su.c revision 1.36
1 /* $NetBSD: su.c,v 1.36 1999/11/09 15:06:37 drochner Exp $ */ 2 3 /* 4 * Copyright (c) 1988 The Regents of the University of California. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 __COPYRIGHT( 39 "@(#) Copyright (c) 1988 The Regents of the University of California.\n\ 40 All rights reserved.\n"); 41 #endif /* not lint */ 42 43 #ifndef lint 44 #if 0 45 static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/ 46 #else 47 __RCSID("$NetBSD: su.c,v 1.36 1999/11/09 15:06:37 drochner Exp $"); 48 #endif 49 #endif /* not lint */ 50 51 #include <sys/param.h> 52 #include <sys/time.h> 53 #include <sys/resource.h> 54 #include <err.h> 55 #include <errno.h> 56 #include <grp.h> 57 #include <paths.h> 58 #include <pwd.h> 59 #include <stdio.h> 60 #ifdef SKEY 61 #include <skey.h> 62 #endif 63 #include <stdlib.h> 64 #include <string.h> 65 #include <syslog.h> 66 #include <time.h> 67 #include <tzfile.h> 68 #include <unistd.h> 69 70 #ifdef KERBEROS 71 #include <kerberosIV/des.h> 72 #include <kerberosIV/krb.h> 73 #include <netdb.h> 74 75 #define ARGSTR "-Kflm" 76 77 int use_kerberos = 1; 78 79 static int kerberos __P((char *, char *, int)); 80 static int koktologin __P((char *, char *, char *)); 81 82 #else 83 #define ARGSTR "-flm" 84 #endif 85 86 #ifndef SUGROUP 87 #define SUGROUP "wheel" 88 #endif 89 90 int main __P((int, char **)); 91 92 static int chshell __P((const char *)); 93 static char *ontty __P((void)); 94 95 96 int 97 main(argc, argv) 98 int argc; 99 char **argv; 100 { 101 extern char *__progname; 102 extern char **environ; 103 struct passwd *pwd; 104 char *p; 105 struct group *gr; 106 #ifdef BSD4_4 107 struct timeval tp; 108 #endif 109 uid_t ruid; 110 int asme, ch, asthem, fastlogin, prio; 111 enum { UNSET, YES, NO } iscsh = UNSET; 112 char *user, *shell, *avshell, *username, **np; 113 char *userpass; 114 char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN]; 115 116 asme = asthem = fastlogin = 0; 117 shell = NULL; 118 while ((ch = getopt(argc, argv, ARGSTR)) != -1) 119 switch((char)ch) { 120 #ifdef KERBEROS 121 case 'K': 122 use_kerberos = 0; 123 break; 124 #endif 125 case 'f': 126 fastlogin = 1; 127 break; 128 case '-': 129 case 'l': 130 asme = 0; 131 asthem = 1; 132 break; 133 case 'm': 134 asme = 1; 135 asthem = 0; 136 break; 137 case '?': 138 default: 139 (void)fprintf(stderr, 140 "Usage: %s [%s] [login [shell arguments]]\n", 141 __progname, ARGSTR); 142 exit(1); 143 } 144 argv += optind; 145 146 errno = 0; 147 prio = getpriority(PRIO_PROCESS, 0); 148 if (errno) 149 prio = 0; 150 (void)setpriority(PRIO_PROCESS, 0, -2); 151 openlog("su", LOG_CONS, 0); 152 153 /* get current login name and shell */ 154 ruid = getuid(); 155 username = getlogin(); 156 if (username == NULL || (pwd = getpwnam(username)) == NULL || 157 pwd->pw_uid != ruid) 158 pwd = getpwuid(ruid); 159 if (pwd == NULL) 160 errx(1, "who are you?"); 161 username = strdup(pwd->pw_name); 162 userpass = strdup(pwd->pw_passwd); 163 if (username == NULL || userpass == NULL) 164 err(1, "strdup"); 165 166 if (asme) { 167 if (pwd->pw_shell && *pwd->pw_shell) { 168 shell = strncpy(shellbuf, pwd->pw_shell, 169 sizeof(shellbuf) - 1); 170 shellbuf[sizeof(shellbuf) - 1] = '\0'; 171 } else { 172 shell = _PATH_BSHELL; 173 iscsh = NO; 174 } 175 } 176 /* get target login information, default to root */ 177 user = *argv ? *argv : "root"; 178 np = *argv ? argv : argv-1; 179 180 if ((pwd = getpwnam(user)) == NULL) 181 errx(1, "unknown login %s", user); 182 if (ruid 183 #ifdef KERBEROS 184 && (!use_kerberos || kerberos(username, user, pwd->pw_uid)) 185 #endif 186 ) { 187 char *pass = pwd->pw_passwd; 188 int ok = pwd->pw_uid != 0; 189 char **g; 190 191 #ifdef ROOTAUTH 192 /* 193 * Allow those in group rootauth to su to root, by supplying 194 * their own password. 195 */ 196 if (!ok && (gr = getgrnam(ROOTAUTH))) 197 for (g = gr->gr_mem;; ++g) { 198 if (!*g) { 199 ok = 0; 200 break; 201 } 202 if (!strcmp(username, *g)) { 203 pass = userpass; 204 user = username; 205 ok = 1; 206 break; 207 } 208 } 209 #endif 210 /* 211 * Only allow those in group SUGROUP to su to root, 212 * but only if that group has any members. 213 * If SUGROUP has no members, allow anyone to su root 214 */ 215 if (!ok) { 216 if ( !(gr = getgrnam(SUGROUP)) || !*gr->gr_mem) 217 ok = 1; 218 else 219 for (g = gr->gr_mem; ; g++) { 220 if (*g == NULL) { 221 ok = 0; 222 break; 223 } 224 if (strcmp(username, *g) == 0) { 225 ok = 1; 226 break; 227 } 228 } 229 } 230 if (!ok) 231 errx(1, 232 "you are not listed in the correct secondary group (%s) to su %s.", 233 SUGROUP, user); 234 /* if target requires a password, verify it */ 235 if (*pass) { 236 p = getpass("Password:"); 237 #ifdef SKEY 238 if (strcasecmp(p, "s/key") == 0) { 239 if (skey_haskey(user)) 240 errx(1, "Sorry, you have no s/key."); 241 else { 242 if (skey_authenticate(user)) { 243 goto badlogin; 244 } 245 } 246 247 } else 248 #endif 249 if (strcmp(pass, crypt(p, pass))) { 250 #ifdef SKEY 251 badlogin: 252 #endif 253 fprintf(stderr, "Sorry\n"); 254 syslog(LOG_AUTH|LOG_WARNING, 255 "BAD SU %s to %s%s", username, 256 pwd->pw_name, ontty()); 257 exit(1); 258 } 259 } 260 } 261 262 if (asme) { 263 /* if asme and non-standard target shell, must be root */ 264 if (!chshell(pwd->pw_shell) && ruid) 265 errx(1,"permission denied (shell)."); 266 } else if (pwd->pw_shell && *pwd->pw_shell) { 267 shell = pwd->pw_shell; 268 iscsh = UNSET; 269 } else { 270 shell = _PATH_BSHELL; 271 iscsh = NO; 272 } 273 274 if ((p = strrchr(shell, '/')) != NULL) 275 avshell = p+1; 276 else 277 avshell = shell; 278 279 /* if we're forking a csh, we want to slightly muck the args */ 280 if (iscsh == UNSET) 281 iscsh = strstr(avshell, "csh") ? YES : NO; 282 283 /* set permissions */ 284 if (setgid(pwd->pw_gid) < 0) 285 err(1, "setgid"); 286 if (initgroups(user, pwd->pw_gid)) 287 errx(1, "initgroups failed"); 288 if (setuid(pwd->pw_uid) < 0) 289 err(1, "setuid"); 290 291 if (!asme) { 292 if (asthem) { 293 p = getenv("TERM"); 294 /* Create an empty environment */ 295 if ((environ = malloc(sizeof(char *))) == NULL) 296 err(1, NULL); 297 environ[0] = NULL; 298 (void)setenv("PATH", _PATH_DEFPATH, 1); 299 if (p) 300 (void)setenv("TERM", p, 1); 301 if (chdir(pwd->pw_dir) < 0) 302 errx(1, "no directory"); 303 } 304 if (asthem || pwd->pw_uid) 305 (void)setenv("USER", pwd->pw_name, 1); 306 (void)setenv("HOME", pwd->pw_dir, 1); 307 (void)setenv("SHELL", shell, 1); 308 } 309 310 if (iscsh == YES) { 311 if (fastlogin) 312 *np-- = "-f"; 313 if (asme) 314 *np-- = "-m"; 315 } 316 317 if (asthem) { 318 avshellbuf[0] = '-'; 319 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 320 avshell = avshellbuf; 321 } else if (iscsh == YES) { 322 /* csh strips the first character... */ 323 avshellbuf[0] = '_'; 324 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 325 avshell = avshellbuf; 326 } 327 *np = avshell; 328 329 #ifdef BSD4_4 330 if (pwd->pw_change || pwd->pw_expire) 331 (void)gettimeofday(&tp, (struct timezone *)NULL); 332 if (pwd->pw_change) { 333 if (tp.tv_sec >= pwd->pw_change) { 334 (void)printf("%s -- %s's password has expired.\n", 335 (ruid ? "Sorry" : "Note"), user); 336 if (ruid != 0) 337 exit(1); 338 } else if (pwd->pw_change - tp.tv_sec < 339 _PASSWORD_WARNDAYS * SECSPERDAY) 340 (void)printf("Warning: %s's password expires on %s", 341 user, ctime(&pwd->pw_change)); 342 } 343 if (pwd->pw_expire) { 344 if (tp.tv_sec >= pwd->pw_expire) { 345 (void)printf("%s -- %s's account has expired.\n", 346 (ruid ? "Sorry" : "Note"), user); 347 if (ruid != 0) 348 exit(1); 349 } else if (pwd->pw_expire - tp.tv_sec < 350 _PASSWORD_WARNDAYS * SECSPERDAY) 351 (void)printf("Warning: %s's account expires on %s", 352 user, ctime(&pwd->pw_expire)); 353 } 354 #endif 355 if (ruid != 0) 356 syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s", 357 username, pwd->pw_name, ontty()); 358 359 (void)setpriority(PRIO_PROCESS, 0, prio); 360 361 execv(shell, np); 362 err(1, "%s", shell); 363 /* NOTREACHED */ 364 } 365 366 static int 367 chshell(sh) 368 const char *sh; 369 { 370 const char *cp; 371 372 while ((cp = getusershell()) != NULL) 373 if (!strcmp(cp, sh)) 374 return (1); 375 return (0); 376 } 377 378 static char * 379 ontty() 380 { 381 char *p; 382 static char buf[MAXPATHLEN + 4]; 383 384 buf[0] = 0; 385 if ((p = ttyname(STDERR_FILENO)) != NULL) 386 (void)snprintf(buf, sizeof buf, " on %s", p); 387 return (buf); 388 } 389 390 #ifdef KERBEROS 391 static int 392 kerberos(username, user, uid) 393 char *username, *user; 394 int uid; 395 { 396 KTEXT_ST ticket; 397 AUTH_DAT authdata; 398 struct hostent *hp; 399 int kerno; 400 u_long faddr; 401 char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; 402 char hostname[MAXHOSTNAMELEN + 1], savehost[MAXHOSTNAMELEN + 1]; 403 404 if (krb_get_lrealm(lrealm, 1) != KSUCCESS || 405 strcmp(lrealm, KRB_REALM) == 0) 406 return (1); 407 if (koktologin(username, lrealm, user) && !uid) { 408 warnx("kerberos: not in %s's ACL.", user); 409 return (1); 410 } 411 (void)snprintf(krbtkfile, sizeof krbtkfile, "%s_%s_%d", TKT_ROOT, 412 user, getuid()); 413 414 (void)setenv("KRBTKFILE", krbtkfile, 1); 415 (void)krb_set_tkt_string(krbtkfile); 416 /* 417 * Set real as well as effective ID to 0 for the moment, 418 * to make the kerberos library do the right thing. 419 */ 420 if (setuid(0) < 0) { 421 warn("setuid"); 422 return (1); 423 } 424 425 /* 426 * Little trick here -- if we are su'ing to root, 427 * we need to get a ticket for "xxx.root", where xxx represents 428 * the name of the person su'ing. Otherwise (non-root case), 429 * we need to get a ticket for "yyy.", where yyy represents 430 * the name of the person being su'd to, and the instance is null 431 * 432 * We should have a way to set the ticket lifetime, 433 * with a system default for root. 434 */ 435 kerno = krb_get_pw_in_tkt((uid == 0 ? username : user), 436 (uid == 0 ? "root" : ""), lrealm, 437 "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0); 438 439 if (kerno != KSUCCESS) { 440 if (kerno == KDC_PR_UNKNOWN) { 441 warnx("kerberos: principal unknown: %s.%s@%s", 442 (uid == 0 ? username : user), 443 (uid == 0 ? "root" : ""), lrealm); 444 return (1); 445 } 446 warnx("kerberos: unable to su: %s", krb_err_txt[kerno]); 447 syslog(LOG_NOTICE|LOG_AUTH, 448 "BAD Kerberos SU: %s to %s%s: %s", 449 username, user, ontty(), krb_err_txt[kerno]); 450 return (1); 451 } 452 453 if (chown(krbtkfile, uid, -1) < 0) { 454 warn("chown"); 455 (void)unlink(krbtkfile); 456 return (1); 457 } 458 459 (void)setpriority(PRIO_PROCESS, 0, -2); 460 461 if (gethostname(hostname, sizeof(hostname)) == -1) { 462 warn("gethostname"); 463 dest_tkt(); 464 return (1); 465 } 466 hostname[sizeof(hostname) - 1] = '\0'; 467 468 (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost)); 469 savehost[sizeof(savehost) - 1] = '\0'; 470 471 kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33); 472 473 if (kerno == KDC_PR_UNKNOWN) { 474 warnx("Warning: TGT not verified."); 475 syslog(LOG_NOTICE|LOG_AUTH, 476 "%s to %s%s, TGT not verified (%s); %s.%s not registered?", 477 username, user, ontty(), krb_err_txt[kerno], 478 "rcmd", savehost); 479 } else if (kerno != KSUCCESS) { 480 warnx("Unable to use TGT: %s", krb_err_txt[kerno]); 481 syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s", 482 username, user, ontty(), krb_err_txt[kerno]); 483 dest_tkt(); 484 return (1); 485 } else { 486 if (!(hp = gethostbyname(hostname))) { 487 warnx("can't get addr of %s", hostname); 488 dest_tkt(); 489 return (1); 490 } 491 memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr)); 492 493 if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, 494 &authdata, "")) != KSUCCESS) { 495 warnx("kerberos: unable to verify rcmd ticket: %s\n", 496 krb_err_txt[kerno]); 497 syslog(LOG_NOTICE|LOG_AUTH, 498 "failed su: %s to %s%s: %s", username, 499 user, ontty(), krb_err_txt[kerno]); 500 dest_tkt(); 501 return (1); 502 } 503 } 504 return (0); 505 } 506 507 static int 508 koktologin(name, realm, toname) 509 char *name, *realm, *toname; 510 { 511 AUTH_DAT *kdata; 512 AUTH_DAT kdata_st; 513 514 kdata = &kdata_st; 515 memset((char *)kdata, 0, sizeof(*kdata)); 516 (void)strncpy(kdata->pname, name, sizeof(kdata->pname) - 1); 517 (void)strncpy(kdata->pinst, 518 ((strcmp(toname, "root") == 0) ? "root" : ""), sizeof(kdata->pinst) - 1); 519 (void)strncpy(kdata->prealm, realm, sizeof(kdata->prealm) - 1); 520 return (kuserok(kdata, toname)); 521 } 522 #endif 523
Indexes created Sat Sep 27 14:09:57 GMT 2025