1 /* 2 * Copyright (c) 1988 The Regents of the University of California. 3 * All rights reserved. 4 * 5 * %sccs.include.redist.c% 6 */ 7 8 #ifndef lint 9 char copyright[] = 10 "@(#) Copyright (c) 1988 The Regents of the University of California.\n\ 11 All rights reserved.\n"; 12 #endif /* not lint */ 13 14 #ifndef lint 15 static char sccsid[] = "@(#)su.c 5.22 (Berkeley) 08/25/90"; 16 #endif /* not lint */ 17 18 #include <sys/param.h> 19 #include <sys/time.h> 20 #include <sys/resource.h> 21 #include <syslog.h> 22 #include <stdio.h> 23 #include <pwd.h> 24 #include <grp.h> 25 #include <string.h> 26 #include <unistd.h> 27 #include "pathnames.h" 28 29 #ifdef KERBEROS 30 #include <kerberosIV/des.h> 31 #include <kerberosIV/krb.h> 32 #include <netdb.h> 33 34 #define ARGSTR "-Kflm" 35 36 int use_kerberos = 1; 37 #else 38 #define ARGSTR "-flm" 39 #endif 40 41 main(argc, argv) 42 int argc; 43 char **argv; 44 { 45 extern char **environ; 46 extern int errno, optind; 47 register struct passwd *pwd; 48 register char *p, **g; 49 struct group *gr; 50 uid_t ruid, getuid(); 51 int asme, ch, asthem, fastlogin, prio; 52 enum { UNSET, YES, NO } iscsh = UNSET; 53 char *user, *shell, *username, *cleanenv[2], *nargv[4], **np; 54 char shellbuf[MAXPATHLEN]; 55 char *crypt(), *getpass(), *getenv(), *getlogin(), *ontty(); 56 57 np = &nargv[3]; 58 *np-- = NULL; 59 asme = asthem = fastlogin = 0; 60 while ((ch = getopt(argc, argv, ARGSTR)) != EOF) 61 switch((char)ch) { 62 #ifdef KERBEROS 63 case 'K': 64 use_kerberos = 0; 65 break; 66 #endif 67 case 'f': 68 fastlogin = 1; 69 break; 70 case '-': 71 case 'l': 72 asme = 0; 73 asthem = 1; 74 break; 75 case 'm': 76 asme = 1; 77 asthem = 0; 78 break; 79 case '?': 80 default: 81 (void)fprintf(stderr, "usage: su [%s] [login]\n", 82 ARGSTR); 83 exit(1); 84 } 85 argv += optind; 86 87 errno = 0; 88 prio = getpriority(PRIO_PROCESS, 0); 89 if (errno) 90 prio = 0; 91 (void)setpriority(PRIO_PROCESS, 0, -2); 92 openlog("su", LOG_CONS, 0); 93 94 /* 95 * Get current login name and shell. 96 * This code assumes the trustable (system call) 97 * version of getlogin (the old one was easily confused). 98 */ 99 ruid = getuid(); 100 username = getlogin(); 101 if (username == NULL || (pwd = getpwnam(username)) == NULL) { 102 if (username) 103 syslog(LOG_AUTH|LOG_ERR, 104 "su attempt by unknown user %s (uid %d) to %s%s", 105 username, ruid, user, ontty()); 106 #ifdef notyet 107 /* 108 * The following will happen regularly from cron, etc. 109 * unless such things do a setlogin(). 110 */ 111 else 112 syslog(LOG_AUTH|LOG_ERR, 113 "su attempt with null login name (uid %d) to %s%s", 114 ruid, user, ontty()); 115 #endif 116 pwd = getpwuid(ruid); 117 if (pwd == NULL) { 118 fprintf(stderr, "su: who are you?\n"); 119 exit(1); 120 } 121 username = strdup(pwd->pw_name); 122 } 123 if (asme) 124 if (pwd->pw_shell && *pwd->pw_shell) 125 shell = strcpy(shellbuf, pwd->pw_shell); 126 else { 127 shell = _PATH_BSHELL; 128 iscsh = NO; 129 } 130 131 /* get target login information, default to root */ 132 user = *argv ? *argv : "root"; 133 if ((pwd = getpwnam(user)) == NULL) { 134 fprintf(stderr, "su: unknown login %s\n", user); 135 exit(1); 136 } 137 138 /* only allow those in group zero to su to root. */ 139 if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0))) 140 for (g = gr->gr_mem;; ++g) { 141 if (!*g) { 142 (void)fprintf(stderr, 143 "su: you are not in the correct group to su %s.\n", user); 144 exit(1); 145 } 146 if (!strcmp(username, *g)) 147 break; 148 } 149 150 if (ruid) { 151 #ifdef KERBEROS 152 if (!use_kerberos || kerberos(username, user, pwd->pw_uid)) 153 #endif 154 /* if target requires a password, verify it */ 155 if (*pwd->pw_passwd) { 156 p = getpass("Password:"); 157 if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) { 158 fprintf(stderr, "Sorry\n"); 159 syslog(LOG_AUTH|LOG_WARNING, 160 "BAD SU %s to %s%s", username, 161 user, ontty()); 162 exit(1); 163 } 164 } 165 } 166 167 if (asme) { 168 /* if asme and non-standard target shell, must be root */ 169 if (!chshell(pwd->pw_shell) && ruid) { 170 (void)fprintf(stderr, 171 "su: permission denied (shell).\n"); 172 exit(1); 173 } 174 } else if (pwd->pw_shell && *pwd->pw_shell) { 175 shell = pwd->pw_shell; 176 iscsh = UNSET; 177 } else { 178 shell = _PATH_BSHELL; 179 iscsh = NO; 180 } 181 182 /* if we're forking a csh, we want to slightly muck the args */ 183 if (iscsh == UNSET) { 184 if (p = rindex(shell, '/')) 185 ++p; 186 else 187 p = shell; 188 iscsh = strcmp(p, "csh") ? NO : YES; 189 } 190 191 /* set permissions */ 192 if (setgid(pwd->pw_gid) < 0) { 193 perror("su: setgid"); 194 exit(1); 195 } 196 if (initgroups(user, pwd->pw_gid)) { 197 (void)fprintf(stderr, "su: initgroups failed.\n"); 198 exit(1); 199 } 200 if (setuid(pwd->pw_uid) < 0) { 201 perror("su: setuid"); 202 exit(1); 203 } 204 205 if (!asme) { 206 if (asthem) { 207 p = getenv("TERM"); 208 cleanenv[0] = _PATH_SEARCHPATH; 209 cleanenv[1] = NULL; 210 environ = cleanenv; 211 (void)setenv("TERM", p, 1); 212 if (chdir(pwd->pw_dir) < 0) { 213 fprintf(stderr, "su: no directory\n"); 214 exit(1); 215 } 216 } 217 if (asthem || pwd->pw_uid) 218 (void)setenv("USER", pwd->pw_name, 1); 219 (void)setenv("HOME", pwd->pw_dir, 1); 220 (void)setenv("SHELL", shell, 1); 221 } 222 223 if (iscsh == YES) { 224 if (fastlogin) 225 *np-- = "-f"; 226 if (asme) 227 *np-- = "-m"; 228 } 229 230 /* csh strips the first character... */ 231 *np = asthem ? "-su" : iscsh == YES ? "_su" : "su"; 232 233 if (ruid != 0) 234 syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s", 235 username, user, ontty()); 236 237 (void)setpriority(PRIO_PROCESS, 0, prio); 238 239 execv(shell, np); 240 (void)fprintf(stderr, "su: %s not found.\n", shell); 241 exit(1); 242 } 243 244 chshell(sh) 245 char *sh; 246 { 247 register char *cp; 248 char *getusershell(); 249 250 while ((cp = getusershell()) != NULL) 251 if (!strcmp(cp, sh)) 252 return(1); 253 return(0); 254 } 255 256 char * 257 ontty() 258 { 259 char *p, *ttyname(); 260 static char buf[MAXPATHLEN + 4]; 261 262 buf[0] = 0; 263 if (p = ttyname(STDERR_FILENO)) 264 sprintf(buf, " on %s", p); 265 return (buf); 266 } 267 268 #ifdef KERBEROS 269 kerberos(username, user, uid) 270 char *username, *user; 271 int uid; 272 { 273 extern char *krb_err_txt[]; 274 KTEXT_ST ticket; 275 AUTH_DAT authdata; 276 struct hostent *hp; 277 register char *p; 278 int kerno; 279 u_long faddr; 280 char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN]; 281 char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN]; 282 char *ontty(); 283 284 if (krb_get_lrealm(lrealm, 1) != KSUCCESS) { 285 (void)fprintf(stderr, "su: couldn't get local realm.\n"); 286 return(1); 287 } 288 if (koktologin(username, lrealm, user) && !uid) { 289 (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user); 290 return(1); 291 } 292 (void)sprintf(krbtkfile, "%s_%s_%d", TKT_ROOT, user, getuid()); 293 294 (void)setenv("KRBTKFILE", krbtkfile, 1); 295 /* 296 * Set real as well as effective ID to 0 for the moment, 297 * to make the kerberos library do the right thing. 298 */ 299 if (setuid(0) < 0) { 300 perror("su: setuid"); 301 return(1); 302 } 303 (void)unlink(krbtkfile); 304 305 /* 306 * Little trick here -- if we are su'ing to root, 307 * we need to get a ticket for "xxx.root", where xxx represents 308 * the name of the person su'ing. Otherwise (non-root case), 309 * we need to get a ticket for "yyy.", where yyy represents 310 * the name of the person being su'd to, and the instance is null 311 * 312 * We should have a way to set the ticket lifetime, 313 * with a system default for root. 314 */ 315 kerno = krb_get_pw_in_tkt((uid == 0 ? username : user), 316 (uid == 0 ? "root" : ""), lrealm, 317 "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0); 318 319 if (kerno != KSUCCESS) { 320 if (kerno == KDC_PR_UNKNOWN) { 321 fprintf(stderr, "principal unknown: %s.%s@%s\n", 322 (uid == 0 ? username : user), 323 (uid == 0 ? "root" : ""), lrealm); 324 return(1); 325 } 326 (void)printf("su: unable to su: %s\n", krb_err_txt[kerno]); 327 syslog(LOG_NOTICE|LOG_AUTH, 328 "su: BAD Kerberos SU: %s to %s%s: %s", 329 username, user, ontty(), krb_err_txt[kerno]); 330 return(1); 331 } 332 333 if (chown(krbtkfile, uid, -1) < 0) { 334 perror("su: chown:"); 335 (void)unlink(krbtkfile); 336 return(1); 337 } 338 339 (void)setpriority(PRIO_PROCESS, 0, -2); 340 341 if (gethostname(hostname, sizeof(hostname)) == -1) { 342 perror("su: hostname"); 343 dest_tkt(); 344 return(1); 345 } 346 347 (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost)); 348 savehost[sizeof(savehost) - 1] = '\0'; 349 350 kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33); 351 352 if (kerno == KDC_PR_UNKNOWN) { 353 (void)printf("Warning: tgt not verified.\n"); 354 syslog(LOG_NOTICE|LOG_AUTH, 355 "su: %s to %s%s, TGT not verified", 356 username, user, ontty()); 357 } else if (kerno != KSUCCESS) { 358 (void)printf("Unable to use TGT: %s\n", krb_err_txt[kerno]); 359 syslog(LOG_NOTICE|LOG_AUTH, "su: failed su: %s to %s%s: %s", 360 username, user, ontty(), krb_err_txt[kerno]); 361 dest_tkt(); 362 return(1); 363 } else { 364 if (!(hp = gethostbyname(hostname))) { 365 (void)printf("su: can't get addr of %s\n", hostname); 366 dest_tkt(); 367 return(1); 368 } 369 (void)bcopy((char *)hp->h_addr, (char *)&faddr, sizeof(faddr)); 370 371 if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr, 372 &authdata, "")) != KSUCCESS) { 373 (void)printf("su: unable to verify rcmd ticket: %s\n", 374 krb_err_txt[kerno]); 375 syslog(LOG_NOTICE|LOG_AUTH, 376 "su: failed su: %s to %s%s: %s", username, 377 ontty(), user, krb_err_txt[kerno]); 378 dest_tkt(); 379 return(1); 380 } 381 } 382 return(0); 383 } 384 385 koktologin(name, realm, toname) 386 char *name, *realm, *toname; 387 { 388 register AUTH_DAT *kdata; 389 AUTH_DAT kdata_st; 390 391 kdata = &kdata_st; 392 bzero((caddr_t) kdata, sizeof(*kdata)); 393 (void)strcpy(kdata->pname, name); 394 (void)strcpy(kdata->pinst, 395 ((strcmp(toname, "root") == 0) ? "root" : "")); 396 (void)strcpy(kdata->prealm, realm); 397 return(kuserok(kdata, toname)); 398 } 399 #endif 400