun Exp $");
     48  1.12  christos #endif
     49   1.1       cgd #endif /* not lint */
     50   1.1       cgd 
     51   1.1       cgd #include <sys/param.h>
     52   1.1       cgd #include <sys/time.h>
     53   1.1       cgd #include <sys/resource.h>
     54  1.13       tls #include <err.h>
     55  1.11  christos #include <errno.h>
     56  1.17     lukem #include <grp.h>
     57  1.17     lukem #include <paths.h>
     58  1.17     lukem #include <pwd.h>
     59  1.17     lukem #include <stdio.h>
     60  1.27  wsanchez #ifdef SKEY
     61  1.17     lukem #include <skey.h>
     62  1.27  wsanchez #endif
     63   1.7       jtc #include <stdlib.h>
     64   1.1       cgd #include <string.h>
     65  1.17     lukem #include <syslog.h>
     66  1.21    kleink #include <time.h>
     67  1.17     lukem #include <tzfile.h>
     68   1.1       cgd #include <unistd.h>
     69   1.1       cgd 
     70  1.37       mjl #ifdef LOGIN_CAP
     71  1.37       mjl #include <login_cap.h>
     72  1.37       mjl #endif
     73  1.37       mjl 
     74   1.1       cgd #ifdef KERBEROS
     75  1.41     assar #include <des.h>
     76  1.41     assar #include <krb.h>
     77   1.1       cgd #include <netdb.h>
     78   1.1       cgd 
     79  1.41     assar static int kerberos __P((char *, char *, int));
     80  1.41     assar static int koktologin __P((char *, char *, char *));
     81  1.41     assar 
     82  1.41     assar #endif
     83  1.41     assar 
     84  1.41     assar #ifdef KERBEROS5
     85  1.41     assar #include <krb5.h>
     86  1.41     assar 
     87  1.41     assar static int kerberos5 __P((char *, char *, int));
     88  1.41     assar 
     89  1.41     assar #endif
     90  1.41     assar 
     91  1.41     assar #if defined(KERBEROS) || defined(KERBEROS5)
     92  1.41     assar 
     93  1.37       mjl #define	ARGSTRX	"-Kflm"
     94   1.1       cgd 
     95   1.1       cgd int use_kerberos = 1;
     96  1.11  christos 
     97   1.1       cgd #else
     98  1.37       mjl #define	ARGSTRX	"-flm"
     99   1.1       cgd #endif
    100   1.1       cgd 
    101  1.18     lukem #ifndef	SUGROUP
    102  1.18     lukem #define	SUGROUP	"wheel"
    103  1.18     lukem #endif
    104  1.18     lukem 
    105  1.37       mjl #ifdef LOGIN_CAP
    106  1.37       mjl #define ARGSTR	ARGSTRX "c:"
    107  1.37       mjl #else
    108  1.37       mjl #define ARGSTR ARGSTRX
    109  1.37       mjl #endif
    110  1.37       mjl 
    111  1.11  christos int main __P((int, char **));
    112  1.11  christos 
    113  1.25   mycroft static int chshell __P((const char *));
    114  1.11  christos static char *ontty __P((void));
    115  1.46       sjg static int check_ingroup __P((int, const char *, const char *, int));
    116  1.11  christos 
    117   1.2       sef 
    118   1.7       jtc int
    119   1.1       cgd main(argc, argv)
    120   1.1       cgd 	int argc;
    121   1.1       cgd 	char **argv;
    122   1.1       cgd {
    123   1.1       cgd 	extern char **environ;
    124  1.13       tls 	struct passwd *pwd;
    125  1.17     lukem 	char *p;
    126  1.28  christos #ifdef BSD4_4
    127  1.17     lukem 	struct timeval tp;
    128  1.28  christos #endif
    129  1.11  christos 	uid_t ruid;
    130   1.1       cgd 	int asme, ch, asthem, fastlogin, prio;
    131   1.1       cgd 	enum { UNSET, YES, NO } iscsh = UNSET;
    132  1.35  christos 	char *user, *shell, *avshell, *username, **np;
    133  1.37       mjl 	char *userpass, *class;
    134  1.24       mrg 	char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
    135  1.37       mjl 	time_t pw_warntime = _PASSWORD_WARNDAYS * SECSPERDAY;
    136  1.37       mjl #ifdef LOGIN_CAP
    137  1.37       mjl 	login_cap_t *lc;
    138  1.37       mjl #endif
    139   1.1       cgd 
    140   1.1       cgd 	asme = asthem = fastlogin = 0;
    141  1.37       mjl 	shell = class = NULL;
    142  1.19     lukem 	while ((ch = getopt(argc, argv, ARGSTR)) != -1)
    143   1.1       cgd 		switch((char)ch) {
    144  1.41     assar #if defined(KERBEROS) || defined(KERBEROS5)
    145   1.1       cgd 		case 'K':
    146   1.1       cgd 			use_kerberos = 0;
    147   1.1       cgd 			break;
    148   1.1       cgd #endif
    149  1.37       mjl #ifdef LOGIN_CAP
    150  1.37       mjl 		case 'c':
    151  1.37       mjl 			class = optarg;
    152  1.37       mjl 			break;
    153  1.37       mjl #endif
    154   1.1       cgd 		case 'f':
    155   1.1       cgd 			fastlogin = 1;
    156   1.1       cgd 			break;
    157   1.1       cgd 		case '-':
    158   1.1       cgd 		case 'l':
    159   1.1       cgd 			asme = 0;
    160   1.1       cgd 			asthem = 1;
    161   1.1       cgd 			break;
    162   1.1       cgd 		case 'm':
    163   1.1       cgd 			asme = 1;
    164   1.1       cgd 			asthem = 0;
    165   1.1       cgd 			break;
    166   1.1       cgd 		case '?':
    167   1.1       cgd 		default:
    168  1.11  christos 			(void)fprintf(stderr,
    169  1.11  christos 			    "Usage: %s [%s] [login [shell arguments]]\n",
    170  1.47       cgd 			    getprogname(), ARGSTR);
    171   1.1       cgd 			exit(1);
    172   1.1       cgd 		}
    173   1.1       cgd 	argv += optind;
    174  1.30  christos 
    175  1.44       erh 	/* Lower the priority so su runs faster */
    176   1.1       cgd 	errno = 0;
    177   1.1       cgd 	prio = getpriority(PRIO_PROCESS, 0);
    178   1.1       cgd 	if (errno)
    179   1.1       cgd 		prio = 0;
    180  1.44       erh 	if (prio > -2)
    181  1.44       erh 		(void)setpriority(PRIO_PROCESS, 0, -2);
    182  1.45     lukem 	openlog("su", 0, LOG_AUTH);
    183   1.1       cgd 
    184   1.1       cgd 	/* get current login name and shell */
    185   1.1       cgd 	ruid = getuid();
    186   1.1       cgd 	username = getlogin();
    187   1.1       cgd 	if (username == NULL || (pwd = getpwnam(username)) == NULL ||
    188   1.1       cgd 	    pwd->pw_uid != ruid)
    189   1.1       cgd 		pwd = getpwuid(ruid);
    190  1.23       mrg 	if (pwd == NULL)
    191  1.13       tls 		errx(1, "who are you?");
    192   1.1       cgd 	username = strdup(pwd->pw_name);
    193  1.30  christos 	userpass = strdup(pwd->pw_passwd);
    194  1.30  christos 	if (username == NULL || userpass == NULL)
    195  1.23       mrg 		err(1, "strdup");
    196   1.1       cgd 
    197  1.37       mjl 
    198  1.26      ross 	if (asme) {
    199  1.24       mrg 		if (pwd->pw_shell && *pwd->pw_shell) {
    200  1.50    itojun 			strlcpy(shellbuf, pwd->pw_shell, sizeof(shellbuf));
    201  1.50    itojun 			shell = shellbuf;
    202  1.24       mrg 		} else {
    203  1.24       mrg 			shell = _PATH_BSHELL;
    204  1.24       mrg 			iscsh = NO;
    205  1.24       mrg 		}
    206  1.26      ross 	}
    207   1.1       cgd 	/* get target login information, default to root */
    208   1.1       cgd 	user = *argv ? *argv : "root";
    209   1.2       sef 	np = *argv ? argv : argv-1;
    210   1.2       sef 
    211  1.23       mrg 	if ((pwd = getpwnam(user)) == NULL)
    212  1.13       tls 		errx(1, "unknown login %s", user);
    213  1.37       mjl 
    214  1.37       mjl #ifdef LOGIN_CAP
    215  1.37       mjl 	/* force the usage of specified class */
    216  1.37       mjl 	if (class) {
    217  1.37       mjl 		if (ruid)
    218  1.37       mjl 			errx(1, "Only root may use -c");
    219  1.37       mjl 
    220  1.37       mjl 		pwd->pw_class = class;
    221  1.37       mjl 	}
    222  1.37       mjl 	lc = login_getclass(pwd->pw_class);
    223  1.37       mjl 
    224  1.37       mjl 	pw_warntime = login_getcaptime(lc, "password-warn",
    225  1.37       mjl                                     _PASSWORD_WARNDAYS * SECSPERDAY,
    226  1.37       mjl                                     _PASSWORD_WARNDAYS * SECSPERDAY);
    227  1.37       mjl #endif
    228  1.37       mjl 
    229  1.24       mrg 	if (ruid
    230  1.41     assar #ifdef KERBEROS5
    231  1.41     assar 	    && (!use_kerberos || kerberos5(username, user, pwd->pw_uid))
    232  1.41     assar #endif
    233   1.1       cgd #ifdef KERBEROS
    234  1.24       mrg 	    && (!use_kerberos || kerberos(username, user, pwd->pw_uid))
    235   1.1       cgd #endif
    236  1.24       mrg 	    ) {
    237  1.30  christos 		char *pass = pwd->pw_passwd;
    238  1.30  christos 		int ok = pwd->pw_uid != 0;
    239  1.30  christos 
    240  1.34       kim #ifdef ROOTAUTH
    241  1.34       kim 		/*
    242  1.34       kim 		 * Allow those in group rootauth to su to root, by supplying
    243  1.34       kim 		 * their own password.
    244  1.34       kim 		 */
    245  1.46       sjg 		if (!ok) {
    246  1.46       sjg 			if ((ok = check_ingroup(-1, ROOTAUTH, username, 0))) {
    247  1.46       sjg 				pass = userpass;
    248  1.46       sjg 				user = username;
    249  1.34       kim 			}
    250  1.46       sjg 		}
    251  1.34       kim #endif
    252  1.24       mrg 		/*
    253  1.24       mrg 		 * Only allow those in group SUGROUP to su to root,
    254  1.24       mrg 		 * but only if that group has any members.
    255  1.24       mrg 		 * If SUGROUP has no members, allow anyone to su root
    256  1.24       mrg 		 */
    257  1.33       abs 		if (!ok) {
    258  1.46       sjg 			ok = check_ingroup(-1, SUGROUP, username, 1);
    259   1.1       cgd 		}
    260  1.30  christos 		if (!ok)
    261  1.30  christos 			errx(1,
    262  1.30  christos 	    "you are not listed in the correct secondary group (%s) to su %s.",
    263  1.30  christos 					    SUGROUP, user);
    264   1.1       cgd 		/* if target requires a password, verify it */
    265  1.30  christos 		if (*pass) {
    266   1.1       cgd 			p = getpass("Password:");
    267  1.10   deraadt #ifdef SKEY
    268  1.10   deraadt 			if (strcasecmp(p, "s/key") == 0) {
    269  1.13       tls 				if (skey_haskey(user))
    270  1.13       tls 					errx(1, "Sorry, you have no s/key.");
    271  1.13       tls 				else {
    272  1.10   deraadt 					if (skey_authenticate(user)) {
    273  1.10   deraadt 						goto badlogin;
    274  1.10   deraadt 					}
    275  1.10   deraadt 				}
    276  1.10   deraadt 
    277  1.10   deraadt 			} else
    278  1.10   deraadt #endif
    279  1.30  christos 			if (strcmp(pass, crypt(p, pass))) {
    280  1.31  christos #ifdef SKEY
    281  1.10   deraadt badlogin:
    282  1.27  wsanchez #endif
    283   1.1       cgd 				fprintf(stderr, "Sorry\n");
    284  1.45     lukem 				syslog(LOG_WARNING,
    285   1.1       cgd 					"BAD SU %s to %s%s", username,
    286  1.30  christos 					pwd->pw_name, ontty());
    287   1.1       cgd 				exit(1);
    288   1.1       cgd 			}
    289   1.1       cgd 		}
    290   1.1       cgd 	}
    291   1.1       cgd 
    292   1.1       cgd 	if (asme) {
    293   1.1       cgd 		/* if asme and non-standard target shell, must be root */
    294  1.13       tls 		if (!chshell(pwd->pw_shell) && ruid)
    295  1.13       tls 			errx(1,"permission denied (shell).");
    296   1.1       cgd 	} else if (pwd->pw_shell && *pwd->pw_shell) {
    297   1.1       cgd 		shell = pwd->pw_shell;
    298   1.1       cgd 		iscsh = UNSET;
    299   1.1       cgd 	} else {
    300   1.1       cgd 		shell = _PATH_BSHELL;
    301   1.1       cgd 		iscsh = NO;
    302   1.1       cgd 	}
    303   1.1       cgd 
    304  1.17     lukem 	if ((p = strrchr(shell, '/')) != NULL)
    305   1.9       cgd 		avshell = p+1;
    306   1.9       cgd 	else
    307   1.9       cgd 		avshell = shell;
    308   1.9       cgd 
    309   1.1       cgd 	/* if we're forking a csh, we want to slightly muck the args */
    310   1.9       cgd 	if (iscsh == UNSET)
    311  1.11  christos 		iscsh = strstr(avshell, "csh") ? YES : NO;
    312   1.1       cgd 
    313   1.1       cgd 	/* set permissions */
    314  1.44       erh #ifdef LOGIN_CAP
    315  1.44       erh 	if (setusercontext(lc, pwd, pwd->pw_uid,
    316  1.44       erh 	    (asthem ? (LOGIN_SETPRIORITY | LOGIN_SETUMASK) : 0) |
    317  1.44       erh 	    LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETUSER))
    318  1.44       erh 		err(1, "setting user context");
    319  1.44       erh #else
    320  1.13       tls 	if (setgid(pwd->pw_gid) < 0)
    321  1.13       tls 		err(1, "setgid");
    322  1.13       tls 	if (initgroups(user, pwd->pw_gid))
    323  1.13       tls 		errx(1, "initgroups failed");
    324  1.13       tls 	if (setuid(pwd->pw_uid) < 0)
    325  1.13       tls 		err(1, "setuid");
    326  1.37       mjl #endif
    327   1.1       cgd 
    328   1.1       cgd 	if (!asme) {
    329   1.1       cgd 		if (asthem) {
    330   1.1       cgd 			p = getenv("TERM");
    331  1.35  christos 			/* Create an empty environment */
    332  1.35  christos 			if ((environ = malloc(sizeof(char *))) == NULL)
    333  1.48    simonb 				err(1, NULL);
    334  1.35  christos 			environ[0] = NULL;
    335  1.37       mjl #ifdef LOGIN_CAP
    336  1.44       erh 			if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH))
    337  1.37       mjl 				err(1, "setting user context");
    338  1.37       mjl #else
    339   1.8   mycroft 			(void)setenv("PATH", _PATH_DEFPATH, 1);
    340  1.37       mjl #endif
    341  1.11  christos 			if (p)
    342  1.11  christos 				(void)setenv("TERM", p, 1);
    343  1.13       tls 			if (chdir(pwd->pw_dir) < 0)
    344  1.13       tls 				errx(1, "no directory");
    345  1.37       mjl 		}
    346  1.38       mjl 
    347   1.5       jtc 		if (asthem || pwd->pw_uid)
    348   1.1       cgd 			(void)setenv("USER", pwd->pw_name, 1);
    349   1.1       cgd 		(void)setenv("HOME", pwd->pw_dir, 1);
    350   1.1       cgd 		(void)setenv("SHELL", shell, 1);
    351   1.1       cgd 	}
    352  1.39       abs 	(void)setenv("SU_FROM", username, 1);
    353   1.1       cgd 
    354  1.12  christos 	if (iscsh == YES) {
    355  1.12  christos 		if (fastlogin)
    356  1.12  christos 			*np-- = "-f";
    357  1.12  christos 		if (asme)
    358  1.12  christos 			*np-- = "-m";
    359  1.12  christos 	}
    360   1.1       cgd 
    361   1.8   mycroft 	if (asthem) {
    362   1.8   mycroft 		avshellbuf[0] = '-';
    363  1.50    itojun 		(void)strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
    364   1.8   mycroft 		avshell = avshellbuf;
    365   1.8   mycroft 	} else if (iscsh == YES) {
    366   1.8   mycroft 		/* csh strips the first character... */
    367   1.8   mycroft 		avshellbuf[0] = '_';
    368  1.50    itojun 		(void)strlcpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 1);
    369   1.8   mycroft 		avshell = avshellbuf;
    370   1.8   mycroft 	}
    371  1.12  christos 	*np = avshell;
    372  1.11  christos 
    373  1.28  christos #ifdef BSD4_4
    374  1.17     lukem 	if (pwd->pw_change || pwd->pw_expire)
    375  1.17     lukem 		(void)gettimeofday(&tp, (struct timezone *)NULL);
    376  1.26      ross 	if (pwd->pw_change) {
    377  1.17     lukem 		if (tp.tv_sec >= pwd->pw_change) {
    378  1.17     lukem 			(void)printf("%s -- %s's password has expired.\n",
    379  1.17     lukem 				     (ruid ? "Sorry" : "Note"), user);
    380  1.17     lukem 			if (ruid != 0)
    381  1.17     lukem 				exit(1);
    382  1.37       mjl 		} else if (pwd->pw_change - tp.tv_sec < pw_warntime)
    383  1.17     lukem 			(void)printf("Warning: %s's password expires on %s",
    384  1.17     lukem 				     user, ctime(&pwd->pw_change));
    385  1.26      ross 	}
    386  1.26      ross 	if (pwd->pw_expire) {
    387  1.17     lukem 		if (tp.tv_sec >= pwd->pw_expire) {
    388  1.17     lukem 			(void)printf("%s -- %s's account has expired.\n",
    389  1.17     lukem 				     (ruid ? "Sorry" : "Note"), user);
    390  1.17     lukem 			if (ruid != 0)
    391  1.17     lukem 				exit(1);
    392  1.17     lukem 		} else if (pwd->pw_expire - tp.tv_sec <
    393  1.17     lukem 		    _PASSWORD_WARNDAYS * SECSPERDAY)
    394  1.17     lukem 			(void)printf("Warning: %s's account expires on %s",
    395  1.17     lukem 				     user, ctime(&pwd->pw_expire));
    396  1.26      ross  	}
    397  1.28  christos #endif
    398   1.1       cgd 	if (ruid != 0)
    399  1.45     lukem 		syslog(LOG_NOTICE, "%s to %s%s",
    400  1.30  christos 		    username, pwd->pw_name, ontty());
    401   1.1       cgd 
    402  1.44       erh 	/* Raise our priority back to what we had before */
    403   1.1       cgd 	(void)setpriority(PRIO_PROCESS, 0, prio);
    404   1.1       cgd 
    405  1.12  christos 	execv(shell, np);
    406  1.13       tls 	err(1, "%s", shell);
    407  1.27  wsanchez         /* NOTREACHED */
    408   1.1       cgd }
    409  1.11  christos 
    410  1.11  christos static int
    411   1.1       cgd chshell(sh)
    412  1.25   mycroft 	const char *sh;
    413   1.1       cgd {
    414  1.25   mycroft 	const char *cp;
    415   1.1       cgd 
    416   1.1       cgd 	while ((cp = getusershell()) != NULL)
    417   1.1       cgd 		if (!strcmp(cp, sh))
    418   1.1       cgd 			return (1);
    419   1.1       cgd 	return (0);
    420   1.1       cgd }
    421   1.1       cgd 
    422  1.11  christos static char *
    423   1.1       cgd ontty()
    424   1.1       cgd {
    425  1.19     lukem 	char *p;
    426   1.1       cgd 	static char buf[MAXPATHLEN + 4];
    427   1.1       cgd 
    428   1.1       cgd 	buf[0] = 0;
    429  1.17     lukem 	if ((p = ttyname(STDERR_FILENO)) != NULL)
    430  1.15       mrg 		(void)snprintf(buf, sizeof buf, " on %s", p);
    431   1.1       cgd 	return (buf);
    432   1.1       cgd }
    433  1.41     assar 
    434  1.41     assar #ifdef KERBEROS5
    435  1.41     assar static int
    436  1.41     assar kerberos5(username, user, uid)
    437  1.41     assar 	char *username, *user;
    438  1.41     assar 	int uid;
    439  1.41     assar {
    440  1.41     assar 	krb5_error_code ret;
    441  1.41     assar 	krb5_context context;
    442  1.41     assar 	krb5_principal princ = NULL;
    443  1.41     assar 	krb5_ccache ccache, ccache2;
    444  1.41     assar 	char *cc_name;
    445  1.43     assar 	const char *filename;
    446  1.41     assar 
    447  1.41     assar 	ret = krb5_init_context(&context);
    448  1.41     assar 	if (ret)
    449  1.41     assar 		return (1);
    450  1.41     assar 
    451  1.41     assar 	if (strcmp (user, "root") == 0)
    452  1.41     assar 		ret = krb5_make_principal(context, &princ,
    453  1.41     assar 					  NULL, username, "root", NULL);
    454  1.41     assar 	else
    455  1.41     assar 		ret = krb5_make_principal(context, &princ,
    456  1.42     assar 					  NULL, user, NULL);
    457  1.41     assar 	if (ret)
    458  1.41     assar 		goto fail;
    459  1.41     assar 	if (!krb5_kuserok(context, princ, user) && !uid) {
    460  1.41     assar 		warnx ("kerberos5: not in %s's ACL.", user);
    461  1.41     assar 		goto fail;
    462  1.41     assar 	}
    463  1.41     assar 	ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
    464  1.41     assar 	if (ret)
    465  1.41     assar 		goto fail;
    466  1.41     assar 	ret = krb5_verify_user_lrealm(context, princ, ccache, NULL, TRUE,
    467  1.41     assar 				      NULL);
    468  1.41     assar 	if (ret) {
    469  1.41     assar 		krb5_cc_destroy(context, ccache);
    470  1.41     assar 		switch (ret) {
    471  1.41     assar 		case KRB5_LIBOS_PWDINTR :
    472  1.41     assar 			break;
    473  1.41     assar 		case KRB5KRB_AP_ERR_BAD_INTEGRITY:
    474  1.41     assar 		case KRB5KRB_AP_ERR_MODIFIED:
    475  1.41     assar 			krb5_warnx(context, "Password incorrect");
    476  1.41     assar 			break;
    477  1.41     assar 		default :
    478  1.41     assar 			krb5_warn(context, ret, "krb5_verify_user");
    479  1.41     assar 			break;
    480  1.41     assar 		}
    481  1.41     assar 		goto fail;
    482  1.41     assar 	}
    483  1.41     assar 	ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2);
    484  1.41     assar 	if (ret) {
    485  1.41     assar 		krb5_cc_destroy(context, ccache);
    486  1.41     assar 		goto fail;
    487  1.41     assar 	}
    488  1.41     assar 	ret = krb5_cc_copy_cache(context, ccache, ccache2);
    489  1.41     assar 	if (ret) {
    490  1.41     assar 		krb5_cc_destroy(context, ccache);
    491  1.41     assar 		krb5_cc_destroy(context, ccache2);
    492  1.41     assar 		goto fail;
    493  1.41     assar 	}
    494  1.41     assar 
    495  1.43     assar 	filename = krb5_cc_get_name(context, ccache2);
    496  1.41     assar 	asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
    497  1.43     assar 		 filename);
    498  1.43     assar 	if (chown (filename, uid, -1) < 0) {
    499  1.43     assar 		warn("chown %s", filename);
    500  1.43     assar 		free(cc_name);
    501  1.43     assar 		krb5_cc_destroy(context, ccache);
    502  1.43     assar 		krb5_cc_destroy(context, ccache2);
    503  1.43     assar 		goto fail;
    504  1.43     assar 	}
    505  1.43     assar 
    506  1.41     assar 	setenv("KRB5CCNAME", cc_name, 1);
    507  1.41     assar 	free(cc_name);
    508  1.41     assar 	krb5_cc_close(context, ccache2);
    509  1.41     assar 	krb5_cc_destroy(context, ccache);
    510  1.43     assar 	return (0);
    511  1.41     assar 
    512  1.41     assar  fail:
    513  1.41     assar 	if (princ != NULL)
    514  1.41     assar 		krb5_free_principal (context, princ);
    515  1.41     assar 	krb5_free_context (context);
    516  1.41     assar 	return (1);
    517  1.41     assar }
    518  1.41     assar #endif
    519   1.1       cgd 
    520   1.1       cgd #ifdef KERBEROS
    521  1.11  christos static int
    522   1.1       cgd kerberos(username, user, uid)
    523   1.1       cgd 	char *username, *user;
    524   1.1       cgd 	int uid;
    525   1.1       cgd {
    526   1.1       cgd 	KTEXT_ST ticket;
    527   1.1       cgd 	AUTH_DAT authdata;
    528   1.1       cgd 	struct hostent *hp;
    529   1.1       cgd 	int kerno;
    530   1.1       cgd 	u_long faddr;
    531   1.1       cgd 	char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
    532  1.22       mrg 	char hostname[MAXHOSTNAMELEN + 1], savehost[MAXHOSTNAMELEN + 1];
    533   1.1       cgd 
    534  1.40     assar 	if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
    535   1.1       cgd 		return (1);
    536   1.1       cgd 	if (koktologin(username, lrealm, user) && !uid) {
    537  1.13       tls 		warnx("kerberos: not in %s's ACL.", user);
    538   1.1       cgd 		return (1);
    539   1.1       cgd 	}
    540  1.29    scottr 	(void)snprintf(krbtkfile, sizeof krbtkfile, "%s_%s_%d", TKT_ROOT,
    541  1.15       mrg 	    user, getuid());
    542   1.1       cgd 
    543   1.1       cgd 	(void)setenv("KRBTKFILE", krbtkfile, 1);
    544   1.1       cgd 	(void)krb_set_tkt_string(krbtkfile);
    545   1.1       cgd 	/*
    546   1.1       cgd 	 * Set real as well as effective ID to 0 for the moment,
    547   1.1       cgd 	 * to make the kerberos library do the right thing.
    548   1.1       cgd 	 */
    549   1.1       cgd 	if (setuid(0) < 0) {
    550  1.13       tls 		warn("setuid");
    551   1.1       cgd 		return (1);
    552   1.1       cgd 	}
    553   1.1       cgd 
    554   1.1       cgd 	/*
    555   1.1       cgd 	 * Little trick here -- if we are su'ing to root,
    556   1.1       cgd 	 * we need to get a ticket for "xxx.root", where xxx represents
    557   1.1       cgd 	 * the name of the person su'ing.  Otherwise (non-root case),
    558   1.1       cgd 	 * we need to get a ticket for "yyy.", where yyy represents
    559   1.1       cgd 	 * the name of the person being su'd to, and the instance is null
    560   1.1       cgd 	 *
    561   1.1       cgd 	 * We should have a way to set the ticket lifetime,
    562   1.1       cgd 	 * with a system default for root.
    563   1.1       cgd 	 */
    564  1.40     assar 	{
    565  1.40     assar 		char prompt[128];
    566  1.40     assar 		char passw[256];
    567  1.40     assar 
    568  1.40     assar 		(void)snprintf (prompt, sizeof(prompt),
    569  1.40     assar 			  "%s's Password: ",
    570  1.40     assar 			  krb_unparse_name_long ((uid == 0 ? username : user),
    571  1.40     assar 						 (uid == 0 ? "root" : ""),
    572  1.40     assar 						 lrealm));
    573  1.40     assar 		if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) {
    574  1.40     assar 			memset (passw, 0, sizeof (passw));
    575  1.40     assar 			return (1);
    576  1.40     assar 		}
    577  1.40     assar 		if (strlen(passw) == 0)
    578  1.40     assar 			return (1); /* Empty passwords are not allowed */
    579  1.40     assar 
    580  1.40     assar 		kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
    581  1.40     assar 					  (uid == 0 ? "root" : ""), lrealm,
    582  1.40     assar 					  KRB_TICKET_GRANTING_TICKET,
    583  1.40     assar 					  lrealm,
    584  1.40     assar 					  DEFAULT_TKT_LIFE,
    585  1.40     assar 					  passw);
    586  1.40     assar 		memset (passw, 0, strlen (passw));
    587  1.40     assar 	}
    588   1.1       cgd 
    589   1.1       cgd 	if (kerno != KSUCCESS) {
    590   1.1       cgd 		if (kerno == KDC_PR_UNKNOWN) {
    591  1.13       tls 			warnx("kerberos: principal unknown: %s.%s@%s",
    592   1.1       cgd 				(uid == 0 ? username : user),
    593   1.1       cgd 				(uid == 0 ? "root" : ""), lrealm);
    594   1.1       cgd 			return (1);
    595   1.1       cgd 		}
    596  1.13       tls 		warnx("kerberos: unable to su: %s", krb_err_txt[kerno]);
    597  1.45     lukem 		syslog(LOG_WARNING,
    598   1.1       cgd 		    "BAD Kerberos SU: %s to %s%s: %s",
    599   1.1       cgd 		    username, user, ontty(), krb_err_txt[kerno]);
    600   1.1       cgd 		return (1);
    601   1.1       cgd 	}
    602   1.1       cgd 
    603   1.1       cgd 	if (chown(krbtkfile, uid, -1) < 0) {
    604  1.13       tls 		warn("chown");
    605   1.1       cgd 		(void)unlink(krbtkfile);
    606   1.1       cgd 		return (1);
    607   1.1       cgd 	}
    608   1.1       cgd 
    609   1.1       cgd 	(void)setpriority(PRIO_PROCESS, 0, -2);
    610   1.1       cgd 
    611   1.1       cgd 	if (gethostname(hostname, sizeof(hostname)) == -1) {
    612  1.13       tls 		warn("gethostname");
    613   1.1       cgd 		dest_tkt();
    614   1.1       cgd 		return (1);
    615   1.1       cgd 	}
    616  1.22       mrg 	hostname[sizeof(hostname) - 1] = '\0';
    617   1.1       cgd 
    618  1.40     assar 	(void)strlcpy(savehost, krb_get_phost(hostname), sizeof(savehost));
    619   1.1       cgd 	savehost[sizeof(savehost) - 1] = '\0';
    620   1.1       cgd 
    621   1.1       cgd 	kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33);
    622   1.1       cgd 
    623   1.1       cgd 	if (kerno == KDC_PR_UNKNOWN) {
    624  1.13       tls 		warnx("Warning: TGT not verified.");
    625  1.45     lukem 		syslog(LOG_WARNING,
    626   1.1       cgd 		    "%s to %s%s, TGT not verified (%s); %s.%s not registered?",
    627   1.1       cgd 		    username, user, ontty(), krb_err_txt[kerno],
    628   1.1       cgd 		    "rcmd", savehost);
    629   1.1       cgd 	} else if (kerno != KSUCCESS) {
    630  1.13       tls 		warnx("Unable to use TGT: %s", krb_err_txt[kerno]);
    631  1.45     lukem 		syslog(LOG_WARNING, "failed su: %s to %s%s: %s",
    632   1.1       cgd 		    username, user, ontty(), krb_err_txt[kerno]);
    633   1.1       cgd 		dest_tkt();
    634   1.1       cgd 		return (1);
    635   1.1       cgd 	} else {
    636   1.1       cgd 		if (!(hp = gethostbyname(hostname))) {
    637  1.13       tls 			warnx("can't get addr of %s", hostname);
    638   1.1       cgd 			dest_tkt();
    639   1.1       cgd 			return (1);
    640   1.1       cgd 		}
    641  1.13       tls 		memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr));
    642   1.1       cgd 
    643   1.1       cgd 		if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
    644   1.1       cgd 		    &authdata, "")) != KSUCCESS) {
    645  1.49    itojun 			warnx("kerberos: unable to verify rcmd ticket: %s",
    646   1.1       cgd 			    krb_err_txt[kerno]);
    647  1.45     lukem 			syslog(LOG_WARNING,
    648   1.1       cgd 			    "failed su: %s to %s%s: %s", username,
    649   1.1       cgd 			     user, ontty(), krb_err_txt[kerno]);
    650   1.1       cgd 			dest_tkt();
    651   1.1       cgd 			return (1);
    652   1.1       cgd 		}
    653   1.1       cgd 	}
    654   1.1       cgd 	return (0);
    655   1.1       cgd }
    656   1.1       cgd 
    657  1.11  christos static int
    658   1.1       cgd koktologin(name, realm, toname)
    659   1.1       cgd 	char *name, *realm, *toname;
    660   1.1       cgd {
    661  1.40     assar 	return krb_kuserok(name,
    662  1.40     assar 			   strcmp (toname, "root") == 0 ? "root" : "",
    663  1.40     assar 			   realm,
    664  1.40     assar 			   toname);
    665   1.1       cgd }
    666   1.1       cgd #endif
    667  1.46       sjg 
    668  1.46       sjg static int
    669  1.46       sjg check_ingroup (gid, gname, user, ifempty)
    670  1.46       sjg 	int gid;
    671  1.46       sjg 	const char *gname;
    672  1.46       sjg 	const char *user;
    673  1.46       sjg 	int ifempty;
    674  1.46       sjg {
    675  1.46       sjg 	struct group *gr;
    676  1.46       sjg 	char **g;
    677  1.46       sjg #ifdef SU_INDIRECT_GROUP
    678  1.46       sjg 	char **gr_mem;
    679  1.46       sjg 	int n = 0;
    680  1.46       sjg 	int i = 0;
    681  1.46       sjg #endif
    682  1.46       sjg 	int ok = 0;
    683  1.46       sjg 
    684  1.46       sjg 	if (gname == NULL)
    685  1.46       sjg 		gr = getgrgid((gid_t) gid);
    686  1.46       sjg 	else
    687  1.46       sjg 		gr = getgrnam(gname);
    688  1.46       sjg 
    689  1.46       sjg 	/*
    690  1.46       sjg 	 * XXX we are relying on the fact that we only set ifempty when
    691  1.46       sjg 	 * calling to check for SUGROUP and that is the only time a
    692  1.46       sjg 	 * missing group is acceptable.
    693  1.46       sjg 	 */
    694  1.46       sjg 	if (gr == NULL)
    695  1.46       sjg 		return ifempty;
    696  1.46       sjg 	if (!*gr->gr_mem)		/* empty */
    697  1.46       sjg 		return ifempty;
    698  1.46       sjg 
    699  1.46       sjg 	/*
    700  1.46       sjg 	 * Ok, first see if user is in gr_mem
    701  1.46       sjg 	 */
    702  1.46       sjg 	for (g = gr->gr_mem; *g; ++g) {
    703  1.46       sjg 		if (strcmp(*g, user) == 0)
    704  1.46       sjg 			return 1;	/* ok */
    705  1.46       sjg #ifdef SU_INDIRECT_GROUP
    706  1.46       sjg 		++n;			/* count them */
    707  1.46       sjg #endif
    708  1.46       sjg 	}
    709  1.46       sjg #ifdef SU_INDIRECT_GROUP
    710  1.46       sjg 	/*
    711  1.46       sjg 	 * No.
    712  1.46       sjg 	 * Now we need to duplicate the gr_mem list, and recurse for
    713  1.46       sjg 	 * each member to see if it is a group, and if so whether user is
    714  1.46       sjg 	 * in it.
    715  1.46       sjg 	 */
    716  1.46       sjg 	gr_mem = malloc((n + 1) * sizeof (char *));
    717  1.46       sjg 	for  (g = gr->gr_mem, i = 0; *g; ++g) {
    718  1.51    itojun 		gr_mem[i] = strdup(*g);
    719  1.51    itojun 		if (!gr_mem[i])
    720  1.51    itojun 			err(1, "strdup");
    721  1.51    itojun 		i++;
    722  1.46       sjg 	}
    723  1.46       sjg 	gr_mem[i++] = NULL;
    724  1.46       sjg 
    725  1.46       sjg 	for  (g = gr_mem; ok == 0 && *g; ++g) {
    726  1.46       sjg 		/*
    727  1.46       sjg 		 * If we get this far we don't accept empty/missing groups.
    728  1.46       sjg 		 */
    729  1.46       sjg 		ok = check_ingroup(-1, *g, user, 0);
    730  1.46       sjg 	}
    731  1.46       sjg 	for  (g = gr_mem; *g; ++g) {
    732  1.46       sjg 		free(*g);
    733  1.46       sjg 	}
    734  1.46       sjg 	free(gr_mem);
    735  1.46       sjg #endif
    736  1.46       sjg 	return ok;
    737  1.46       sjg }
    738