su.c revision 1.33.2.3
1 /* $NetBSD: su.c,v 1.33.2.3 2000/02/18 19:31:24 he Exp $ */ 2 3 /* 4 * Copyright (c) 1988 The Regents of the University of California. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 __COPYRIGHT( 39 "@(#) Copyright (c) 1988 The Regents of the University of California.\n\ 40 All rights reserved.\n"); 41 #endif /* not lint */ 42 43 #ifndef lint 44 #if 0 45 static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/ 46 #else 47 __RCSID("$NetBSD: su.c,v 1.33.2.3 2000/02/18 19:31:24 he Exp $"); 48 #endif 49 #endif /* not lint */ 50 51 #include <sys/param.h> 52 #include <sys/time.h> 53 #include <sys/resource.h> 54 #include <err.h> 55 #include <errno.h> 56 #include <grp.h> 57 #include <paths.h> 58 #include <pwd.h> 59 #include <stdio.h> 60 #ifdef SKEY 61 #include <skey.h> 62 #endif 63 #include <stdlib.h> 64 #include <string.h> 65 #include <syslog.h> 66 #include <time.h> 67 #include <tzfile.h> 68 #include <unistd.h> 69 70 #ifdef KERBEROS 71 #include <kerberosIV/des.h> 72 #include <kerberosIV/krb.h> 73 #include <netdb.h> 74 75 #define ARGSTR "-Kflm" 76 77 int use_kerberos = 1; 78 79 static int kerberos __P((char *, char *, int)); 80 static int koktologin __P((char *, char *, char *)); 81 82 #else 83 #define ARGSTR "-flm" 84 #endif 85 86 #ifndef SUGROUP 87 #define SUGROUP "wheel" 88 #endif 89 90 int main __P((int, char **)); 91 92 static int chshell __P((const char *)); 93 static char *ontty __P((void)); 94 95 96 int 97 main(argc, argv) 98 int argc; 99 char **argv; 100 { 101 extern char *__progname; 102 extern char **environ; 103 struct passwd *pwd; 104 char *p; 105 struct group *gr; 106 #ifdef BSD4_4 107 struct timeval tp; 108 #endif 109 uid_t ruid; 110 int asme, ch, asthem, fastlogin, prio; 111 enum { UNSET, YES, NO } iscsh = UNSET; 112 char *user, *shell, *avshell, *username, **np; 113 char *userpass; 114 char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN]; 115 116 asme = asthem = fastlogin = 0; 117 shell = NULL; 118 while ((ch = getopt(argc, argv, ARGSTR)) != -1) 119 switch((char)ch) { 120 #ifdef KERBEROS 121 case 'K': 122 use_kerberos = 0; 123 break; 124 #endif 125 case 'f': 126 fastlogin = 1; 127 break; 128 case '-': 129 case 'l': 130 asme = 0; 131 asthem = 1; 132 break; 133 case 'm': 134 asme = 1; 135 asthem = 0; 136 break; 137 case '?': 138 default: 139 (void)fprintf(stderr, 140 "Usage: %s [%s] [login [shell arguments]]\n", 141 __progname, ARGSTR); 142 exit(1); 143 } 144 argv += optind; 145 146 errno = 0; 147 prio = getpriority(PRIO_PROCESS, 0); 148 if (errno) 149 prio = 0; 150 (void)setpriority(PRIO_PROCESS, 0, -2); 151 openlog("su", LOG_CONS, 0); 152 153 /* get current login name and shell */ 154 ruid = getuid(); 155 username = getlogin(); 156 if (username == NULL || (pwd = getpwnam(username)) == NULL || 157 pwd->pw_uid != ruid) 158 pwd = getpwuid(ruid); 159 if (pwd == NULL) 160 errx(1, "who are you?"); 161 username = strdup(pwd->pw_name); 162 userpass = strdup(pwd->pw_passwd); 163 if (username == NULL || userpass == NULL) 164 err(1, "strdup"); 165 166 if (asme) { 167 if (pwd->pw_shell && *pwd->pw_shell) { 168 shell = strncpy(shellbuf, pwd->pw_shell, 169 sizeof(shellbuf) - 1); 170 shellbuf[sizeof(shellbuf) - 1] = '\0'; 171 } else { 172 shell = _PATH_BSHELL; 173 iscsh = NO; 174 } 175 } 176 /* get target login information, default to root */ 177 user = *argv ? *argv : "root"; 178 np = *argv ? argv : argv-1; 179 180 if ((pwd = getpwnam(user)) == NULL) 181 errx(1, "unknown login %s", user); 182 if (ruid 183 #ifdef KERBEROS 184 && (!use_kerberos || kerberos(username, user, pwd->pw_uid)) 185 #endif 186 ) { 187 char *pass = pwd->pw_passwd; 188 int ok = pwd->pw_uid != 0; 189 char **g; 190 191 #ifdef ROOTAUTH 192 /* 193 * Allow those in group rootauth to su to root, by supplying 194 * their own password. 195 */ 196 if (!ok && (gr = getgrnam(ROOTAUTH))) 197 for (g = gr->gr_mem;; ++g) { 198 if (!*g) { 199 ok = 0; 200 break; 201 } 202 if (!strcmp(username, *g)) { 203 pass = userpass; 204 user = username; 205 ok = 1; 206 break; 207 } 208 } 209 #endif 210 /* 211 * Only allow those in group SUGROUP to su to root, 212 * but only if that group has any members. 213 * If SUGROUP has no members, allow anyone to su root 214 */ 215 if (!ok) { 216 if ( !(gr = getgrnam(SUGROUP)) || !*gr->gr_mem) 217 ok = 1; 218 else 219 for (g = gr->gr_mem; ; g++) { 220 if (*g == NULL) { 221 ok = 0; 222 break; 223 } 224 if (strcmp(username, *g) == 0) { 225 ok = 1; 226 break; 227 } 228 } 229 } 230 if (!ok) 231 errx(1, 232 "you are not listed in the correct secondary group (%s) to su %s.", 233 SUGROUP, user); 234 /* if target requires a password, verify it */ 235 if (*pass) { 236 p = getpass("Password:"); 237 #ifdef SKEY 238 if (strcasecmp(p, "s/key") == 0) { 239 if (skey_haskey(user)) 240 errx(1, "Sorry, you have no s/key."); 241 else { 242 if (skey_authenticate(user)) { 243 goto badlogin; 244 } 245 } 246 247 } else 248 #endif 249 if (strcmp(pass, crypt(p, pass))) { 250 #ifdef SKEY 251 badlogin: 252 #endif 253 fprintf(stderr, "Sorry\n"); 254 syslog(LOG_AUTH|LOG_WARNING, 255 "BAD SU %s to %s%s", username, 256 pwd->pw_name, ontty()); 257 exit(1); 258 } 259 } 260 } 261 262 if (asme) { 263 /* if asme and non-standard target shell, must be root */ 264 if (!chshell(pwd->pw_shell) && ruid) 265 errx(1,"permission denied (shell)."); 266 } else if (pwd->pw_shell && *pwd->pw_shell) { 267 shell = pwd->pw_shell; 268 iscsh = UNSET; 269 } else { 270 shell = _PATH_BSHELL; 271 iscsh = NO; 272 } 273 274 if ((p = strrchr(shell, '/')) != NULL) 275 avshell = p+1; 276 else 277 avshell = shell; 278 279 /* if we're forking a csh, we want to slightly muck the args */ 280 if (iscsh == UNSET) 281 iscsh = strstr(avshell, "csh") ? YES : NO; 282 283 /* set permissions */ 284 if (setgid(pwd->pw_gid) < 0) 285 err(1, "setgid"); 286 if (initgroups(user, pwd->pw_gid)) 287 errx(1, "initgroups failed"); 288 if (setuid(pwd->pw_uid) < 0) 289 err(1, "setuid"); 290 291 if (!asme) { 292 if (asthem) { 293 p = getenv("TERM"); 294 /* Create an empty environment */ 295 if ((environ = malloc(sizeof(char *))) == NULL) 296 err(1, "%s", ""); 297 environ[0] = NULL; 298 (void)setenv("PATH", _PATH_DEFPATH, 1); 299 if (p) 300 (void)setenv("TERM", p, 1); 301 if (chdir(pwd->pw_dir) < 0) 302 errx(1, "no directory"); 303 } 304 if (asthem || pwd->pw_uid) 305 (void)setenv("USER", pwd->pw_name, 1); 306 (void)setenv("HOME", pwd->pw_dir, 1); 307 (void)setenv("SHELL", shell, 1); 308 } 309 (void)setenv("SU_FROM", username, 1); 310 311 if (iscsh == YES) { 312 if (fastlogin) 313 *np-- = "-f"; 314 if (asme) 315 *np-- = "-m"; 316 } 317 318 if (asthem) { 319 avshellbuf[0] = '-'; 320 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 321 avshell = avshellbuf; 322 } else if (iscsh == YES) { 323 /* csh strips the first character... */ 324 avshellbuf[0] = '_'; 325 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 326 avshell = avshellbuf; 327 } 328 *np = avshell; 329 330 #ifdef BSD4_4 331 if (pwd->pw_change || pwd->pw_expire) 332 (void)gettimeofday(&tp, (struct timezone *)NULL); 333 if (pwd->pw_change) { 334 if (tp.tv_sec >= pwd->pw_change) { 335 (void)printf("%s -- %s's password has expired.\n", 336 (ruid ? "Sorry" : "Note"), user); 337 if (ruid != 0) 338 exit(1); 339 } else if (pwd->pw_change - tp.tv_sec < 340 _PASSWORD_WARNDAYS * SECSPERDAY) 341 (void)printf("Warning: %s's password expires on %s", 342 user, ctime(&pwd->pw_change)); 343 } 344 if (pwd->pw_expire) { 345 if (tp.tv_sec >= pwd->pw_expire) { 346 (void)printf("%s -- %s's account has expired.\n", 347 (ruid ? "Sorry" : "Note"), user); 348 if (ruid != 0) 349 exit(1); 350 } else if (pwd->pw_expire - tp.tv_sec < 351 _PASSWORD_WARNDAYS * SECSPERDAY) 352 (void)printf("Warning: %s's account expires on %s", 353 user, ctime(&pwd->pw_expire)); 354 } 355 #endif 356 if (ruid != 0) 357 syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s", 358 username, pwd->pw_name, ontty()); 359 360 (void)setpriority(PRIO_PROCESS, 0, prio); 361 362 execv(shell, np); 363 err(1, "%s", shell); 364 /* NOTREACHED */ 365 } 366 367 static int 368 chshell(sh) 369 const char *sh; 370 { 371 const char *cp; 372 373 while ((cp = getusershell()) != NULL) 374 if (!strcmp(cp, sh)) 375 return (1); 376 return (0); 377 } 378 379 static char * 380 ontty() 381 { 382 char *p; 383 static char buf[MAXPATHLEN + 4]; 384 385 buf[0] = 0; 386 if ((p = ttyname(STDERR_FILENO)) != NULL) 387 (void)snprintf(buf, sizeof buf, " on %s", p); 388 return (buf); 389 } 390 391 #ifdef KERBEROS 392 static int 393 kerberos(username, user, uid) 394 char *username, *user; 395 int uid; 396 { 397 KTEXT_ST ticket; 398 AUTH_DAT authdata; 399 struct hostent *hp; 400 int kerno; 401 u_long faddr; 402 char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; 403 char hostname[MAXHOSTNAMELEN + 1], savehost[MAXHOSTNAMELEN + 1]; 404 405 if (krb_get_lrealm(lrealm, 1) != KSUCCESS || 406 strcmp(lrealm, KRB_REALM) == 0) 407 return (1); 408 if (koktologin(username, lrealm, user) && !uid) { 409 warnx("kerberos: not in %s's ACL.", user); 410 return (1); 411 } 412 (void)snprintf(krbtkfile, sizeof krbtkfile, "%s_%s_%d", TKT_ROOT, 413 user, getuid()); 414 415 (void)setenv("KRBTKFILE", krbtkfile, 1); 416 (void)krb_set_tkt_string(krbtkfile); 417 /* 418 * Set real as well as effective ID to 0 for the moment, 419 * to make the kerberos library do the right thing. 420 */ 421 if (setuid(0) < 0) { 422 warn("setuid"); 423 return (1); 424 } 425 426 /* 427 * Little trick here -- if we are su'ing to root, 428 * we need to get a ticket for "xxx.root", where xxx represents 429 * the name of the person su'ing. Otherwise (non-root case), 430 * we need to get a ticket for "yyy.", where yyy represents 431 * the name of the person being su'd to, and the instance is null 432 * 433 * We should have a way to set the ticket lifetime, 434 * with a system default for root. 435 */ 436 kerno = krb_get_pw_in_tkt((uid == 0 ? username : user), 437 (uid == 0 ? "root" : ""), lrealm, 438 "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0); 439 440 if (kerno != KSUCCESS) { 441 if (kerno == KDC_PR_UNKNOWN) { 442 warnx("kerberos: principal unknown: %s.%s@%s", 443 (uid == 0 ? username : user), 444 (uid == 0 ? "root" : ""), lrealm); 445 return (1); 446 } 447 warnx("kerberos: unable to su: %s", krb_err_txt[kerno]); 448 syslog(LOG_NOTICE|LOG_AUTH, 449 "BAD Kerberos SU: %s to %s%s: %s", 450 username, user, ontty(), krb_err_txt[kerno]); 451 return (1); 452 } 453 454 if (chown(krbtkfile, uid, -1) < 0) { 455 warn("chown"); 456 (void)unlink(krbtkfile); 457 return (1); 458 } 459 460 (void)setpriority(PRIO_PROCESS, 0, -2); 461 462 if (gethostname(hostname, sizeof(hostname)) == -1) { 463 warn("gethostname"); 464 dest_tkt(); 465 return (1); 466 } 467 hostname[sizeof(hostname) - 1] = '\0'; 468 469 (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost)); 470 savehost[sizeof(savehost) - 1] = '\0'; 471 472 kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33); 473 474 if (kerno == KDC_PR_UNKNOWN) { 475 warnx("Warning: TGT not verified."); 476 syslog(LOG_NOTICE|LOG_AUTH, 477 "%s to %s%s, TGT not verified (%s); %s.%s not registered?", 478 username, user, ontty(), krb_err_txt[kerno], 479 "rcmd", savehost); 480 } else if (kerno != KSUCCESS) { 481 warnx("Unable to use TGT: %s", krb_err_txt[kerno]); 482 syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s", 483 username, user, ontty(), krb_err_txt[kerno]); 484 dest_tkt(); 485 return (1); 486 } else { 487 if (!(hp = gethostbyname(hostname))) { 488 warnx("can't get addr of %s", hostname); 489 dest_tkt(); 490 return (1); 491 } 492 memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr)); 493 494 if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, 495 &authdata, "")) != KSUCCESS) { 496 warnx("kerberos: unable to verify rcmd ticket: %s\n", 497 krb_err_txt[kerno]); 498 syslog(LOG_NOTICE|LOG_AUTH, 499 "failed su: %s to %s%s: %s", username, 500 user, ontty(), krb_err_txt[kerno]); 501 dest_tkt(); 502 return (1); 503 } 504 } 505 return (0); 506 } 507 508 static int 509 koktologin(name, realm, toname) 510 char *name, *realm, *toname; 511 { 512 AUTH_DAT *kdata; 513 AUTH_DAT kdata_st; 514 515 kdata = &kdata_st; 516 memset((char *)kdata, 0, sizeof(*kdata)); 517 (void)strncpy(kdata->pname, name, sizeof(kdata->pname) - 1); 518 (void)strncpy(kdata->pinst, 519 ((strcmp(toname, "root") == 0) ? "root" : ""), sizeof(kdata->pinst) - 1); 520 (void)strncpy(kdata->prealm, realm, sizeof(kdata->prealm) - 1); 521 return (kuserok(kdata, toname)); 522 } 523 #endif 524
Indexes created Mon Oct 27 04:09:48 GMT 2025