2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* Copyright 1989 - 1994, Julianne Frances Haugh
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of Julianne F. Haugh nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
2007-10-07 17:14:59 +05:30
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
|
2007-10-07 17:14:02 +05:30
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <config.h>
|
|
|
|
|
|
|
|
#include "rcsid.h"
|
2007-10-07 17:16:52 +05:30
|
|
|
RCSID (PKG_VER "$Id: su.c,v 1.41 2005/08/04 19:13:43 kloczek Exp $")
|
2007-10-07 17:16:34 +05:30
|
|
|
#include <grp.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <signal.h>
|
2007-10-07 17:14:02 +05:30
|
|
|
#include <stdio.h>
|
2007-10-07 17:16:34 +05:30
|
|
|
#include <sys/types.h>
|
2007-10-07 17:14:02 +05:30
|
|
|
#include "prototypes.h"
|
|
|
|
#include "defines.h"
|
|
|
|
#include "pwauth.h"
|
|
|
|
#include "getdef.h"
|
2007-10-07 17:16:34 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
#include "pam_defs.h"
|
|
|
|
#endif
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* Assorted #defines to control su's behavior
|
|
|
|
*/
|
|
|
|
/*
|
|
|
|
* Global variables
|
|
|
|
*/
|
2007-10-07 17:14:14 +05:30
|
|
|
/* not needed by sulog.c anymore */
|
|
|
|
static char name[BUFSIZ];
|
|
|
|
static char oldname[BUFSIZ];
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
static const struct pam_conv conv = {
|
|
|
|
misc_conv,
|
|
|
|
NULL
|
|
|
|
};
|
|
|
|
|
|
|
|
static pam_handle_t *pamh = NULL;
|
|
|
|
static int caught = 0;
|
|
|
|
#endif
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
static char *Prog;
|
2007-10-07 17:15:14 +05:30
|
|
|
extern struct passwd pwent;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* External identifiers
|
|
|
|
*/
|
|
|
|
|
|
|
|
extern char **newenvp;
|
|
|
|
extern char **environ;
|
2007-10-07 17:16:34 +05:30
|
|
|
extern size_t newenvc;
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/* local function prototypes */
|
|
|
|
|
|
|
|
#ifndef USE_PAM
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
static RETSIGTYPE die (int);
|
|
|
|
static int iswheel (const char *);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* die - set or reset termio modes.
|
|
|
|
*
|
2007-10-07 17:14:59 +05:30
|
|
|
* die() is called before processing begins. signal() is then called
|
|
|
|
* with die() as the signal handler. If signal later calls die() with a
|
|
|
|
* signal number, the terminal modes are then reset.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
static RETSIGTYPE die (int killed)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
static TERMIO sgtty;
|
|
|
|
|
|
|
|
if (killed)
|
2007-10-07 17:14:59 +05:30
|
|
|
STTY (0, &sgtty);
|
2007-10-07 17:14:02 +05:30
|
|
|
else
|
2007-10-07 17:14:59 +05:30
|
|
|
GTTY (0, &sgtty);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
if (killed) {
|
2007-10-07 17:14:59 +05:30
|
|
|
closelog ();
|
|
|
|
exit (killed);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
static int iswheel (const char *username)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
|
|
|
struct group *grp;
|
|
|
|
|
2007-10-07 17:16:07 +05:30
|
|
|
grp = getgrnam ("wheel");;
|
2007-10-07 17:14:02 +05:30
|
|
|
if (!grp || !grp->gr_mem)
|
|
|
|
return 0;
|
2007-10-07 17:14:59 +05:30
|
|
|
return is_on_list (grp->gr_mem, username);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* !USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
static void su_failure (const char *tty)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:14:59 +05:30
|
|
|
sulog (tty, 0, oldname, name); /* log failed attempt */
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef USE_SYSLOG
|
2007-10-07 17:14:59 +05:30
|
|
|
if (getdef_bool ("SYSLOG_SU_ENAB"))
|
|
|
|
SYSLOG ((pwent.pw_uid ? LOG_INFO : LOG_NOTICE,
|
2007-10-07 17:16:25 +05:30
|
|
|
"- %s %s:%s", tty,
|
2007-10-07 17:16:07 +05:30
|
|
|
oldname[0] ? oldname : "???", name[0] ? name : "???"));
|
2007-10-07 17:14:59 +05:30
|
|
|
closelog ();
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
2007-10-07 17:14:59 +05:30
|
|
|
puts (_("Sorry."));
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
#ifdef USE_PAM
|
2007-10-07 17:15:40 +05:30
|
|
|
/* Signal handler for parent process later */
|
|
|
|
static void su_catch_sig (int sig)
|
|
|
|
{
|
|
|
|
++caught;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* This I ripped out of su.c from sh-utils after the Mandrake pam patch
|
|
|
|
* have been applied. Some work was needed to get it integrated into
|
|
|
|
* su.c from shadow.
|
|
|
|
*/
|
|
|
|
static void run_shell (const char *shellstr, char *args[], int doshell)
|
|
|
|
{
|
|
|
|
int child;
|
|
|
|
sigset_t ourset;
|
|
|
|
int status;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
child = fork ();
|
|
|
|
if (child == 0) { /* child shell */
|
|
|
|
pam_end (pamh, PAM_SUCCESS);
|
|
|
|
|
|
|
|
if (doshell)
|
|
|
|
shell (shellstr, (char *) args[0]);
|
|
|
|
else
|
|
|
|
(void) execv (shellstr, (char **) args);
|
|
|
|
{
|
|
|
|
int exit_status = (errno == ENOENT ? 127 : 126);
|
|
|
|
|
|
|
|
exit (exit_status);
|
|
|
|
}
|
|
|
|
} else if (child == -1) {
|
2007-10-07 17:16:07 +05:30
|
|
|
(void) fprintf (stderr, "%s: Cannot fork user shell\n", Prog);
|
2007-10-07 17:15:40 +05:30
|
|
|
SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell));
|
|
|
|
closelog ();
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
/* parent only */
|
|
|
|
sigfillset (&ourset);
|
|
|
|
if (sigprocmask (SIG_BLOCK, &ourset, NULL)) {
|
|
|
|
(void) fprintf (stderr, "%s: signal malfunction\n", Prog);
|
|
|
|
caught = 1;
|
|
|
|
}
|
|
|
|
if (!caught) {
|
|
|
|
struct sigaction action;
|
|
|
|
|
|
|
|
action.sa_handler = su_catch_sig;
|
|
|
|
sigemptyset (&action.sa_mask);
|
|
|
|
action.sa_flags = 0;
|
|
|
|
sigemptyset (&ourset);
|
|
|
|
|
|
|
|
if (sigaddset (&ourset, SIGTERM)
|
|
|
|
|| sigaddset (&ourset, SIGALRM)
|
|
|
|
|| sigaction (SIGTERM, &action, NULL)
|
|
|
|
|| sigprocmask (SIG_UNBLOCK, &ourset, NULL)
|
|
|
|
) {
|
|
|
|
fprintf (stderr,
|
|
|
|
"%s: signal masking malfunction\n", Prog);
|
|
|
|
caught = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!caught) {
|
|
|
|
do {
|
|
|
|
int pid;
|
|
|
|
|
|
|
|
pid = waitpid (-1, &status, WUNTRACED);
|
|
|
|
|
|
|
|
if (WIFSTOPPED (status)) {
|
|
|
|
kill (getpid (), SIGSTOP);
|
|
|
|
/* once we get here, we must have resumed */
|
|
|
|
kill (pid, SIGCONT);
|
|
|
|
}
|
|
|
|
} while (WIFSTOPPED (status));
|
|
|
|
}
|
|
|
|
|
|
|
|
if (caught) {
|
|
|
|
fprintf (stderr, "\nSession terminated, killing shell...");
|
|
|
|
kill (child, SIGTERM);
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = pam_close_session (pamh, 0);
|
|
|
|
if (ret != PAM_SUCCESS) {
|
|
|
|
SYSLOG ((LOG_ERR, "pam_close_session: %s",
|
|
|
|
pam_strerror (pamh, ret)));
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, "%s: %s\n", Prog, pam_strerror (pamh, ret));
|
2007-10-07 17:15:40 +05:30
|
|
|
pam_end (pamh, ret);
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = pam_end (pamh, PAM_SUCCESS);
|
|
|
|
|
|
|
|
if (caught) {
|
|
|
|
sleep (2);
|
|
|
|
kill (child, SIGKILL);
|
|
|
|
fprintf (stderr, " ...killed.\n");
|
|
|
|
exit (-1);
|
|
|
|
}
|
|
|
|
|
|
|
|
exit (WEXITSTATUS (status));
|
|
|
|
}
|
|
|
|
#endif
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* su - switch user id
|
|
|
|
*
|
2007-10-07 17:14:59 +05:30
|
|
|
* su changes the user's ids to the values for the specified user. if
|
|
|
|
* no new user name is specified, "root" is used by default.
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
2007-10-07 17:14:59 +05:30
|
|
|
* The only valid option is a "-" character, which is interpreted as
|
|
|
|
* requiring a new login session to be simulated.
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Any additional arguments are passed to the user's shell. In
|
|
|
|
* particular, the argument "-c" will cause the next argument to be
|
|
|
|
* interpreted as a command by the common shell programs.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
int main (int argc, char **argv)
|
2007-10-07 17:14:02 +05:30
|
|
|
{
|
2007-10-07 17:14:59 +05:30
|
|
|
char *cp;
|
2007-10-07 17:15:40 +05:30
|
|
|
char **envcp;
|
2007-10-07 17:14:59 +05:30
|
|
|
const char *tty = 0; /* Name of tty SU is run from */
|
|
|
|
int doshell = 0;
|
|
|
|
int fakelogin = 0;
|
|
|
|
int amroot = 0;
|
2007-10-07 17:14:02 +05:30
|
|
|
uid_t my_uid;
|
2007-10-07 17:14:59 +05:30
|
|
|
struct passwd *pw = 0;
|
|
|
|
char **envp = environ;
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef USE_PAM
|
|
|
|
int ret;
|
2007-10-07 17:14:59 +05:30
|
|
|
#else /* !USE_PAM */
|
|
|
|
RETSIGTYPE (*oldsig) ();
|
2007-10-07 17:14:02 +05:30
|
|
|
int is_console = 0;
|
2007-10-07 17:14:59 +05:30
|
|
|
|
|
|
|
struct spwd *spwd = 0;
|
2007-10-07 17:16:25 +05:30
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef SU_ACCESS
|
|
|
|
char *oldpass;
|
|
|
|
#endif
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* !USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
sanitize_env ();
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
setlocale (LC_ALL, "");
|
|
|
|
bindtextdomain (PACKAGE, LOCALEDIR);
|
|
|
|
textdomain (PACKAGE);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Get the program name. The program name is used as a prefix to
|
|
|
|
* most error messages.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
Prog = Basename (argv[0]);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
OPENLOG ("su");
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
initenv ();
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
my_uid = getuid ();
|
2007-10-07 17:14:02 +05:30
|
|
|
amroot = (my_uid == 0);
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Get the tty name. Entries will be logged indicating that the user
|
|
|
|
* tried to change to the named new user from the current terminal.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (isatty (0) && (cp = ttyname (0))) {
|
2007-10-07 17:14:02 +05:30
|
|
|
if (strncmp (cp, "/dev/", 5) == 0)
|
|
|
|
tty = cp + 5;
|
|
|
|
else
|
|
|
|
tty = cp;
|
|
|
|
#ifndef USE_PAM
|
2007-10-07 17:14:59 +05:30
|
|
|
is_console = console (tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* Be more paranoid, like su from SimplePAMApps. --marekm
|
|
|
|
*/
|
|
|
|
if (!amroot) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr,
|
2007-10-07 17:16:07 +05:30
|
|
|
_("%s: must be run from a terminal\n"), Prog);
|
2007-10-07 17:14:59 +05:30
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
tty = "???";
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Process the command line arguments.
|
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
argc--;
|
|
|
|
argv++; /* shift out command name */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (argc > 0 && strcmp (argv[0], "-") == 0) {
|
2007-10-07 17:14:02 +05:30
|
|
|
fakelogin = 1;
|
2007-10-07 17:14:59 +05:30
|
|
|
argc--;
|
|
|
|
argv++; /* shift ... */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* If a new login is being set up, the old environment will be
|
|
|
|
* ignored and a new one created later on.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:14 +05:30
|
|
|
if (fakelogin) {
|
2007-10-07 17:14:59 +05:30
|
|
|
/*
|
|
|
|
* The terminal type will be left alone if it is present in
|
|
|
|
* the environment already.
|
|
|
|
*/
|
2007-10-07 17:14:14 +05:30
|
|
|
if ((cp = getenv ("TERM")))
|
2007-10-07 17:14:59 +05:30
|
|
|
addenv ("TERM", cp);
|
2007-10-07 17:15:40 +05:30
|
|
|
#ifndef USE_PAM
|
2007-10-07 17:16:34 +05:30
|
|
|
if ((cp = getdef_str ("ENV_TZ")))
|
|
|
|
addenv (*cp == '/' ? tz (cp) : cp, NULL);
|
|
|
|
/*
|
|
|
|
* The clock frequency will be reset to the login value if required
|
|
|
|
*/
|
|
|
|
if ((cp = getdef_str ("ENV_HZ")))
|
|
|
|
addenv (cp, NULL); /* set the default $HZ, if one */
|
2007-10-07 17:15:40 +05:30
|
|
|
/*
|
|
|
|
* Also leave DISPLAY and XAUTHORITY if present, else
|
|
|
|
* pam_xauth will not work.
|
|
|
|
*/
|
|
|
|
if ((cp = getenv ("DISPLAY")))
|
|
|
|
addenv ("DISPLAY", cp);
|
|
|
|
if ((cp = getenv ("XAUTHORITY")))
|
|
|
|
addenv ("XAUTHORITY", cp);
|
|
|
|
#endif /* !USE_PAM */
|
2007-10-07 17:14:14 +05:30
|
|
|
} else {
|
|
|
|
while (*envp)
|
2007-10-07 17:14:59 +05:30
|
|
|
addenv (*envp++, NULL);
|
2007-10-07 17:14:14 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* The next argument must be either a user ID, or some flag to a
|
|
|
|
* subshell. Pretty sticky since you can't have an argument which
|
|
|
|
* doesn't start with a "-" unless you specify the new user name.
|
|
|
|
* Any remaining arguments will be passed to the user's login shell.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
if (argc > 0 && argv[0][0] != '-') {
|
2007-10-07 17:14:59 +05:30
|
|
|
STRFCPY (name, argv[0]); /* use this login id */
|
|
|
|
argc--;
|
|
|
|
argv++; /* shift ... */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!name[0]) /* use default user ID */
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) strcpy (name, "root");
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
doshell = argc == 0; /* any arguments remaining? */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Get the user's real name. The current UID is used to determine
|
|
|
|
* who has executed su. That user ID must exist.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
pw = get_my_pwent ();
|
2007-10-07 17:14:02 +05:30
|
|
|
if (!pw) {
|
2007-10-07 17:14:59 +05:30
|
|
|
SYSLOG ((LOG_CRIT, "Unknown UID: %u", my_uid));
|
|
|
|
su_failure (tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
STRFCPY (oldname, pw->pw_name);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
#ifndef USE_PAM
|
|
|
|
#ifdef SU_ACCESS
|
|
|
|
/*
|
|
|
|
* Sort out the password of user calling su, in case needed later
|
|
|
|
* -- chris
|
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
if ((spwd = getspnam (oldname)))
|
2007-10-07 17:14:02 +05:30
|
|
|
pw->pw_passwd = spwd->sp_pwdp;
|
2007-10-07 17:14:59 +05:30
|
|
|
oldpass = xstrdup (pw->pw_passwd);
|
|
|
|
#endif /* SU_ACCESS */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
#else /* USE_PAM */
|
|
|
|
ret = pam_start ("su", name, &conv, &pamh);
|
2007-10-07 17:14:02 +05:30
|
|
|
if (ret != PAM_SUCCESS) {
|
2007-10-07 17:14:59 +05:30
|
|
|
SYSLOG ((LOG_ERR, "pam_start: error %d", ret);
|
|
|
|
fprintf (stderr, _("%s: pam_start: error %d\n"),
|
|
|
|
Prog, ret));
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
ret = pam_set_item (pamh, PAM_TTY, (const void *) tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
if (ret == PAM_SUCCESS)
|
2007-10-07 17:16:07 +05:30
|
|
|
ret = pam_set_item (pamh, PAM_RUSER, (const void *) oldname);
|
2007-10-07 17:14:02 +05:30
|
|
|
if (ret != PAM_SUCCESS) {
|
2007-10-07 17:14:59 +05:30
|
|
|
SYSLOG ((LOG_ERR, "pam_set_item: %s",
|
|
|
|
pam_strerror (pamh, ret)));
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, "%s: %s\n", Prog, pam_strerror (pamh, ret));
|
2007-10-07 17:14:59 +05:30
|
|
|
pam_end (pamh, ret);
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
top:
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* This is the common point for validating a user whose name is
|
|
|
|
* known. It will be reached either by normal processing, or if the
|
|
|
|
* user is to be logged into a subsystem root.
|
2007-10-07 17:14:02 +05:30
|
|
|
*
|
2007-10-07 17:14:59 +05:30
|
|
|
* The password file entries for the user is gotten and the account
|
|
|
|
* validated.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!(pw = getpwnam (name))) {
|
2007-10-07 17:14:02 +05:30
|
|
|
(void) fprintf (stderr, _("Unknown id: %s\n"), name);
|
2007-10-07 17:14:59 +05:30
|
|
|
closelog ();
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
#ifndef USE_PAM
|
|
|
|
spwd = NULL;
|
2007-10-07 17:14:59 +05:30
|
|
|
if (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) == 0
|
|
|
|
&& (spwd = getspnam (name)))
|
2007-10-07 17:14:02 +05:30
|
|
|
pw->pw_passwd = spwd->sp_pwdp;
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* !USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
pwent = *pw;
|
|
|
|
|
|
|
|
#ifndef USE_PAM
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* BSD systems only allow "wheel" to SU to root. USG systems don't,
|
|
|
|
* so we make this a configurable option.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
/* The original Shadow 3.3.2 did this differently. Do it like BSD:
|
|
|
|
*
|
2007-10-07 17:16:25 +05:30
|
|
|
* - check for UID 0 instead of name "root" - there are systems with
|
2007-10-07 17:14:59 +05:30
|
|
|
* several root accounts under different names,
|
|
|
|
*
|
|
|
|
* - check the contents of /etc/group instead of the current group
|
|
|
|
* set (you must be listed as a member, GID 0 is not sufficient).
|
|
|
|
*
|
|
|
|
* In addition to this traditional feature, we now have complete su
|
|
|
|
* access control (allow, deny, no password, own password). Thanks
|
|
|
|
* to Chris Evans <lady0110@sable.ox.ac.uk>.
|
|
|
|
*/
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
if (!amroot) {
|
2007-10-07 17:14:59 +05:30
|
|
|
if (pwent.pw_uid == 0 && getdef_bool ("SU_WHEEL_ONLY")
|
|
|
|
&& !iswheel (oldname)) {
|
|
|
|
fprintf (stderr,
|
2007-10-07 17:16:07 +05:30
|
|
|
_("You are not authorized to su %s\n"), name);
|
2007-10-07 17:14:59 +05:30
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
#ifdef SU_ACCESS
|
2007-10-07 17:14:59 +05:30
|
|
|
switch (check_su_auth (oldname, name)) {
|
|
|
|
case 0: /* normal su, require target user's password */
|
2007-10-07 17:14:02 +05:30
|
|
|
break;
|
2007-10-07 17:14:59 +05:30
|
|
|
case 1: /* require no password */
|
|
|
|
pwent.pw_passwd = ""; /* XXX warning: const */
|
2007-10-07 17:14:02 +05:30
|
|
|
break;
|
2007-10-07 17:14:59 +05:30
|
|
|
case 2: /* require own password */
|
|
|
|
puts (_("(Enter your own password.)"));
|
2007-10-07 17:14:02 +05:30
|
|
|
pwent.pw_passwd = oldpass;
|
|
|
|
break;
|
2007-10-07 17:14:59 +05:30
|
|
|
default: /* access denied (-1) or unexpected value */
|
|
|
|
fprintf (stderr,
|
2007-10-07 17:16:07 +05:30
|
|
|
_("You are not authorized to su %s\n"), name);
|
2007-10-07 17:14:59 +05:30
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* SU_ACCESS */
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* !USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the default shell.
|
|
|
|
*/
|
|
|
|
|
|
|
|
if (pwent.pw_shell[0] == '\0')
|
2007-10-07 17:14:59 +05:30
|
|
|
pwent.pw_shell = "/bin/sh"; /* XXX warning: const */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:16:34 +05:30
|
|
|
signal (SIGINT, SIG_IGN);
|
|
|
|
signal (SIGQUIT, SIG_IGN);
|
2007-10-07 17:14:02 +05:30
|
|
|
#ifdef USE_PAM
|
2007-10-07 17:14:59 +05:30
|
|
|
ret = pam_authenticate (pamh, 0);
|
2007-10-07 17:14:02 +05:30
|
|
|
if (ret != PAM_SUCCESS) {
|
2007-10-07 17:14:59 +05:30
|
|
|
SYSLOG ((LOG_ERR, "pam_authenticate: %s",
|
|
|
|
pam_strerror (pamh, ret)));
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, "%s: %s\n", Prog, pam_strerror (pamh, ret));
|
2007-10-07 17:14:59 +05:30
|
|
|
pam_end (pamh, ret);
|
|
|
|
su_failure (tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
ret = pam_acct_mgmt (pamh, 0);
|
2007-10-07 17:14:02 +05:30
|
|
|
if (ret != PAM_SUCCESS) {
|
|
|
|
if (amroot) {
|
2007-10-07 17:14:59 +05:30
|
|
|
fprintf (stderr, _("%s: %s\n(Ignored)\n"), Prog,
|
|
|
|
pam_strerror (pamh, ret));
|
2007-10-07 17:14:02 +05:30
|
|
|
} else {
|
2007-10-07 17:14:59 +05:30
|
|
|
SYSLOG ((LOG_ERR, "pam_acct_mgmt: %s",
|
|
|
|
pam_strerror (pamh, ret)));
|
|
|
|
fprintf (stderr, "%s: %s\n", Prog,
|
|
|
|
pam_strerror (pamh, ret));
|
|
|
|
pam_end (pamh, ret);
|
|
|
|
su_failure (tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#else /* !USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
/*
|
|
|
|
* Set up a signal handler in case the user types QUIT.
|
|
|
|
*/
|
|
|
|
|
|
|
|
die (0);
|
|
|
|
oldsig = signal (SIGQUIT, die);
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* See if the system defined authentication method is being used.
|
|
|
|
* The first character of an administrator defined method is an '@'
|
|
|
|
* character.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!amroot && pw_auth (pwent.pw_passwd, name, PW_SU, (char *) 0)) {
|
|
|
|
SYSLOG ((pwent.pw_uid ? LOG_NOTICE : LOG_WARN,
|
|
|
|
"Authentication failed for %s", name));
|
|
|
|
su_failure (tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
signal (SIGQUIT, oldsig);
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Check to see if the account is expired. root gets to ignore any
|
|
|
|
* expired accounts, but normal users can't become a user with an
|
|
|
|
* expired password.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!amroot) {
|
2007-10-07 17:14:02 +05:30
|
|
|
if (!spwd)
|
2007-10-07 17:14:59 +05:30
|
|
|
spwd = pwd_to_spwd (&pwent);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (isexpired (&pwent, spwd)) {
|
|
|
|
SYSLOG ((pwent.pw_uid ? LOG_WARN : LOG_CRIT,
|
|
|
|
"Expired account %s", name));
|
|
|
|
su_failure (tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Check to see if the account permits "su". root gets to ignore any
|
|
|
|
* restricted accounts, but normal users can't become a user if
|
|
|
|
* there is a "SU" entry in the /etc/porttime file denying access to
|
|
|
|
* the account.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!amroot) {
|
|
|
|
if (!isttytime (pwent.pw_name, "SU", time ((time_t *) 0))) {
|
|
|
|
SYSLOG ((pwent.pw_uid ? LOG_WARN : LOG_CRIT,
|
|
|
|
"SU by %s to restricted account %s",
|
|
|
|
oldname, name));
|
|
|
|
su_failure (tty);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#endif /* !USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
signal (SIGINT, SIG_DFL);
|
2007-10-07 17:16:52 +05:30
|
|
|
signal (SIGQUIT, SIG_DFL);
|
2007-10-07 17:15:23 +05:30
|
|
|
|
2007-10-07 17:16:52 +05:30
|
|
|
cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
|
2007-10-07 17:14:14 +05:30
|
|
|
if (!cp) {
|
2007-10-07 17:14:59 +05:30
|
|
|
addenv ("PATH=/bin:/usr/bin", NULL);
|
|
|
|
} else if (strchr (cp, '=')) {
|
|
|
|
addenv (cp, NULL);
|
2007-10-07 17:14:14 +05:30
|
|
|
} else {
|
2007-10-07 17:14:59 +05:30
|
|
|
addenv ("PATH", cp);
|
2007-10-07 17:14:14 +05:30
|
|
|
}
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
environ = newenvp; /* make new environment active */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (getenv ("IFS")) /* don't export user IFS ... */
|
|
|
|
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (pwent.pw_shell[0] == '*') { /* subsystem root required */
|
2007-10-07 17:14:51 +05:30
|
|
|
pwent.pw_shell++; /* skip the '*' */
|
2007-10-07 17:14:02 +05:30
|
|
|
subsystem (&pwent); /* figure out what to execute */
|
|
|
|
endpwent ();
|
|
|
|
endspent ();
|
|
|
|
goto top;
|
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
sulog (tty, 1, oldname, name); /* save SU information */
|
2007-10-07 17:14:02 +05:30
|
|
|
endpwent ();
|
|
|
|
endspent ();
|
|
|
|
#ifdef USE_SYSLOG
|
2007-10-07 17:14:59 +05:30
|
|
|
if (getdef_bool ("SYSLOG_SU_ENAB"))
|
2007-10-07 17:16:25 +05:30
|
|
|
SYSLOG ((LOG_INFO, "+ %s %s:%s", tty,
|
2007-10-07 17:16:07 +05:30
|
|
|
oldname[0] ? oldname : "???", name[0] ? name : "???"));
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
|
|
|
|
|
|
|
#ifdef USE_PAM
|
|
|
|
/* set primary group id and supplementary groups */
|
2007-10-07 17:14:59 +05:30
|
|
|
if (setup_groups (&pwent)) {
|
|
|
|
pam_end (pamh, PAM_ABORT);
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
/*
|
|
|
|
* pam_setcred() may do things like resource limits, console groups,
|
|
|
|
* and much more, depending on the configured modules
|
|
|
|
*/
|
|
|
|
ret = pam_setcred (pamh, PAM_ESTABLISH_CRED);
|
2007-10-07 17:14:02 +05:30
|
|
|
if (ret != PAM_SUCCESS) {
|
2007-10-07 17:16:07 +05:30
|
|
|
SYSLOG ((LOG_ERR, "pam_setcred: %s", pam_strerror (pamh, ret)));
|
|
|
|
fprintf (stderr, "%s: %s\n", Prog, pam_strerror (pamh, ret));
|
2007-10-07 17:14:59 +05:30
|
|
|
pam_end (pamh, ret);
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
|
|
|
|
2007-10-07 17:15:40 +05:30
|
|
|
ret = pam_open_session (pamh, 0);
|
|
|
|
if (ret != PAM_SUCCESS) {
|
|
|
|
SYSLOG ((LOG_ERR, "pam_open_session: %s",
|
|
|
|
pam_strerror (pamh, ret)));
|
2007-10-07 17:16:07 +05:30
|
|
|
fprintf (stderr, "%s: %s\n", Prog, pam_strerror (pamh, ret));
|
2007-10-07 17:15:40 +05:30
|
|
|
pam_end (pamh, ret);
|
|
|
|
exit (1);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* we need to setup the environment *after* pam_open_session(),
|
|
|
|
* else the UID is changed before stuff like pam_xauth could
|
|
|
|
* run, and we cannot access /etc/shadow and co
|
|
|
|
*/
|
|
|
|
environ = newenvp; /* make new environment active */
|
|
|
|
|
|
|
|
/* update environment with all pam set variables */
|
|
|
|
envcp = pam_getenvlist (pamh);
|
|
|
|
if (envcp) {
|
|
|
|
while (*envcp) {
|
2007-10-07 17:15:49 +05:30
|
|
|
addenv (*envcp, NULL);
|
2007-10-07 17:15:40 +05:30
|
|
|
envcp++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2007-10-07 17:14:02 +05:30
|
|
|
/* become the new user */
|
2007-10-07 17:14:59 +05:30
|
|
|
if (change_uid (&pwent)) {
|
|
|
|
pam_setcred (pamh, PAM_DELETE_CRED);
|
|
|
|
pam_end (pamh, PAM_ABORT);
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|
2007-10-07 17:14:59 +05:30
|
|
|
#else /* !USE_PAM */
|
|
|
|
if (!amroot) /* no limits if su from root */
|
|
|
|
setup_limits (&pwent);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (setup_uid_gid (&pwent, is_console))
|
|
|
|
exit (1);
|
|
|
|
#endif /* !USE_PAM */
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
if (fakelogin)
|
2007-10-07 17:14:59 +05:30
|
|
|
setup_env (&pwent);
|
|
|
|
#if 1 /* Suggested by Joey Hess. XXX - is this right? */
|
2007-10-07 17:14:02 +05:30
|
|
|
else
|
2007-10-07 17:14:59 +05:30
|
|
|
addenv ("HOME", pwent.pw_dir);
|
2007-10-07 17:14:02 +05:30
|
|
|
#endif
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is a workaround for Linux libc bug/feature (?) - the
|
2007-10-07 17:14:59 +05:30
|
|
|
* /dev/log file descriptor is open without the close-on-exec flag
|
|
|
|
* and used to be passed to the new shell. There is "fcntl(LogFile,
|
|
|
|
* F_SETFD, 1)" in libc/misc/syslog.c, but it is commented out (at
|
|
|
|
* least in 5.4.33). Why? --marekm
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
2007-10-07 17:14:59 +05:30
|
|
|
closelog ();
|
2007-10-07 17:14:02 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* See if the user has extra arguments on the command line. In that
|
|
|
|
* case they will be provided to the new user's shell as arguments.
|
2007-10-07 17:14:02 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
if (fakelogin) {
|
|
|
|
char *arg0;
|
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
cp = getdef_str ("SU_NAME");
|
2007-10-07 17:14:02 +05:30
|
|
|
if (!cp)
|
2007-10-07 17:14:59 +05:30
|
|
|
cp = Basename (pwent.pw_shell);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
arg0 = xmalloc (strlen (cp) + 2);
|
2007-10-07 17:14:02 +05:30
|
|
|
arg0[0] = '-';
|
2007-10-07 17:14:59 +05:30
|
|
|
strcpy (arg0 + 1, cp);
|
2007-10-07 17:14:02 +05:30
|
|
|
cp = arg0;
|
|
|
|
} else
|
2007-10-07 17:14:59 +05:30
|
|
|
cp = Basename (pwent.pw_shell);
|
2007-10-07 17:14:02 +05:30
|
|
|
|
2007-10-07 17:14:59 +05:30
|
|
|
if (!doshell) {
|
2007-10-07 17:14:14 +05:30
|
|
|
|
|
|
|
/*
|
2007-10-07 17:14:59 +05:30
|
|
|
* Use new user's shell from /etc/passwd and create an argv
|
|
|
|
* with the rest of the command line included.
|
2007-10-07 17:14:14 +05:30
|
|
|
*/
|
|
|
|
|
|
|
|
argv[-1] = pwent.pw_shell;
|
2007-10-07 17:15:40 +05:30
|
|
|
#ifndef USE_PAM
|
2007-10-07 17:14:14 +05:30
|
|
|
(void) execv (pwent.pw_shell, &argv[-1]);
|
2007-10-07 17:15:40 +05:30
|
|
|
#else
|
|
|
|
run_shell (pwent.pw_shell, &argv[-1], 0);
|
|
|
|
#endif
|
2007-10-07 17:14:14 +05:30
|
|
|
(void) fprintf (stderr, _("No shell\n"));
|
2007-10-07 17:14:59 +05:30
|
|
|
SYSLOG ((LOG_WARN, "Cannot execute %s", pwent.pw_shell));
|
|
|
|
closelog ();
|
2007-10-07 17:14:14 +05:30
|
|
|
exit (1);
|
|
|
|
}
|
2007-10-07 17:15:40 +05:30
|
|
|
#ifndef USE_PAM
|
2007-10-07 17:14:59 +05:30
|
|
|
shell (pwent.pw_shell, cp);
|
2007-10-07 17:15:40 +05:30
|
|
|
#else
|
|
|
|
run_shell (pwent.pw_shell, &cp, 1);
|
|
|
|
#endif
|
2007-10-07 17:15:23 +05:30
|
|
|
/* NOT REACHED */
|
|
|
|
exit (1);
|
2007-10-07 17:14:02 +05:30
|
|
|
}
|