projects / unix-history / blobdiff
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Fix bug when moving tableau pile to empty slot (don't allow it).
[unix-history] / usr / src / usr.bin / su / su.c
diff --git a/usr/src/usr.bin/su/su.c b/usr/src/usr.bin/su/su.c
index 57ae34e..3ab051e 100644 (file)
--- a/usr/src/usr.bin/su/su.c
+++ b/usr/src/usr.bin/su/su.c
@@ -1,9 +1,23 @@
+/*
+ * Copyright (c) 1980 Regents of the University of California.
+ * All rights reserved.  The Berkeley software License Agreement
+ * specifies the terms and conditions for redistribution.
+ */
+
+#ifndef lint
+char copyright[] =
+"@(#) Copyright (c) 1980 Regents of the University of California.\n\
+ All rights reserved.\n";
+#endif not lint
+
 #ifndef lint
 #ifndef lint
-static char *sccsid = "@(#)su.c        4.7 (Berkeley) %G%";
-#endif
+static char sccsid[] = "@(#)su.c       5.3 (Berkeley) %G%";
+#endif not lint
 
 #include <stdio.h>
 #include <pwd.h>
 
 #include <stdio.h>
 #include <pwd.h>
+#include <grp.h>
+#include <syslog.h>
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/resource.h>
 #include <sys/types.h>
 #include <sys/time.h>
 #include <sys/resource.h>
@@ -19,7 +33,7 @@ int   fulllogin;
 int    fastlogin;
 
 extern char    **environ;
 int    fastlogin;
 
 extern char    **environ;
-struct passwd *pwd,*getpwnam();
+struct passwd *pwd;
 char   *crypt();
 char   *getpass();
 char   *getenv();
 char   *crypt();
 char   *getpass();
 char   *getenv();
@@ -32,6 +46,8 @@ main(argc,argv)
        char buf[1000];
        FILE *fp;
 
        char buf[1000];
        FILE *fp;
 
+       openlog("su", LOG_ODELAY, LOG_AUTH);
+
 again:
        if (argc > 1 && strcmp(argv[1], "-f") == 0) {
                fastlogin++;
 again:
        if (argc > 1 && strcmp(argv[1], "-f") == 0) {
                fastlogin++;
@@ -47,59 +63,50 @@ again:
                user = argv[1];
                argc--, argv++;
        }
                user = argv[1];
                argc--, argv++;
        }
-       if (strcmp(user, "root") == 0) {
-               /*
-                * Read the "/.suok" file for list of people who can su.
-                */
-               if ((pwd = getpwuid(getuid())) == NULL) {
-                       fprintf(stderr, "Who are you?\n");
-                       exit(1);
-               }
-               if ((fp = fopen("/.suok", "r")) != NULL) {
-                       while ((fgets(buf, sizeof(buf), fp)) != NULL) {
-                               /* blast newline */
-                               buf[strlen(buf) - 1] = '\0';
-                               if (strcmp(pwd->pw_name, buf) == 0) {
-                                       fclose(fp);
+       if ((pwd = getpwuid(getuid())) == NULL) {
+               fprintf(stderr, "Who are you?\n");
+               exit(1);
+       }
+       strcpy(buf, pwd->pw_name);
+       if ((pwd = getpwnam(user)) == NULL) {
+               fprintf(stderr, "Unknown login: %s\n", user);
+               exit(1);
+       }
+       /*
+        * Only allow those in group zero to su to root.
+        */
+       if (pwd->pw_uid == 0) {
+               struct  group *gr;
+               int i;
+
+               if ((gr = getgrgid(0)) != NULL) {
+                       for (i = 0; gr->gr_mem[i] != NULL; i++)
+                               if (strcmp(buf, gr->gr_mem[i]) == 0)
                                        goto userok;
                                        goto userok;
-                               }
-                       }
-                       fclose(fp);
-                       fprintf(stderr, "You do not have permission to su root\n");
+                       fprintf(stderr, "You do not have permission to su %s\n",
+                               user);
                        exit(1);
                }
        userok:
                setpriority(PRIO_PROCESS, 0, -2);
        }
 
                        exit(1);
                }
        userok:
                setpriority(PRIO_PROCESS, 0, -2);
        }
 
-       if ((pwd = getpwnam(user)) == NULL) {
-               fprintf(stderr, "Unknown login: %s\n", user);
-               exit(1);
-       }
        if (pwd->pw_passwd[0] == '\0' || getuid() == 0)
                goto ok;
        password = getpass("Password:");
        if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
                fprintf(stderr, "Sorry\n");
                if (pwd->pw_uid == 0) {
        if (pwd->pw_passwd[0] == '\0' || getuid() == 0)
                goto ok;
        password = getpass("Password:");
        if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
                fprintf(stderr, "Sorry\n");
                if (pwd->pw_uid == 0) {
-                       FILE *console = fopen("/dev/console", "w");
-                       if (console != NULL) {
-                               fprintf(console, "BADSU: %s %s\r\n",
+                       syslog(LOG_CRIT, "BAD SU %s on %s",
                                        getlogin(), ttyname(2));
                                        getlogin(), ttyname(2));
-                               fclose(console);
-                       }
                }
                exit(2);
        }
 ok:
        endpwent();
        if (pwd->pw_uid == 0) {
                }
                exit(2);
        }
 ok:
        endpwent();
        if (pwd->pw_uid == 0) {
-               FILE *console = fopen("/dev/console", "w");
-               if (console != NULL) {
-                       fprintf(console, "SU: %s %s\r\n",
-                               getlogin(), ttyname(2));
-                       fclose(console);
-               }
+               syslog(LOG_NOTICE, "%s on %s", getlogin(), ttyname(2));
+               closelog();
        }
        if (setgid(pwd->pw_gid) < 0) {
                perror("su: setgid");
        }
        if (setgid(pwd->pw_gid) < 0) {
                perror("su: setgid");
Continuous source code history from original PDP-7 UNIX to FreeBSD 2, the first fully unencumbered FreeBSD release.