386BSD 0.1 development

[unix-history] / usr / src / usr.bin / su / su.c
diff --git a/usr/src/usr.bin/su/su.c b/usr/src/usr.bin/su/su.c

index ea5c866..8a8edc8 100644 (file)
--- a/usr/src/usr.bin/su/su.c
+++ b/usr/src/usr.bin/su/su.c
@@ -2,17 +2,33 @@
   * Copyright (c) 1988 The Regents of the University of California.
   * All rights reserved.
   *
   * Copyright (c) 1988 The Regents of the University of California.
   * All rights reserved.
   *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley.  The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *     This product includes software developed by the University of
+ *     California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
   */
  
  #ifndef lint
   */
  
  #ifndef lint
@@ -22,7 +38,7 @@ char copyright[] =
  #endif /* not lint */
  
  #ifndef lint
  #endif /* not lint */
  
  #ifndef lint
-static char sccsid[] = "@(#)su.c       5.8 (Berkeley) %G%";
+static char sccsid[] = "@(#)su.c       5.26 (Berkeley) 7/6/91";
  #endif /* not lint */
  
  #include <sys/param.h>
  #endif /* not lint */
  
  #include <sys/param.h>
@@ -32,6 +48,21 @@ static char sccsid[] = "@(#)su.c     5.8 (Berkeley) %G%";
  #include <stdio.h>
  #include <pwd.h>
  #include <grp.h>
  #include <stdio.h>
  #include <pwd.h>
  #include <grp.h>
+#include <string.h>
+#include <unistd.h>
+#include <paths.h>
+
+#ifdef KERBEROS
+#include <kerberosIV/des.h>
+#include <kerberosIV/krb.h>
+#include <netdb.h>
+
+#define        ARGSTR  "-Kflm"
+
+int use_kerberos = 1;
+#else
+#define        ARGSTR  "-flm"
+#endif
  
  main(argc, argv)
         int argc;
  
  main(argc, argv)
         int argc;
@@ -43,30 +74,38 @@ main(argc, argv)
         register char *p, **g;
         struct group *gr;
         uid_t ruid, getuid();
         register char *p, **g;
         struct group *gr;
         uid_t ruid, getuid();
-       int asme, ch, fulllogin, fastlogin, prio;
+       int asme, ch, asthem, fastlogin, prio;
         enum { UNSET, YES, NO } iscsh = UNSET;
         char *user, *shell, *username, *cleanenv[2], *nargv[4], **np;
         enum { UNSET, YES, NO } iscsh = UNSET;
         char *user, *shell, *username, *cleanenv[2], *nargv[4], **np;
-       char namebuf[50], shellbuf[MAXPATHLEN];
-       char *crypt(), *getpass(), *getenv(), *getlogin(), *rindex(), *strcpy();
+       char shellbuf[MAXPATHLEN];
+       char *crypt(), *getpass(), *getenv(), *getlogin(), *ontty();
  
         np = &nargv[3];
         *np-- = NULL;
  
         np = &nargv[3];
         *np-- = NULL;
-       asme = fulllogin = fastlogin = 0;
-       while ((ch = getopt(argc, argv, "-flm")) != EOF)
+       asme = asthem = fastlogin = 0;
+       while ((ch = getopt(argc, argv, ARGSTR)) != EOF)
                 switch((char)ch) {
                 switch((char)ch) {
+#ifdef KERBEROS
+               case 'K':
+                       use_kerberos = 0;
+                       break;
+#endif
                 case 'f':
                         fastlogin = 1;
                         break;
                 case '-':
                 case 'l':
                 case 'f':
                         fastlogin = 1;
                         break;
                 case '-':
                 case 'l':
-                       fulllogin = 1;
+                       asme = 0;
+                       asthem = 1;
                         break;
                 case 'm':
                         asme = 1;
                         break;
                 case 'm':
                         asme = 1;
+                       asthem = 0;
                         break;
                 case '?':
                 default:
                         break;
                 case '?':
                 default:
-                       fprintf(stderr, "usage: su [-fl] [login]\n");
+                       (void)fprintf(stderr, "usage: su [%s] [login]\n",
+                           ARGSTR);
                         exit(1);
                 }
         argv += optind;
                         exit(1);
                 }
         argv += optind;
@@ -76,60 +115,84 @@ main(argc, argv)
         if (errno)
                 prio = 0;
         (void)setpriority(PRIO_PROCESS, 0, -2);
         if (errno)
                 prio = 0;
         (void)setpriority(PRIO_PROCESS, 0, -2);
+       openlog("su", LOG_CONS, 0);
  
         /* get current login name and shell */
  
         /* get current login name and shell */
-       if ((pwd = getpwuid(ruid = getuid())) == NULL) {
+       ruid = getuid();
+       username = getlogin();
+       if (username == NULL || (pwd = getpwnam(username)) == NULL ||
+           pwd->pw_uid != ruid)
+               pwd = getpwuid(ruid);
+       if (pwd == NULL) {
                 fprintf(stderr, "su: who are you?\n");
                 exit(1);
         }
                 fprintf(stderr, "su: who are you?\n");
                 exit(1);
         }
-       username = strcpy(namebuf, pwd->pw_name);
+       username = strdup(pwd->pw_name);
         if (asme)
                 if (pwd->pw_shell && *pwd->pw_shell)
                         shell = strcpy(shellbuf,  pwd->pw_shell);
                 else {
         if (asme)
                 if (pwd->pw_shell && *pwd->pw_shell)
                         shell = strcpy(shellbuf,  pwd->pw_shell);
                 else {
-                       shell = "/bin/sh";
+                       shell = _PATH_BSHELL;
                         iscsh = NO;
                 }
  
                         iscsh = NO;
                 }
  
-       /* get target login information */
+       /* get target login information, default to root */
         user = *argv ? *argv : "root";
         if ((pwd = getpwnam(user)) == NULL) {
                 fprintf(stderr, "su: unknown login %s\n", user);
                 exit(1);
         }
  
         user = *argv ? *argv : "root";
         if ((pwd = getpwnam(user)) == NULL) {
                 fprintf(stderr, "su: unknown login %s\n", user);
                 exit(1);
         }
  
-       /* only allow those in group zero to su to root. */
-       if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
-               for (g = gr->gr_mem;; ++g) {
-                       if (!*g) {
-                               fprintf(stderr, "su: you are not in the correct group to su %s.\n", user);
+       if (ruid) {
+#ifdef KERBEROS
+           if (!use_kerberos || kerberos(username, user, pwd->pw_uid))
+#endif
+           {
+               /* only allow those in group zero to su to root. */
+               if (pwd->pw_uid == 0 && (gr = getgrgid((gid_t)0)))
+                       for (g = gr->gr_mem;; ++g) {
+                               if (!*g) {
+                                       (void)fprintf(stderr,
+                           "su: you are not in the correct group to su %s.\n",
+                                           user);
+                                       exit(1);
+                               }
+                               if (!strcmp(username, *g))
+                                       break;
+               }
+               /* if target requires a password, verify it */
+               if (*pwd->pw_passwd) {
+                       p = getpass("Password:");
+#ifdef DES
+                       if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
+#else
+                       if (strcmp(pwd->pw_passwd, p)) {
+#endif
+                               fprintf(stderr, "Sorry\n");
+                               syslog(LOG_AUTH|LOG_WARNING,
+                                       "BAD SU %s to %s%s", username,
+                                       user, ontty());
                                 exit(1);
                         }
                                 exit(1);
                         }
-                       if (!strcmp(username, *g))
-                               break;
                 }
                 }
+           }
+       }
  
  
-       /* if target requires a password, verify it */
-       if (ruid && *pwd->pw_passwd) {
-               p = getpass("Password:");
-               if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
-                       fprintf(stderr, "Sorry\n");
-                       if (pwd->pw_uid == 0)
-                               syslog(LOG_CRIT|LOG_AUTH, "su: BAD SU %s on %s", username, ttyname(2));
+       if (asme) {
+               /* if asme and non-standard target shell, must be root */
+               if (!chshell(pwd->pw_shell) && ruid) {
+                       (void)fprintf(stderr,
+                               "su: permission denied (shell).\n");
                         exit(1);
                 }
                         exit(1);
                 }
+       } else if (pwd->pw_shell && *pwd->pw_shell) {
+               shell = pwd->pw_shell;
+               iscsh = UNSET;
+       } else {
+               shell = _PATH_BSHELL;
+               iscsh = NO;
         }
  
         }
  
-       /* if not asme or target has no password, use their shell */
-       if (!asme || !*pwd->pw_passwd)
-               if (pwd->pw_shell && *pwd->pw_shell) {
-                       shell = pwd->pw_shell;
-                       iscsh = UNSET;
-               } else {
-                       shell = "/bin/sh";
-                       iscsh = NO;
-               }
-
         /* if we're forking a csh, we want to slightly muck the args */
         if (iscsh == UNSET) {
                 if (p = rindex(shell, '/'))
         /* if we're forking a csh, we want to slightly muck the args */
         if (iscsh == UNSET) {
                 if (p = rindex(shell, '/'))
@@ -145,7 +208,7 @@ main(argc, argv)
                 exit(1);
         }
         if (initgroups(user, pwd->pw_gid)) {
                 exit(1);
         }
         if (initgroups(user, pwd->pw_gid)) {
-               fprintf(stderr, "su: initgroups failed\n");
+               (void)fprintf(stderr, "su: initgroups failed.\n");
                 exit(1);
         }
         if (setuid(pwd->pw_uid) < 0) {
                 exit(1);
         }
         if (setuid(pwd->pw_uid) < 0) {
@@ -154,9 +217,9 @@ main(argc, argv)
         }
  
         if (!asme) {
         }
  
         if (!asme) {
-               if (fulllogin) {
+               if (asthem) {
                         p = getenv("TERM");
                         p = getenv("TERM");
-                       cleanenv[0] = "PATH=:/usr/ucb:/bin:/usr/bin";
+                       cleanenv[0] = _PATH_DEFPATH;
                         cleanenv[1] = NULL;
                         environ = cleanenv;
                         (void)setenv("TERM", p, 1);
                         cleanenv[1] = NULL;
                         environ = cleanenv;
                         (void)setenv("TERM", p, 1);
@@ -165,7 +228,7 @@ main(argc, argv)
                                 exit(1);
                         }
                 }
                                 exit(1);
                         }
                 }
-               if (fulllogin || pwd->pw_uid)
+               if (asthem || pwd->pw_uid)
                         (void)setenv("USER", pwd->pw_name, 1);
                 (void)setenv("HOME", pwd->pw_dir, 1);
                 (void)setenv("SHELL", shell, 1);
                         (void)setenv("USER", pwd->pw_name, 1);
                 (void)setenv("HOME", pwd->pw_dir, 1);
                 (void)setenv("SHELL", shell, 1);
@@ -179,15 +242,175 @@ main(argc, argv)
         }
  
         /* csh strips the first character... */
         }
  
         /* csh strips the first character... */
-       *np = fulllogin ? "-su" : iscsh == YES ? "_su" : "su";
+       *np = asthem ? "-su" : iscsh == YES ? "_su" : "su";
  
  
-       if (pwd->pw_uid == 0)
-               syslog(LOG_NOTICE|LOG_AUTH, "su: %s on %s",
-                   username, ttyname(2));
+       if (ruid != 0)
+               syslog(LOG_NOTICE|LOG_AUTH, "%s to %s%s",
+                   username, user, ontty());
  
         (void)setpriority(PRIO_PROCESS, 0, prio);
  
         execv(shell, np);
  
         (void)setpriority(PRIO_PROCESS, 0, prio);
  
         execv(shell, np);
-       fprintf(stderr, "su: no shell.\n");
+       (void)fprintf(stderr, "su: %s not found.\n", shell);
         exit(1);
  }
         exit(1);
  }
+
+chshell(sh)
+       char *sh;
+{
+       register char *cp;
+       char *getusershell();
+
+       while ((cp = getusershell()) != NULL)
+               if (!strcmp(cp, sh))
+                       return (1);
+       return (0);
+}
+
+char *
+ontty()
+{
+       char *p, *ttyname();
+       static char buf[MAXPATHLEN + 4];
+
+       buf[0] = 0;
+       if (p = ttyname(STDERR_FILENO))
+               sprintf(buf, " on %s", p);
+       return (buf);
+}
+
+#ifdef KERBEROS
+kerberos(username, user, uid)
+       char *username, *user;
+       int uid;
+{
+       extern char *krb_err_txt[];
+       KTEXT_ST ticket;
+       AUTH_DAT authdata;
+       struct hostent *hp;
+       register char *p;
+       int kerno;
+       u_long faddr;
+       char lrealm[REALM_SZ], krbtkfile[MAXPATHLEN];
+       char hostname[MAXHOSTNAMELEN], savehost[MAXHOSTNAMELEN];
+       char *ontty(), *krb_get_phost();
+
+       if (krb_get_lrealm(lrealm, 1) != KSUCCESS)
+               return (1);
+       if (koktologin(username, lrealm, user) && !uid) {
+               (void)fprintf(stderr, "kerberos su: not in %s's ACL.\n", user);
+               return (1);
+       }
+       (void)sprintf(krbtkfile, "%s_%s_%d", TKT_ROOT, user, getuid());
+
+       (void)setenv("KRBTKFILE", krbtkfile, 1);
+       (void)krb_set_tkt_string(krbtkfile);
+       /*
+        * Set real as well as effective ID to 0 for the moment,
+        * to make the kerberos library do the right thing.
+        */
+       if (setuid(0) < 0) {
+               perror("su: setuid");
+               return (1);
+       }
+
+       /*
+        * Little trick here -- if we are su'ing to root,
+        * we need to get a ticket for "xxx.root", where xxx represents
+        * the name of the person su'ing.  Otherwise (non-root case),
+        * we need to get a ticket for "yyy.", where yyy represents
+        * the name of the person being su'd to, and the instance is null
+        *
+        * We should have a way to set the ticket lifetime,
+        * with a system default for root.
+        */
+       kerno = krb_get_pw_in_tkt((uid == 0 ? username : user),
+               (uid == 0 ? "root" : ""), lrealm,
+               "krbtgt", lrealm, DEFAULT_TKT_LIFE, 0);
+
+       if (kerno != KSUCCESS) {
+               if (kerno == KDC_PR_UNKNOWN) {
+                       fprintf(stderr, "principal unknown: %s.%s@%s\n",
+                               (uid == 0 ? username : user),
+                               (uid == 0 ? "root" : ""), lrealm);
+                       return (1);
+               }
+               (void)fprintf(stderr, "su: unable to su: %s\n",
+                   krb_err_txt[kerno]);
+               syslog(LOG_NOTICE|LOG_AUTH,
+                   "BAD Kerberos SU: %s to %s%s: %s",
+                   username, user, ontty(), krb_err_txt[kerno]);
+               return (1);
+       }
+
+       if (chown(krbtkfile, uid, -1) < 0) {
+               perror("su: chown:");
+               (void)unlink(krbtkfile);
+               return (1);
+       }
+
+       (void)setpriority(PRIO_PROCESS, 0, -2);
+
+       if (gethostname(hostname, sizeof(hostname)) == -1) {
+               perror("su: gethostname");
+               dest_tkt();
+               return (1);
+       }
+
+       (void)strncpy(savehost, krb_get_phost(hostname), sizeof(savehost));
+       savehost[sizeof(savehost) - 1] = '\0';
+
+       kerno = krb_mk_req(&ticket, "rcmd", savehost, lrealm, 33);
+
+       if (kerno == KDC_PR_UNKNOWN) {
+               (void)fprintf(stderr, "Warning: TGT not verified.\n");
+               syslog(LOG_NOTICE|LOG_AUTH,
+                   "%s to %s%s, TGT not verified (%s); %s.%s not registered?",
+                   username, user, ontty(), krb_err_txt[kerno],
+                   "rcmd", savehost);
+       } else if (kerno != KSUCCESS) {
+               (void)fprintf(stderr, "Unable to use TGT: %s\n",
+                   krb_err_txt[kerno]);
+               syslog(LOG_NOTICE|LOG_AUTH, "failed su: %s to %s%s: %s",
+                   username, user, ontty(), krb_err_txt[kerno]);
+               dest_tkt();
+               return (1);
+       } else {
+               if (!(hp = gethostbyname(hostname))) {
+                       (void)fprintf(stderr, "su: can't get addr of %s\n",
+                           hostname);
+                       dest_tkt();
+                       return (1);
+               }
+               (void)bcopy((char *)hp->h_addr, (char *)&faddr, sizeof(faddr));
+
+               if ((kerno = krb_rd_req(&ticket, "rcmd", savehost, faddr,
+                   &authdata, "")) != KSUCCESS) {
+                       (void)fprintf(stderr,
+                           "su: unable to verify rcmd ticket: %s\n",
+                           krb_err_txt[kerno]);
+                       syslog(LOG_NOTICE|LOG_AUTH,
+                           "failed su: %s to %s%s: %s", username,
+                            user, ontty(), krb_err_txt[kerno]);
+                       dest_tkt();
+                       return (1);
+               }
+       }
+       return (0);
+}
+
+koktologin(name, realm, toname)
+       char *name, *realm, *toname;
+{
+       register AUTH_DAT *kdata;
+       AUTH_DAT kdata_st;
+
+       kdata = &kdata_st;
+       bzero((caddr_t) kdata, sizeof(*kdata));
+       (void)strcpy(kdata->pname, name);
+       (void)strcpy(kdata->pinst,
+           ((strcmp(toname, "root") == 0) ? "root" : ""));
+       (void)strcpy(kdata->prealm, realm);
+       return (kuserok(kdata, toname));
+}
+#endif