su.c revision 1.30
1 /* $NetBSD: su.c,v 1.30 1999/03/15 08:05:07 christos Exp $ */ 2 3 /* 4 * Copyright (c) 1988 The Regents of the University of California. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 __COPYRIGHT( 39 "@(#) Copyright (c) 1988 The Regents of the University of California.\n\ 40 All rights reserved.\n"); 41 #endif /* not lint */ 42 43 #ifndef lint 44 #if 0 45 static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/ 46 #else 47 __RCSID("$NetBSD: su.c,v 1.30 1999/03/15 08:05:07 christos Exp $"); 48 #endif 49 #endif /* not lint */ 50 51 #include <sys/param.h> 52 #include <sys/time.h> 53 #include <sys/resource.h> 54 #include <err.h> 55 #include <errno.h> 56 #include <grp.h> 57 #include <paths.h> 58 #include <pwd.h> 59 #ifdef SHADOWPASSWORDS 60 #include <shadow.h> 61 #endif 62 #include <stdio.h> 63 #ifdef SKEY 64 #include <skey.h> 65 #endif 66 #include <stdlib.h> 67 #include <string.h> 68 #include <syslog.h> 69 #include <time.h> 70 #include <tzfile.h> 71 #include <unistd.h> 72 73 #ifdef KERBEROS 74 #include <kerberosIV/des.h> 75 #include <kerberosIV/krb.h> 76 #include <netdb.h> 77 78 #define ARGSTR "-Kflm" 79 80 int use_kerberos = 1; 81 82 static int kerberos __P((char *, char *, int)); 83 static int koktologin __P((char *, char *, char *)); 84 85 #else 86 #define ARGSTR "-flm" 87 #endif 88 89 #ifndef SUGROUP 90 #define SUGROUP "wheel" 91 #endif 92 93 int main __P((int, char **)); 94 95 static int chshell __P((const char *)); 96 static char *ontty __P((void)); 97 98 99 int 100 main(argc, argv) 101 int argc; 102 char **argv; 103 { 104 extern char *__progname; 105 extern char **environ; 106 struct passwd *pwd; 107 #ifdef SHADOWPASSWORDS 108 struct spwd *shapwd; 109 #endif 110 char *p; 111 struct group *gr; 112 #ifdef BSD4_4 113 struct timeval tp; 114 #endif 115 uid_t ruid; 116 int asme, ch, asthem, fastlogin, prio; 117 enum { UNSET, YES, NO } iscsh = UNSET; 118 char *user, *shell, *avshell, *username, *cleanenv[10], **np; 119 char *userpass; 120 char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN]; 121 122 asme = asthem = fastlogin = 0; 123 shell = NULL; 124 while ((ch = getopt(argc, argv, ARGSTR)) != -1) 125 switch((char)ch) { 126 #ifdef KERBEROS 127 case 'K': 128 use_kerberos = 0; 129 break; 130 #endif 131 case 'f': 132 fastlogin = 1; 133 break; 134 case '-': 135 case 'l': 136 asme = 0; 137 asthem = 1; 138 break; 139 case 'm': 140 asme = 1; 141 asthem = 0; 142 break; 143 case '?': 144 default: 145 (void)fprintf(stderr, 146 "Usage: %s [%s] [login [shell arguments]]\n", 147 __progname, ARGSTR); 148 exit(1); 149 } 150 argv += optind; 151 152 #ifndef BSD4_4 153 if (*argv && strcmp(*argv, "-") == 0) { 154 asme = 0; 155 asthem = 1; 156 argv++; 157 } 158 #endif 159 160 errno = 0; 161 prio = getpriority(PRIO_PROCESS, 0); 162 if (errno) 163 prio = 0; 164 (void)setpriority(PRIO_PROCESS, 0, -2); 165 openlog("su", LOG_CONS, 0); 166 167 /* get current login name and shell */ 168 ruid = getuid(); 169 username = getlogin(); 170 if (username == NULL || (pwd = getpwnam(username)) == NULL || 171 pwd->pw_uid != ruid) 172 pwd = getpwuid(ruid); 173 if (pwd == NULL) 174 errx(1, "who are you?"); 175 username = strdup(pwd->pw_name); 176 userpass = strdup(pwd->pw_passwd); 177 if (username == NULL || userpass == NULL) 178 err(1, "strdup"); 179 180 if (asme) { 181 if (pwd->pw_shell && *pwd->pw_shell) { 182 shell = strncpy(shellbuf, pwd->pw_shell, 183 sizeof(shellbuf) - 1); 184 shellbuf[sizeof(shellbuf) - 1] = '\0'; 185 } else { 186 shell = _PATH_BSHELL; 187 iscsh = NO; 188 } 189 } 190 /* get target login information, default to root */ 191 user = *argv ? *argv : "root"; 192 np = *argv ? argv : argv-1; 193 194 if ((pwd = getpwnam(user)) == NULL) 195 errx(1, "unknown login %s", user); 196 197 if (ruid 198 #ifdef KERBEROS 199 && (!use_kerberos || kerberos(username, user, pwd->pw_uid)) 200 #endif 201 ) { 202 char *pass = pwd->pw_passwd; 203 int ok = pwd->pw_uid != 0; 204 char **g; 205 206 /* 207 * Only allow those in group SUGROUP to su to root, 208 * but only if that group has any members. 209 * If SUGROUP has no members, allow anyone to su root 210 */ 211 if (!ok && 212 (gr = getgrnam(SUGROUP)) && *gr->gr_mem) { 213 214 for (g = gr->gr_mem; ; g++) { 215 if (*g == NULL) { 216 ok = 0; 217 break; 218 } 219 if (strcmp(username, *g) == 0) { 220 ok = 1; 221 break; 222 } 223 } 224 } 225 #ifdef ROOTAUTH 226 /* 227 * Allow those in group rootauth to su to root, by supplying 228 * their own password. 229 */ 230 if (!ok && (gr = getgrnam(ROOTAUTH))) 231 for (g = gr->gr_mem;; ++g) { 232 if (!*g) { 233 ok = 0; 234 break; 235 } 236 if (!strcmp(username, *g)) { 237 pass = userpass; 238 user = username; 239 ok = 1; 240 break; 241 } 242 } 243 #endif 244 if (!ok) 245 errx(1, 246 "you are not listed in the correct secondary group (%s) to su %s.", 247 SUGROUP, user); 248 /* if target requires a password, verify it */ 249 if (*pass) { 250 p = getpass("Password:"); 251 #ifdef SKEY 252 if (strcasecmp(p, "s/key") == 0) { 253 if (skey_haskey(user)) 254 errx(1, "Sorry, you have no s/key."); 255 else { 256 if (skey_authenticate(user)) { 257 goto badlogin; 258 } 259 } 260 261 } else 262 #endif 263 #ifdef SHADOWPASSWORDS 264 if (strcmp(pass, "x") == 0) { 265 if ((shapwd = getspnam(user)) == NULL) 266 errx(1, 267 "Could not find shadow passwd entry for %s", 268 user); 269 if (strcmp(shapwd->sp_pwdp, 270 crypt(p, shapwd->sp_pwdp))) { 271 goto badlogin; 272 } 273 } else 274 #endif 275 if (strcmp(pass, crypt(p, pass))) { 276 #if defined(SKEY) || defined(SHADOWPASSWORDS) 277 badlogin: 278 #endif 279 fprintf(stderr, "Sorry\n"); 280 syslog(LOG_AUTH|LOG_WARNING, 281 "BAD SU %s to %s%s", username, 282 pwd->pw_name, ontty()); 283 exit(1); 284 } 285 } 286 } 287 288 if (asme) { 289 /* if asme and non-standard target shell, must be root */ 290 if (!chshell(pwd->pw_shell) && ruid) 291 errx(1,"permission denied (shell)."); 292 } else if (pwd->pw_shell && *pwd->pw_shell) { 293 shell = pwd->pw_shell; 294 iscsh = UNSET; 295 } else { 296 shell = _PATH_BSHELL; 297 iscsh = NO; 298 } 299 300 if ((p = strrchr(shell, '/')) != NULL) 301 avshell = p+1; 302 else 303 avshell = shell; 304 305 /* if we're forking a csh, we want to slightly muck the args */ 306 if (iscsh == UNSET) 307 iscsh = strstr(avshell, "csh") ? YES : NO; 308 309 /* set permissions */ 310 if (setgid(pwd->pw_gid) < 0) 311 err(1, "setgid"); 312 if (initgroups(user, pwd->pw_gid)) 313 errx(1, "initgroups failed"); 314 if (setuid(pwd->pw_uid) < 0) 315 err(1, "setuid"); 316 317 if (!asme) { 318 if (asthem) { 319 p = getenv("TERM"); 320 cleanenv[0] = NULL; 321 environ = cleanenv; 322 (void)setenv("PATH", _PATH_DEFPATH, 1); 323 if (p) 324 (void)setenv("TERM", p, 1); 325 if (chdir(pwd->pw_dir) < 0) 326 errx(1, "no directory"); 327 } 328 if (asthem || pwd->pw_uid) 329 (void)setenv("USER", pwd->pw_name, 1); 330 (void)setenv("HOME", pwd->pw_dir, 1); 331 (void)setenv("SHELL", shell, 1); 332 } 333 334 if (iscsh == YES) { 335 if (fastlogin) 336 *np-- = "-f"; 337 if (asme) 338 *np-- = "-m"; 339 } 340 341 if (asthem) { 342 avshellbuf[0] = '-'; 343 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 344 avshell = avshellbuf; 345 } else if (iscsh == YES) { 346 /* csh strips the first character... */ 347 avshellbuf[0] = '_'; 348 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 349 avshell = avshellbuf; 350 } 351 *np = avshell; 352 353 #ifdef BSD4_4 354 if (pwd->pw_change || pwd->pw_expire) 355 (void)gettimeofday(&tp, (struct timezone *)NULL); 356 if (pwd->pw_change) { 357 if (tp.tv_sec >= pwd->pw_change) { 358 (void)printf("%s -- %s's password has expired.\n", 359 (ruid ? "Sorry" : "Note"), user); 360 if (ruid != 0) 361 exit(1); 362 } else if (pwd->pw_change - tp.tv_sec < 363 _PASSWORD_WARNDAYS * SECSPERDAY) 364 (void)printf("Warning: %s's password expires on %s", 365 user, ctime(&pwd->pw_change)); 366 } 367 if (pwd->pw_expire) { 368 if (tp.tv_sec >= pwd->pw_expire) { 369 (void)printf("%s -- %s's account has expired.\n", 370 (ruid ? "Sorry" : "Note"), user); 371 if (ruid != 0) 372 exit(1); 373 } else if (pwd->pw_expire - tp.tv_sec < 374 _PASSWORD_WARNDAYS * SECSPERDAY) 375 (void)printf("Warning: %s's account expires on %s", 376 user, ctime(&pwd->pw_expire)); 377 } 378 #endif 379 if (ruid != 0) 380 syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s", 381 username, pwd->pw_name, ontty()); 382 383 (void)setpriority(PRIO_PROCESS, 0, prio); 384 385 execv(shell, np); 386 err(1, "%s", shell); 387 /* NOTREACHED */ 388 } 389 390 static int 391 chshell(sh) 392 const char *sh; 393 { 394 const char *cp; 395 396 while ((cp = getusershell()) != NULL) 397 if (!strcmp(cp, sh)) 398 return (1); 399 return (0); 400 } 401 402 static char * 403 ontty() 404 { 405 char *p; 406 static char buf[MAXPATHLEN + 4]; 407 408 buf[0] = 0; 409 if ((p = ttyname(STDERR_FILENO)) != NULL) 410 (void)snprintf(buf, sizeof buf, " on %s", p); 411 return (buf); 412 } 413 414 #ifdef KERBEROS 415 static int 416 kerberos(username, user, uid) 417 char *username, *user; 418 int uid; 419 { 420 KTEXT_ST ticket; 421 AUTH_DAT authdata; 422 struct hostent *hp; 423 int kerno; 424 u_long faddr; 425 char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; 426 char hostname[MAXHOSTNAMELEN + 1], savehost[MAXHOSTNAMELEN + 1]; 427 428 if (krb_get_lrealm(lrealm, 1) != KSUCCESS || 429 strcmp(lrealm, KRB_REALM) == 0) 430 return (1); 431 if (koktologin(username, lrealm, user) && !uid) { 432 warnx("kerberos: not in %s's ACL.", user); 433 return (1); 434 } 435 (void)snprintf(krbtkfile, sizeof krbtkfile, "%s_%s_%d", TKT_ROOT, 436 user, getuid()); 437 438 (void)setenv("KRBTKFILE", krbtkfile, 1); 439 (void)krb_set_tkt_string(krbtkfile); 440 /* 441 * Set real as well as effective ID to 0 for the moment, 442 * to make the kerberos library do the right thing. 443 */ 444 if (setuid(0) < 0) { 445 warn("setuid"); 446 return (1); 447 } 448 449 /* 450 * Little trick here -- if we are su'ing to root, 451 * we need to get a ticket for "xxx.root", where xxx represents 452 * the name of the person su'ing. Otherwise (non-root case), 453 * we need to get a ticket for "yyy.", where yyy represents 454 * the name of the person being su'd to, and the instance is null 455 * 456 * We should have a way to set the ticket lifetime, 457 * with a system default for root. 458 */ 459 kerno = krb_get_pw_in_tkt((uid == 0 ? username : user), 460 (uid == 0 ? "root" : ""), lrealm, 461 "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0); 462 463 if (kerno != KSUCCESS) { 464 if (kerno == KDC_PR_UNKNOWN) { 465 warnx("kerberos: principal unknown: %s.%s@%s", 466 (uid == 0 ? username : user), 467 (uid == 0 ? "root" : ""), lrealm); 468 return (1); 469 } 470 warnx("kerberos: unable to su: %s", krb_err_txt[kerno]); 471 syslog(LOG_NOTICE|LOG_AUTH, 472 "BAD Kerberos SU: %s to %s%s: %s", 473 username, user, ontty(), krb_err_txt[kerno]); 474 return (1); 475 } 476 477 if (chown(krbtkfile, uid, -1) < 0) { 478 warn("chown"); 479 (void)unlink(krbtkfile); 480 return (1); 481 } 482 483 (void)setpriority(PRIO_PROCESS, 0, -2); 484 485 if (gethostname(hostname, sizeof(hostname)) == -1) { 486 warn("gethostname"); 487 dest_tkt(); 488 return (1); 489 } 490 hostname[sizeof(hostname) - 1] = '\0'; 491 492 (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost)); 493 savehost[sizeof(savehost) - 1] = '\0'; 494 495 kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33); 496 497 if (kerno == KDC_PR_UNKNOWN) { 498 warnx("Warning: TGT not verified."); 499 syslog(LOG_NOTICE|LOG_AUTH, 500 "%s to %s%s, TGT not verified (%s); %s.%s not registered?", 501 username, user, ontty(), krb_err_txt[kerno], 502 "rcmd", savehost); 503 } else if (kerno != KSUCCESS) { 504 warnx("Unable to use TGT: %s", krb_err_txt[kerno]); 505 syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s", 506 username, user, ontty(), krb_err_txt[kerno]); 507 dest_tkt(); 508 return (1); 509 } else { 510 if (!(hp = gethostbyname(hostname))) { 511 warnx("can't get addr of %s", hostname); 512 dest_tkt(); 513 return (1); 514 } 515 memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr)); 516 517 if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, 518 &authdata, "")) != KSUCCESS) { 519 warnx("kerberos: unable to verify rcmd ticket: %s\n", 520 krb_err_txt[kerno]); 521 syslog(LOG_NOTICE|LOG_AUTH, 522 "failed su: %s to %s%s: %s", username, 523 user, ontty(), krb_err_txt[kerno]); 524 dest_tkt(); 525 return (1); 526 } 527 } 528 return (0); 529 } 530 531 static int 532 koktologin(name, realm, toname) 533 char *name, *realm, *toname; 534 { 535 AUTH_DAT *kdata; 536 AUTH_DAT kdata_st; 537 538 kdata = &kdata_st; 539 memset((char *)kdata, 0, sizeof(*kdata)); 540 (void)strncpy(kdata->pname, name, sizeof(kdata->pname) - 1); 541 (void)strncpy(kdata->pinst, 542 ((strcmp(toname, "root") == 0) ? "root" : ""), sizeof(kdata->pinst) - 1); 543 (void)strncpy(kdata->prealm, realm, sizeof(kdata->prealm) - 1); 544 return (kuserok(kdata, toname)); 545 } 546 #endif 547
Indexes created Sun Sep 28 16:09:52 GMT 2025