less -> more

[unix-history] / usr / src / usr.bin / su / su.c

diff --git a/usr/src/usr.bin/su/su.c b/usr/src/usr.bin/su/su.c
index ac03168..89e8a1d 100644 (file)
--- a/usr/src/usr.bin/su/su.c
+++ b/usr/src/usr.bin/su/su.c
@@ -1,105 +1,204 @@
-static char *sccsid = "@(#)su.c        4.2 (Berkeley) 4.2";
+/*
+ * Copyright (c) 1988 The Regents of the University of California.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the University of California, Berkeley.  The name of the
+ * University may not be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ */
+
+#ifndef lint
+char copyright[] =
+"@(#) Copyright (c) 1988 The Regents of the University of California.\n\
+ All rights reserved.\n";
+#endif /* not lint */
+
+#ifndef lint
+static char sccsid[] = "@(#)su.c       5.10 (Berkeley) %G%";
+#endif /* not lint */
+
+#include <sys/param.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <syslog.h>

 #include <stdio.h>
 #include <pwd.h>
 #include <stdio.h>
 #include <pwd.h>

+#include <grp.h>

 
 

-struct passwd *pwd,*getpwnam();
-char   *crypt();
-char   *getpass();
-
-main(argc,argv)
-int    argc;
-char   **argv;
+main(argc, argv)
+       int argc;
+       char **argv;

 {
 {

-       char *nptr;
-       char *password;
-       int badsw = 0;
-       char *shell = "/bin/sh";
-       int niced = 0;
-
-       if(argc > 1)
-               nptr = argv[1];
-       else {
-               nptr = "root";
-               nice(-4);
-               niced = -4;
+       extern char **environ;
+       extern int errno, optind;
+       register struct passwd *pwd;
+       register char *p, **g;
+       struct group *gr;
+       uid_t ruid, getuid();
+       int asme, ch, fulllogin, fastlogin, prio;
+       enum { UNSET, YES, NO } iscsh = UNSET;
+       char *user, *shell, *username, *cleanenv[2], *nargv[4], **np;
+       char namebuf[50], shellbuf[MAXPATHLEN];
+       char *crypt(), *getpass(), *getenv(), *getlogin(), *rindex(), *strcpy();
+
+       np = &nargv[3];
+       *np-- = NULL;
+       asme = fulllogin = fastlogin = 0;
+       while ((ch = getopt(argc, argv, "-flm")) != EOF)
+               switch((char)ch) {
+               case 'f':
+                       fastlogin = 1;
+                       break;
+               case '-':
+               case 'l':
+                       fulllogin = 1;
+                       break;
+               case 'm':
+                       asme = 1;
+                       break;
+               case '?':
+               default:
+                       fprintf(stderr, "usage: su [-flm] [login]\n");
+                       exit(1);
+               }
+       argv += optind;
+
+       errno = 0;
+       prio = getpriority(PRIO_PROCESS, 0);
+       if (errno)
+               prio = 0;
+       (void)setpriority(PRIO_PROCESS, 0, -2);
+
+       /* get current login name and shell */
+       if ((pwd = getpwuid(ruid = getuid())) == NULL) {
+               fprintf(stderr, "su: who are you?\n");
+               exit(1);

        }
        }

-       if((pwd=getpwnam(nptr)) == NULL) {
-               printf("Unknown id: %s\n",nptr);
+       username = strcpy(namebuf, pwd->pw_name);
+       if (asme)
+               if (pwd->pw_shell && *pwd->pw_shell)
+                       shell = strcpy(shellbuf,  pwd->pw_shell);
+               else {
+                       shell = "/bin/sh";
+                       iscsh = NO;
+               }
+
+       /* get target login information */
+       user = *argv ? *argv : "root";
+       if ((pwd = getpwnam(user)) == NULL) {
+               fprintf(stderr, "su: unknown login %s\n", user);

                exit(1);
        }
                exit(1);
        }

-       if(pwd->pw_passwd[0] == '\0' || getuid() == 0)
-               goto ok;
-       password = getpass("Password:");
-       if(badsw || (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0)) {
-bad:
-               printf("Sorry\n");
-               if(pwd->pw_uid == 0) {
-                       FILE *console = fopen("/dev/console", "w");
-                       if (console != NULL) {
-                               fprintf(console, "BADSU: %s %s\r\n", getlogin(), ttyname(2));
-                               fclose(console);
+
+       /* only allow those in group zero to su to root. */
+       if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
+               for (g = gr->gr_mem;; ++g) {
+                       if (!*g) {
+                               fprintf(stderr, "su: you are not in the correct group to su %s.\n", user);
+                               exit(1);

                        }
                        }

+                       if (!strcmp(username, *g))
+                               break;
+               }
+
+       /* if target requires a password, verify it */
+       if (ruid && *pwd->pw_passwd) {
+               p = getpass("Password:");
+               if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
+                       fprintf(stderr, "Sorry\n");
+                       if (pwd->pw_uid == 0)
+                               syslog(LOG_CRIT|LOG_AUTH, "su: BAD SU %s on %s", username, ttyname(2));
+                       exit(1);

                }
                }

-               exit(2);

        }
        }

-ok:
-       endpwent();
-       if(pwd->pw_uid == 0) {
-               FILE *console = fopen("/dev/console", "w");
-               if (console != NULL) {
-                       fprintf(console, "SU: %s %s\r\n", getlogin(), ttyname(2));
-                       fclose(console);
+
+       /* if not asme or target's shell isn't standard, use it */
+       if (!asme || !chshell(pwd->pw_shell))
+               if (pwd->pw_shell && *pwd->pw_shell) {
+                       shell = pwd->pw_shell;
+                       iscsh = UNSET;
+               } else {
+                       shell = "/bin/sh";
+                       iscsh = NO;

                }
                }

+
+       /* if we're forking a csh, we want to slightly muck the args */
+       if (iscsh == UNSET) {
+               if (p = rindex(shell, '/'))
+                       ++p;
+               else
+                       p = shell;
+               iscsh = strcmp(p, "csh") ? NO : YES;

        }
        }

-       setgid(pwd->pw_gid);
-       inigrp(nptr, pwd->pw_gid);
-       setuid(pwd->pw_uid);
-       if (pwd->pw_shell && *pwd->pw_shell)
-               shell = pwd->pw_shell;
-       homeis(pwd->pw_dir);
-       shellis(shell);
-       nice(-niced);
-       execl(shell, "su", 0);
-       printf("No shell\n");
-       exit(3);
-}

 
 

-char   **environ;
+       /* set permissions */
+       if (setgid(pwd->pw_gid) < 0) {
+               perror("su: setgid");
+               exit(1);
+       }
+       if (initgroups(user, pwd->pw_gid)) {
+               fprintf(stderr, "su: initgroups failed\n");
+               exit(1);
+       }
+       if (setuid(pwd->pw_uid) < 0) {
+               perror("su: setuid");
+               exit(1);
+       }

 
 

-homeis(hp)
-       char *hp;
-{
-       register char *cp, *dp;
-       register char **ep = environ;
-       static char homebuf[128];
-
-       while (dp = *ep++) {
-               for (cp = "HOME"; *cp == *dp && *cp; cp++, dp++)
-                       continue;
-               if (*cp == 0 && (*dp == '=' || *dp == 0)) {
-                       strcpy(homebuf, "HOME=");
-                       strcat(homebuf, hp);
-                       *--ep = homebuf;
-                       return;
+       if (!asme) {
+               if (fulllogin) {
+                       p = getenv("TERM");
+                       cleanenv[0] = "PATH=:/usr/ucb:/bin:/usr/bin";
+                       cleanenv[1] = NULL;
+                       environ = cleanenv;
+                       (void)setenv("TERM", p, 1);
+                       if (chdir(pwd->pw_dir) < 0) {
+                               fprintf(stderr, "su: no directory\n");
+                               exit(1);
+                       }

                }
                }

+               if (fulllogin || pwd->pw_uid)
+                       (void)setenv("USER", pwd->pw_name, 1);
+               (void)setenv("HOME", pwd->pw_dir, 1);
+               (void)setenv("SHELL", shell, 1);

        }
        }

+
+       if (iscsh == YES) {
+               if (fastlogin)
+                       *np-- = "-f";
+               if (asme)
+                       *np-- = "-m";
+       }
+
+       /* csh strips the first character... */
+       *np = fulllogin ? "-su" : iscsh == YES ? "_su" : "su";
+
+       if (pwd->pw_uid == 0)
+               syslog(LOG_NOTICE|LOG_AUTH, "su: %s on %s",
+                   username, ttyname(2));
+
+       (void)setpriority(PRIO_PROCESS, 0, prio);
+
+       execv(shell, np);
+       fprintf(stderr, "su: no shell.\n");
+       exit(1);

 }
 
 }
 

-shellis(sp)
-       char *sp;
+chshell(sh)
+       char *sh;

 {
 {

-       register char *cp, *dp;
-       register char **ep = environ;
-       static char shellbuf[128];
-
-       while (dp = *ep++) {
-               for (cp = "SHELL"; *cp == *dp && *cp; cp++, dp++)
-                       continue;
-               if (*cp == 0 && (*dp == '=' || *dp == 0)) {
-                       strcpy(shellbuf, "SHELL=");
-                       strcat(shellbuf, sp);
-                       *--ep = shellbuf;
-                       return;
-               }
-       }
+       char *cp, *getusershell();
+
+       while ((cp = getusershell()) != NULL)
+               if (!strcmp(cp, sh))
+                       return(1);
+       return(0);

 }
 }