usr/src/usr.bin/su/su.c

/*
 * Copyright (c) 1980 Regents of the University of California.
 * All rights reserved.  The Berkeley software License Agreement
 * specifies the terms and conditions for redistribution.
 */

#ifndef lint
char copyright[] =
"@(#) Copyright (c) 1980 Regents of the University of California.\n\
 All rights reserved.\n";
#endif not lint

#ifndef lint
static char sccsid[] = "@(#)su.c	5.3 (Berkeley) %G%";
#endif not lint

#include <stdio.h>
#include <pwd.h>
#include <grp.h>
#include <syslog.h>
#include <sys/types.h>
#include <sys/time.h>
#include <sys/resource.h>

char	userbuf[16]	= "USER=";
char	homebuf[128]	= "HOME=";
char	shellbuf[128]	= "SHELL=";
char	pathbuf[128]	= "PATH=:/usr/ucb:/bin:/usr/bin";
char	*cleanenv[] = { userbuf, homebuf, shellbuf, pathbuf, 0, 0 };
char	*user = "root";
char	*shell = "/bin/sh";
int	fulllogin;
int	fastlogin;

extern char	**environ;
struct	passwd *pwd;
char	*crypt();
char	*getpass();
char	*getenv();

main(argc,argv)
	int argc;
	char *argv[];
{
	char *password;
	char buf[1000];
	FILE *fp;

	openlog("su", LOG_ODELAY, LOG_AUTH);

again:
	if (argc > 1 && strcmp(argv[1], "-f") == 0) {
		fastlogin++;
		argc--, argv++;
		goto again;
	}
	if (argc > 1 && strcmp(argv[1], "-") == 0) {
		fulllogin++;
		argc--, argv++;
		goto again;
	}
	if (argc > 1 && argv[1][0] != '-') {
		user = argv[1];
		argc--, argv++;
	}
	if ((pwd = getpwuid(getuid())) == NULL) {
		fprintf(stderr, "Who are you?\n");
		exit(1);
	}
	strcpy(buf, pwd->pw_name);
	if ((pwd = getpwnam(user)) == NULL) {
		fprintf(stderr, "Unknown login: %s\n", user);
		exit(1);
	}
	/*
	 * Only allow those in group zero to su to root.
	 */
	if (pwd->pw_uid == 0) {
		struct	group *gr;
		int i;

		if ((gr = getgrgid(0)) != NULL) {
			for (i = 0; gr->gr_mem[i] != NULL; i++)
				if (strcmp(buf, gr->gr_mem[i]) == 0)
					goto userok;
			fprintf(stderr, "You do not have permission to su %s\n",
				user);
			exit(1);
		}
	userok:
		setpriority(PRIO_PROCESS, 0, -2);
	}

	if (pwd->pw_passwd[0] == '\0' || getuid() == 0)
		goto ok;
	password = getpass("Password:");
	if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
		fprintf(stderr, "Sorry\n");
		if (pwd->pw_uid == 0) {
			syslog(LOG_CRIT, "BAD SU %s on %s",
					getlogin(), ttyname(2));
		}
		exit(2);
	}
ok:
	endpwent();
	if (pwd->pw_uid == 0) {
		syslog(LOG_NOTICE, "%s on %s", getlogin(), ttyname(2));
		closelog();
	}
	if (setgid(pwd->pw_gid) < 0) {
		perror("su: setgid");
		exit(3);
	}
	if (initgroups(user, pwd->pw_gid)) {
		fprintf(stderr, "su: initgroups failed\n");
		exit(4);
	}
	if (setuid(pwd->pw_uid) < 0) {
		perror("su: setuid");
		exit(5);
	}
	if (pwd->pw_shell && *pwd->pw_shell)
		shell = pwd->pw_shell;
	if (fulllogin) {
		cleanenv[4] = getenv("TERM");
		environ = cleanenv;
	}
	if (strcmp(user, "root"))
		setenv("USER", pwd->pw_name, userbuf);
	setenv("SHELL", shell, shellbuf);
	setenv("HOME", pwd->pw_dir, homebuf);
	setpriority(PRIO_PROCESS, 0, 0);
	if (fastlogin) {
		*argv-- = "-f";
		*argv = "su";
	} else if (fulllogin) {
		if (chdir(pwd->pw_dir) < 0) {
			fprintf(stderr, "No directory\n");
			exit(6);
		}
		*argv = "-su";
	} else
		*argv = "su";
	execv(shell, argv);
	fprintf(stderr, "No shell\n");
	exit(7);
}

setenv(ename, eval, buf)
	char *ename, *eval, *buf;
{
	register char *cp, *dp;
	register char **ep = environ;

	/*
	 * this assumes an environment variable "ename" already exists
	 */
	while (dp = *ep++) {
		for (cp = ename; *cp == *dp && *cp; cp++, dp++)
			continue;
		if (*cp == 0 && (*dp == '=' || *dp == 0)) {
			strcat(buf, eval);
			*--ep = buf;
			return;
		}
	}
}

char *
getenv(ename)
	char *ename;
{
	register char *cp, *dp;
	register char **ep = environ;

	while (dp = *ep++) {
		for (cp = ename; *cp == *dp && *cp; cp++, dp++)
			continue;
		if (*cp == 0 && (*dp == '=' || *dp == 0))
			return (*--ep);
	}
	return ((char *)0);
}
Commit	Line	Data
	1	/*
	2	* Copyright (c) 1980 Regents of the University of California.
	3	* All rights reserved. The Berkeley software License Agreement
	4	* specifies the terms and conditions for redistribution.
	5	*/
	6
	7	#ifndef lint
	8	char copyright[] =
	9	"@(#) Copyright (c) 1980 Regents of the University of California.\n\
	10	All rights reserved.\n";
	11	#endif not lint
	12
	13	#ifndef lint
	14	static char sccsid[] = "@(#)su.c 5.3 (Berkeley) %G%";
	15	#endif not lint
	16
	17	#include <stdio.h>
	18	#include <pwd.h>
	19	#include <grp.h>
	20	#include <syslog.h>
	21	#include <sys/types.h>
	22	#include <sys/time.h>
	23	#include <sys/resource.h>
	24
	25	char userbuf[16] = "USER=";
	26	char homebuf[128] = "HOME=";
	27	char shellbuf[128] = "SHELL=";
	28	char pathbuf[128] = "PATH=:/usr/ucb:/bin:/usr/bin";
	29	char *cleanenv[] = { userbuf, homebuf, shellbuf, pathbuf, 0, 0 };
	30	char *user = "root";
	31	char *shell = "/bin/sh";
	32	int fulllogin;
	33	int fastlogin;
	34
	35	extern char **environ;
	36	struct passwd *pwd;
	37	char *crypt();
	38	char *getpass();
	39	char *getenv();
	40
	41	main(argc,argv)
	42	int argc;
	43	char *argv[];
	44	{
	45	char *password;
	46	char buf[1000];
	47	FILE *fp;
	48
	49	openlog("su", LOG_ODELAY, LOG_AUTH);
	50
	51	again:
	52	if (argc > 1 && strcmp(argv[1], "-f") == 0) {
	53	fastlogin++;
	54	argc--, argv++;
	55	goto again;
	56	}
	57	if (argc > 1 && strcmp(argv[1], "-") == 0) {
	58	fulllogin++;
	59	argc--, argv++;
	60	goto again;
	61	}
	62	if (argc > 1 && argv[1][0] != '-') {
	63	user = argv[1];
	64	argc--, argv++;
	65	}
	66	if ((pwd = getpwuid(getuid())) == NULL) {
	67	fprintf(stderr, "Who are you?\n");
	68	exit(1);
	69	}
	70	strcpy(buf, pwd->pw_name);
	71	if ((pwd = getpwnam(user)) == NULL) {
	72	fprintf(stderr, "Unknown login: %s\n", user);
	73	exit(1);
	74	}
	75	/*
	76	* Only allow those in group zero to su to root.
	77	*/
	78	if (pwd->pw_uid == 0) {
	79	struct group *gr;
	80	int i;
	81
	82	if ((gr = getgrgid(0)) != NULL) {
	83	for (i = 0; gr->gr_mem[i] != NULL; i++)
	84	if (strcmp(buf, gr->gr_mem[i]) == 0)
	85	goto userok;
	86	fprintf(stderr, "You do not have permission to su %s\n",
	87	user);
	88	exit(1);
	89	}
	90	userok:
	91	setpriority(PRIO_PROCESS, 0, -2);
	92	}
	93
	94	if (pwd->pw_passwd[0] == '\0' \|\| getuid() == 0)
	95	goto ok;
	96	password = getpass("Password:");
	97	if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
	98	fprintf(stderr, "Sorry\n");
	99	if (pwd->pw_uid == 0) {
	100	syslog(LOG_CRIT, "BAD SU %s on %s",
	101	getlogin(), ttyname(2));
	102	}
	103	exit(2);
	104	}
	105	ok:
	106	endpwent();
	107	if (pwd->pw_uid == 0) {
	108	syslog(LOG_NOTICE, "%s on %s", getlogin(), ttyname(2));
	109	closelog();
	110	}
	111	if (setgid(pwd->pw_gid) < 0) {
	112	perror("su: setgid");
	113	exit(3);
	114	}
	115	if (initgroups(user, pwd->pw_gid)) {
	116	fprintf(stderr, "su: initgroups failed\n");
	117	exit(4);
	118	}
	119	if (setuid(pwd->pw_uid) < 0) {
	120	perror("su: setuid");
	121	exit(5);
	122	}
	123	if (pwd->pw_shell && *pwd->pw_shell)
	124	shell = pwd->pw_shell;
	125	if (fulllogin) {
	126	cleanenv[4] = getenv("TERM");
	127	environ = cleanenv;
	128	}
	129	if (strcmp(user, "root"))
	130	setenv("USER", pwd->pw_name, userbuf);
	131	setenv("SHELL", shell, shellbuf);
	132	setenv("HOME", pwd->pw_dir, homebuf);
	133	setpriority(PRIO_PROCESS, 0, 0);
	134	if (fastlogin) {
	135	*argv-- = "-f";
	136	*argv = "su";
	137	} else if (fulllogin) {
	138	if (chdir(pwd->pw_dir) < 0) {
	139	fprintf(stderr, "No directory\n");
	140	exit(6);
	141	}
	142	*argv = "-su";
	143	} else
	144	*argv = "su";
	145	execv(shell, argv);
	146	fprintf(stderr, "No shell\n");
	147	exit(7);
	148	}
	149
	150	setenv(ename, eval, buf)
	151	char ename, eval, *buf;
	152	{
	153	register char cp, dp;
	154	register char **ep = environ;
	155
	156	/*
	157	* this assumes an environment variable "ename" already exists
	158	*/
	159	while (dp = *ep++) {
	160	for (cp = ename; cp == dp && *cp; cp++, dp++)
	161	continue;
	162	if (cp == 0 && (dp == '=' \|\| *dp == 0)) {
	163	strcat(buf, eval);
	164	*--ep = buf;
	165	return;
	166	}
	167	}
	168	}
	169
	170	char *
	171	getenv(ename)
	172	char *ename;
	173	{
	174	register char cp, dp;
	175	register char **ep = environ;
	176
	177	while (dp = *ep++) {
	178	for (cp = ename; cp == dp && *cp; cp++, dp++)
	179	continue;
	180	if (cp == 0 && (dp == '=' \|\| *dp == 0))
	181	return (*--ep);
	182	}
	183	return ((char *)0);
	184	}