projects / unix-history / blobdiff
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix bug when moving tableau pile to empty slot (don't allow it).
[unix-history] / usr / src / usr.bin / su / su.c
diff --git a/usr/src/usr.bin/su/su.c b/usr/src/usr.bin/su/su.c
index 0d39971..3ab051e 100644 (file)
--- a/usr/src/usr.bin/su/su.c
+++ b/usr/src/usr.bin/su/su.c
@@ -1,9 +1,23 @@
+/*
+ * Copyright (c) 1980 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#ifndef lint
+char copyright[] =
+"@(#) Copyright (c) 1980 Regents of the University of California.\n\
+ All rights reserved.\n";
+#endif not lint
+
 #ifndef lint
 #ifndef lint
-static char *sccsid = "@(#)su.c        4.5 (Berkeley) %G%";
-#endif
+static char sccsid[] = "@(#)su.c       5.3 (Berkeley) %G%";
+#endif not lint
 
 #include <stdio.h>
 #include <pwd.h>
 
 #include <stdio.h>
 #include <pwd.h>
+#include <grp.h>
+#include <syslog.h>
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/resource.h>
@@ -19,7 +33,7 @@ int   fulllogin;
 int    fastlogin;
 
 extern char    **environ;
 int    fastlogin;
 
 extern char    **environ;
-struct passwd *pwd,*getpwnam();
+struct passwd *pwd;
 char   *crypt();
 char   *getpass();
 char   *getenv();
 char   *crypt();
 char   *getpass();
 char   *getenv();
@@ -29,6 +43,10 @@ main(argc,argv)
        char *argv[];
 {
        char *password;
        char *argv[];
 {
        char *password;
+       char buf[1000];
+       FILE *fp;
+
+       openlog("su", LOG_ODELAY, LOG_AUTH);
 
 again:
        if (argc > 1 && strcmp(argv[1], "-f") == 0) {
 
 again:
        if (argc > 1 && strcmp(argv[1], "-f") == 0) {
@@ -45,36 +63,50 @@ again:
                user = argv[1];
                argc--, argv++;
        }
                user = argv[1];
                argc--, argv++;
        }
-       if (strcmp(user, "root") == 0)
-               setpriority(PRIO_PROCESS, 0, -2);
+       if ((pwd = getpwuid(getuid())) == NULL) {
+               fprintf(stderr, "Who are you?\n");
+               exit(1);
+       }
+       strcpy(buf, pwd->pw_name);
        if ((pwd = getpwnam(user)) == NULL) {
                fprintf(stderr, "Unknown login: %s\n", user);
                exit(1);
        }
        if ((pwd = getpwnam(user)) == NULL) {
                fprintf(stderr, "Unknown login: %s\n", user);
                exit(1);
        }
+       /*
+        * Only allow those in group zero to su to root.
+        */
+       if (pwd->pw_uid == 0) {
+               struct  group *gr;
+               int i;
+
+               if ((gr = getgrgid(0)) != NULL) {
+                       for (i = 0; gr->gr_mem[i] != NULL; i++)
+                               if (strcmp(buf, gr->gr_mem[i]) == 0)
+                                       goto userok;
+                       fprintf(stderr, "You do not have permission to su %s\n",
+                               user);
+                       exit(1);
+               }
+       userok:
+               setpriority(PRIO_PROCESS, 0, -2);
+       }
+
        if (pwd->pw_passwd[0] == '\0' || getuid() == 0)
                goto ok;
        password = getpass("Password:");
        if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
                fprintf(stderr, "Sorry\n");
                if (pwd->pw_uid == 0) {
        if (pwd->pw_passwd[0] == '\0' || getuid() == 0)
                goto ok;
        password = getpass("Password:");
        if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
                fprintf(stderr, "Sorry\n");
                if (pwd->pw_uid == 0) {
-                       FILE *console = fopen("/dev/console", "w");
-                       if (console != NULL) {
-                               fprintf(console, "BADSU: %s %s\r\n",
+                       syslog(LOG_CRIT, "BAD SU %s on %s",
                                        getlogin(), ttyname(2));
                                        getlogin(), ttyname(2));
-                               fclose(console);
-                       }
                }
                exit(2);
        }
 ok:
        endpwent();
        if (pwd->pw_uid == 0) {
                }
                exit(2);
        }
 ok:
        endpwent();
        if (pwd->pw_uid == 0) {
-               FILE *console = fopen("/dev/console", "w");
-               if (console != NULL) {
-                       fprintf(console, "SU: %s %s\r\n",
-                               getlogin(), ttyname(2));
-                       fclose(console);
-               }
+               syslog(LOG_NOTICE, "%s on %s", getlogin(), ttyname(2));
+               closelog();
        }
        if (setgid(pwd->pw_gid) < 0) {
                perror("su: setgid");
        }
        if (setgid(pwd->pw_gid) < 0) {
                perror("su: setgid");
@@ -94,7 +126,8 @@ ok:
                cleanenv[4] = getenv("TERM");
                environ = cleanenv;
        }
                cleanenv[4] = getenv("TERM");
                environ = cleanenv;
        }
-       setenv("USER", pwd->pw_name, userbuf);
+       if (strcmp(user, "root"))
+               setenv("USER", pwd->pw_name, userbuf);
        setenv("SHELL", shell, shellbuf);
        setenv("HOME", pwd->pw_dir, homebuf);
        setpriority(PRIO_PROCESS, 0, 0);
        setenv("SHELL", shell, shellbuf);
        setenv("HOME", pwd->pw_dir, homebuf);
        setpriority(PRIO_PROCESS, 0, 0);
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.