su.c revision 1.44
1 /* $NetBSD: su.c,v 1.44 2000/09/09 18:13:05 erh Exp $ */ 2 3 /* 4 * Copyright (c) 1988 The Regents of the University of California. 5 * All rights reserved. 6 * 7 * Redistribution and use in source and binary forms, with or without 8 * modification, are permitted provided that the following conditions 9 * are met: 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 2. Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * 3. All advertising materials mentioning features or use of this software 16 * must display the following acknowledgement: 17 * This product includes software developed by the University of 18 * California, Berkeley and its contributors. 19 * 4. Neither the name of the University nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #include <sys/cdefs.h> 37 #ifndef lint 38 __COPYRIGHT( 39 "@(#) Copyright (c) 1988 The Regents of the University of California.\n\ 40 All rights reserved.\n"); 41 #endif /* not lint */ 42 43 #ifndef lint 44 #if 0 45 static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/ 46 #else 47 __RCSID("$NetBSD: su.c,v 1.44 2000/09/09 18:13:05 erh Exp $"); 48 #endif 49 #endif /* not lint */ 50 51 #include <sys/param.h> 52 #include <sys/time.h> 53 #include <sys/resource.h> 54 #include <err.h> 55 #include <errno.h> 56 #include <grp.h> 57 #include <paths.h> 58 #include <pwd.h> 59 #include <stdio.h> 60 #ifdef SKEY 61 #include <skey.h> 62 #endif 63 #include <stdlib.h> 64 #include <string.h> 65 #include <syslog.h> 66 #include <time.h> 67 #include <tzfile.h> 68 #include <unistd.h> 69 70 #ifdef LOGIN_CAP 71 #include <login_cap.h> 72 #endif 73 74 #ifdef KERBEROS 75 #include <des.h> 76 #include <krb.h> 77 #include <netdb.h> 78 79 static int kerberos __P((char *, char *, int)); 80 static int koktologin __P((char *, char *, char *)); 81 82 #endif 83 84 #ifdef KERBEROS5 85 #include <krb5.h> 86 87 static int kerberos5 __P((char *, char *, int)); 88 89 #endif 90 91 #if defined(KERBEROS) || defined(KERBEROS5) 92 93 #define ARGSTRX "-Kflm" 94 95 int use_kerberos = 1; 96 97 #else 98 #define ARGSTRX "-flm" 99 #endif 100 101 #ifndef SUGROUP 102 #define SUGROUP "wheel" 103 #endif 104 105 #ifdef LOGIN_CAP 106 #define ARGSTR ARGSTRX "c:" 107 #else 108 #define ARGSTR ARGSTRX 109 #endif 110 111 int main __P((int, char **)); 112 113 static int chshell __P((const char *)); 114 static char *ontty __P((void)); 115 116 117 int 118 main(argc, argv) 119 int argc; 120 char **argv; 121 { 122 extern char *__progname; 123 extern char **environ; 124 struct passwd *pwd; 125 char *p; 126 struct group *gr; 127 #ifdef BSD4_4 128 struct timeval tp; 129 #endif 130 uid_t ruid; 131 int asme, ch, asthem, fastlogin, prio; 132 enum { UNSET, YES, NO } iscsh = UNSET; 133 char *user, *shell, *avshell, *username, **np; 134 char *userpass, *class; 135 char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN]; 136 time_t pw_warntime = _PASSWORD_WARNDAYS * SECSPERDAY; 137 #ifdef LOGIN_CAP 138 login_cap_t *lc; 139 #endif 140 141 asme = asthem = fastlogin = 0; 142 shell = class = NULL; 143 while ((ch = getopt(argc, argv, ARGSTR)) != -1) 144 switch((char)ch) { 145 #if defined(KERBEROS) || defined(KERBEROS5) 146 case 'K': 147 use_kerberos = 0; 148 break; 149 #endif 150 #ifdef LOGIN_CAP 151 case 'c': 152 class = optarg; 153 break; 154 #endif 155 case 'f': 156 fastlogin = 1; 157 break; 158 case '-': 159 case 'l': 160 asme = 0; 161 asthem = 1; 162 break; 163 case 'm': 164 asme = 1; 165 asthem = 0; 166 break; 167 case '?': 168 default: 169 (void)fprintf(stderr, 170 "Usage: %s [%s] [login [shell arguments]]\n", 171 __progname, ARGSTR); 172 exit(1); 173 } 174 argv += optind; 175 176 /* Lower the priority so su runs faster */ 177 errno = 0; 178 prio = getpriority(PRIO_PROCESS, 0); 179 if (errno) 180 prio = 0; 181 if (prio > -2) 182 (void)setpriority(PRIO_PROCESS, 0, -2); 183 openlog("su", LOG_CONS, 0); 184 185 /* get current login name and shell */ 186 ruid = getuid(); 187 username = getlogin(); 188 if (username == NULL || (pwd = getpwnam(username)) == NULL || 189 pwd->pw_uid != ruid) 190 pwd = getpwuid(ruid); 191 if (pwd == NULL) 192 errx(1, "who are you?"); 193 username = strdup(pwd->pw_name); 194 userpass = strdup(pwd->pw_passwd); 195 if (username == NULL || userpass == NULL) 196 err(1, "strdup"); 197 198 199 if (asme) { 200 if (pwd->pw_shell && *pwd->pw_shell) { 201 shell = strncpy(shellbuf, pwd->pw_shell, 202 sizeof(shellbuf) - 1); 203 shellbuf[sizeof(shellbuf) - 1] = '\0'; 204 } else { 205 shell = _PATH_BSHELL; 206 iscsh = NO; 207 } 208 } 209 /* get target login information, default to root */ 210 user = *argv ? *argv : "root"; 211 np = *argv ? argv : argv-1; 212 213 if ((pwd = getpwnam(user)) == NULL) 214 errx(1, "unknown login %s", user); 215 216 #ifdef LOGIN_CAP 217 /* force the usage of specified class */ 218 if (class) { 219 if (ruid) 220 errx(1, "Only root may use -c"); 221 222 pwd->pw_class = class; 223 } 224 lc = login_getclass(pwd->pw_class); 225 226 pw_warntime = login_getcaptime(lc, "password-warn", 227 _PASSWORD_WARNDAYS * SECSPERDAY, 228 _PASSWORD_WARNDAYS * SECSPERDAY); 229 #endif 230 231 if (ruid 232 #ifdef KERBEROS5 233 && (!use_kerberos || kerberos5(username, user, pwd->pw_uid)) 234 #endif 235 #ifdef KERBEROS 236 && (!use_kerberos || kerberos(username, user, pwd->pw_uid)) 237 #endif 238 ) { 239 char *pass = pwd->pw_passwd; 240 int ok = pwd->pw_uid != 0; 241 char **g; 242 243 #ifdef ROOTAUTH 244 /* 245 * Allow those in group rootauth to su to root, by supplying 246 * their own password. 247 */ 248 if (!ok && (gr = getgrnam(ROOTAUTH))) 249 for (g = gr->gr_mem;; ++g) { 250 if (!*g) { 251 ok = 0; 252 break; 253 } 254 if (!strcmp(username, *g)) { 255 pass = userpass; 256 user = username; 257 ok = 1; 258 break; 259 } 260 } 261 #endif 262 /* 263 * Only allow those in group SUGROUP to su to root, 264 * but only if that group has any members. 265 * If SUGROUP has no members, allow anyone to su root 266 */ 267 if (!ok) { 268 if ( !(gr = getgrnam(SUGROUP)) || !*gr->gr_mem) 269 ok = 1; 270 else 271 for (g = gr->gr_mem; ; g++) { 272 if (*g == NULL) { 273 ok = 0; 274 break; 275 } 276 if (strcmp(username, *g) == 0) { 277 ok = 1; 278 break; 279 } 280 } 281 } 282 if (!ok) 283 errx(1, 284 "you are not listed in the correct secondary group (%s) to su %s.", 285 SUGROUP, user); 286 /* if target requires a password, verify it */ 287 if (*pass) { 288 p = getpass("Password:"); 289 #ifdef SKEY 290 if (strcasecmp(p, "s/key") == 0) { 291 if (skey_haskey(user)) 292 errx(1, "Sorry, you have no s/key."); 293 else { 294 if (skey_authenticate(user)) { 295 goto badlogin; 296 } 297 } 298 299 } else 300 #endif 301 if (strcmp(pass, crypt(p, pass))) { 302 #ifdef SKEY 303 badlogin: 304 #endif 305 fprintf(stderr, "Sorry\n"); 306 syslog(LOG_AUTH|LOG_WARNING, 307 "BAD SU %s to %s%s", username, 308 pwd->pw_name, ontty()); 309 exit(1); 310 } 311 } 312 } 313 314 if (asme) { 315 /* if asme and non-standard target shell, must be root */ 316 if (!chshell(pwd->pw_shell) && ruid) 317 errx(1,"permission denied (shell)."); 318 } else if (pwd->pw_shell && *pwd->pw_shell) { 319 shell = pwd->pw_shell; 320 iscsh = UNSET; 321 } else { 322 shell = _PATH_BSHELL; 323 iscsh = NO; 324 } 325 326 if ((p = strrchr(shell, '/')) != NULL) 327 avshell = p+1; 328 else 329 avshell = shell; 330 331 /* if we're forking a csh, we want to slightly muck the args */ 332 if (iscsh == UNSET) 333 iscsh = strstr(avshell, "csh") ? YES : NO; 334 335 /* set permissions */ 336 #ifdef LOGIN_CAP 337 if (setusercontext(lc, pwd, pwd->pw_uid, 338 (asthem ? (LOGIN_SETPRIORITY | LOGIN_SETUMASK) : 0) | 339 LOGIN_SETRESOURCES | LOGIN_SETGROUP | LOGIN_SETUSER)) 340 err(1, "setting user context"); 341 #else 342 if (setgid(pwd->pw_gid) < 0) 343 err(1, "setgid"); 344 if (initgroups(user, pwd->pw_gid)) 345 errx(1, "initgroups failed"); 346 if (setuid(pwd->pw_uid) < 0) 347 err(1, "setuid"); 348 #endif 349 350 if (!asme) { 351 if (asthem) { 352 p = getenv("TERM"); 353 /* Create an empty environment */ 354 if ((environ = malloc(sizeof(char *))) == NULL) 355 err(1, NULL); 356 environ[0] = NULL; 357 #ifdef LOGIN_CAP 358 if (setusercontext(lc, pwd, pwd->pw_uid, LOGIN_SETPATH)) 359 err(1, "setting user context"); 360 #else 361 (void)setenv("PATH", _PATH_DEFPATH, 1); 362 #endif 363 if (p) 364 (void)setenv("TERM", p, 1); 365 if (chdir(pwd->pw_dir) < 0) 366 errx(1, "no directory"); 367 } 368 369 if (asthem || pwd->pw_uid) 370 (void)setenv("USER", pwd->pw_name, 1); 371 (void)setenv("HOME", pwd->pw_dir, 1); 372 (void)setenv("SHELL", shell, 1); 373 } 374 (void)setenv("SU_FROM", username, 1); 375 376 if (iscsh == YES) { 377 if (fastlogin) 378 *np-- = "-f"; 379 if (asme) 380 *np-- = "-m"; 381 } 382 383 if (asthem) { 384 avshellbuf[0] = '-'; 385 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 386 avshell = avshellbuf; 387 } else if (iscsh == YES) { 388 /* csh strips the first character... */ 389 avshellbuf[0] = '_'; 390 (void)strncpy(avshellbuf+1, avshell, sizeof(avshellbuf) - 2); 391 avshell = avshellbuf; 392 } 393 *np = avshell; 394 395 #ifdef BSD4_4 396 if (pwd->pw_change || pwd->pw_expire) 397 (void)gettimeofday(&tp, (struct timezone *)NULL); 398 if (pwd->pw_change) { 399 if (tp.tv_sec >= pwd->pw_change) { 400 (void)printf("%s -- %s's password has expired.\n", 401 (ruid ? "Sorry" : "Note"), user); 402 if (ruid != 0) 403 exit(1); 404 } else if (pwd->pw_change - tp.tv_sec < pw_warntime) 405 (void)printf("Warning: %s's password expires on %s", 406 user, ctime(&pwd->pw_change)); 407 } 408 if (pwd->pw_expire) { 409 if (tp.tv_sec >= pwd->pw_expire) { 410 (void)printf("%s -- %s's account has expired.\n", 411 (ruid ? "Sorry" : "Note"), user); 412 if (ruid != 0) 413 exit(1); 414 } else if (pwd->pw_expire - tp.tv_sec < 415 _PASSWORD_WARNDAYS * SECSPERDAY) 416 (void)printf("Warning: %s's account expires on %s", 417 user, ctime(&pwd->pw_expire)); 418 } 419 #endif 420 if (ruid != 0) 421 syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s", 422 username, pwd->pw_name, ontty()); 423 424 /* Raise our priority back to what we had before */ 425 (void)setpriority(PRIO_PROCESS, 0, prio); 426 427 execv(shell, np); 428 err(1, "%s", shell); 429 /* NOTREACHED */ 430 } 431 432 static int 433 chshell(sh) 434 const char *sh; 435 { 436 const char *cp; 437 438 while ((cp = getusershell()) != NULL) 439 if (!strcmp(cp, sh)) 440 return (1); 441 return (0); 442 } 443 444 static char * 445 ontty() 446 { 447 char *p; 448 static char buf[MAXPATHLEN + 4]; 449 450 buf[0] = 0; 451 if ((p = ttyname(STDERR_FILENO)) != NULL) 452 (void)snprintf(buf, sizeof buf, " on %s", p); 453 return (buf); 454 } 455 456 #ifdef KERBEROS5 457 static int 458 kerberos5(username, user, uid) 459 char *username, *user; 460 int uid; 461 { 462 krb5_error_code ret; 463 krb5_context context; 464 krb5_principal princ = NULL; 465 krb5_ccache ccache, ccache2; 466 char *cc_name; 467 const char *filename; 468 469 ret = krb5_init_context(&context); 470 if (ret) 471 return (1); 472 473 if (strcmp (user, "root") == 0) 474 ret = krb5_make_principal(context, &princ, 475 NULL, username, "root", NULL); 476 else 477 ret = krb5_make_principal(context, &princ, 478 NULL, user, NULL); 479 if (ret) 480 goto fail; 481 if (!krb5_kuserok(context, princ, user) && !uid) { 482 warnx ("kerberos5: not in %s's ACL.", user); 483 goto fail; 484 } 485 ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); 486 if (ret) 487 goto fail; 488 ret = krb5_verify_user_lrealm(context, princ, ccache, NULL, TRUE, 489 NULL); 490 if (ret) { 491 krb5_cc_destroy(context, ccache); 492 switch (ret) { 493 case KRB5_LIBOS_PWDINTR : 494 break; 495 case KRB5KRB_AP_ERR_BAD_INTEGRITY: 496 case KRB5KRB_AP_ERR_MODIFIED: 497 krb5_warnx(context, "Password incorrect"); 498 break; 499 default : 500 krb5_warn(context, ret, "krb5_verify_user"); 501 break; 502 } 503 goto fail; 504 } 505 ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2); 506 if (ret) { 507 krb5_cc_destroy(context, ccache); 508 goto fail; 509 } 510 ret = krb5_cc_copy_cache(context, ccache, ccache2); 511 if (ret) { 512 krb5_cc_destroy(context, ccache); 513 krb5_cc_destroy(context, ccache2); 514 goto fail; 515 } 516 517 filename = krb5_cc_get_name(context, ccache2); 518 asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2), 519 filename); 520 if (chown (filename, uid, -1) < 0) { 521 warn("chown %s", filename); 522 free(cc_name); 523 krb5_cc_destroy(context, ccache); 524 krb5_cc_destroy(context, ccache2); 525 goto fail; 526 } 527 528 setenv("KRB5CCNAME", cc_name, 1); 529 free(cc_name); 530 krb5_cc_close(context, ccache2); 531 krb5_cc_destroy(context, ccache); 532 return (0); 533 534 fail: 535 if (princ != NULL) 536 krb5_free_principal (context, princ); 537 krb5_free_context (context); 538 return (1); 539 } 540 #endif 541 542 #ifdef KERBEROS 543 static int 544 kerberos(username, user, uid) 545 char *username, *user; 546 int uid; 547 { 548 KTEXT_ST ticket; 549 AUTH_DAT authdata; 550 struct hostent *hp; 551 int kerno; 552 u_long faddr; 553 char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; 554 char hostname[MAXHOSTNAMELEN + 1], savehost[MAXHOSTNAMELEN + 1]; 555 556 if (krb_get_lrealm(lrealm, 1) != KSUCCESS) 557 return (1); 558 if (koktologin(username, lrealm, user) && !uid) { 559 warnx("kerberos: not in %s's ACL.", user); 560 return (1); 561 } 562 (void)snprintf(krbtkfile, sizeof krbtkfile, "%s_%s_%d", TKT_ROOT, 563 user, getuid()); 564 565 (void)setenv("KRBTKFILE", krbtkfile, 1); 566 (void)krb_set_tkt_string(krbtkfile); 567 /* 568 * Set real as well as effective ID to 0 for the moment, 569 * to make the kerberos library do the right thing. 570 */ 571 if (setuid(0) < 0) { 572 warn("setuid"); 573 return (1); 574 } 575 576 /* 577 * Little trick here -- if we are su'ing to root, 578 * we need to get a ticket for "xxx.root", where xxx represents 579 * the name of the person su'ing. Otherwise (non-root case), 580 * we need to get a ticket for "yyy.", where yyy represents 581 * the name of the person being su'd to, and the instance is null 582 * 583 * We should have a way to set the ticket lifetime, 584 * with a system default for root. 585 */ 586 { 587 char prompt[128]; 588 char passw[256]; 589 590 (void)snprintf (prompt, sizeof(prompt), 591 "%s's Password: ", 592 krb_unparse_name_long ((uid == 0 ? username : user), 593 (uid == 0 ? "root" : ""), 594 lrealm)); 595 if (des_read_pw_string (passw, sizeof (passw), prompt, 0)) { 596 memset (passw, 0, sizeof (passw)); 597 return (1); 598 } 599 if (strlen(passw) == 0) 600 return (1); /* Empty passwords are not allowed */ 601 602 kerno = krb_get_pw_in_tkt((uid == 0 ? username : user), 603 (uid == 0 ? "root" : ""), lrealm, 604 KRB_TICKET_GRANTING_TICKET, 605 lrealm, 606 DEFAULT_TKT_LIFE, 607 passw); 608 memset (passw, 0, strlen (passw)); 609 } 610 611 if (kerno != KSUCCESS) { 612 if (kerno == KDC_PR_UNKNOWN) { 613 warnx("kerberos: principal unknown: %s.%s@%s", 614 (uid == 0 ? username : user), 615 (uid == 0 ? "root" : ""), lrealm); 616 return (1); 617 } 618 warnx("kerberos: unable to su: %s", krb_err_txt[kerno]); 619 syslog(LOG_NOTICE|LOG_AUTH, 620 "BAD Kerberos SU: %s to %s%s: %s", 621 username, user, ontty(), krb_err_txt[kerno]); 622 return (1); 623 } 624 625 if (chown(krbtkfile, uid, -1) < 0) { 626 warn("chown"); 627 (void)unlink(krbtkfile); 628 return (1); 629 } 630 631 (void)setpriority(PRIO_PROCESS, 0, -2); 632 633 if (gethostname(hostname, sizeof(hostname)) == -1) { 634 warn("gethostname"); 635 dest_tkt(); 636 return (1); 637 } 638 hostname[sizeof(hostname) - 1] = '\0'; 639 640 (void)strlcpy(savehost, krb_get_phost(hostname), sizeof(savehost)); 641 savehost[sizeof(savehost) - 1] = '\0'; 642 643 kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33); 644 645 if (kerno == KDC_PR_UNKNOWN) { 646 warnx("Warning: TGT not verified."); 647 syslog(LOG_NOTICE|LOG_AUTH, 648 "%s to %s%s, TGT not verified (%s); %s.%s not registered?", 649 username, user, ontty(), krb_err_txt[kerno], 650 "rcmd", savehost); 651 } else if (kerno != KSUCCESS) { 652 warnx("Unable to use TGT: %s", krb_err_txt[kerno]); 653 syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s", 654 username, user, ontty(), krb_err_txt[kerno]); 655 dest_tkt(); 656 return (1); 657 } else { 658 if (!(hp = gethostbyname(hostname))) { 659 warnx("can't get addr of %s", hostname); 660 dest_tkt(); 661 return (1); 662 } 663 memmove((char *)&faddr, (char *)hp->h_addr, sizeof(faddr)); 664 665 if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, 666 &authdata, "")) != KSUCCESS) { 667 warnx("kerberos: unable to verify rcmd ticket: %s\n", 668 krb_err_txt[kerno]); 669 syslog(LOG_NOTICE|LOG_AUTH, 670 "failed su: %s to %s%s: %s", username, 671 user, ontty(), krb_err_txt[kerno]); 672 dest_tkt(); 673 return (1); 674 } 675 } 676 return (0); 677 } 678 679 static int 680 koktologin(name, realm, toname) 681 char *name, *realm, *toname; 682 { 683 return krb_kuserok(name, 684 strcmp (toname, "root") == 0 ? "root" : "", 685 realm, 686 toname); 687 } 688 #endif 689
Indexes created Fri Sep 26 08:10:20 GMT 2025