xref: /freebsd/crypto/heimdal/appl/su/su.c (revision 59c8e88e72633afbc47a4ace0d2170d00d51f7dc)
1 /*
2  * Copyright (c) 1999 - 2008 Kungliga Tekniska Högskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of KTH nor the names of its contributors may be
18  *    used to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32 
33 #include <config.h>
34 
35 RCSID("$Id$");
36 
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 
41 #include <syslog.h>
42 
43 #ifdef HAVE_PATHS_H
44 #include <paths.h>
45 #endif
46 
47 #ifdef HAVE_SHADOW_H
48 #include <shadow.h>
49 #endif
50 
51 #include <pwd.h>
52 #ifdef HAVE_CRYPT_H
53 #include <crypt.h>
54 #endif
55 
56 #include "crypto-headers.h"
57 #ifdef KRB5
58 #include <krb5.h>
59 #endif
60 #include <kafs.h>
61 #include <err.h>
62 #include <roken.h>
63 #include <getarg.h>
64 
65 #include "supaths.h"
66 
67 #if !HAVE_DECL_ENVIRON
68 extern char **environ;
69 #endif
70 
71 int kerberos_flag = 1;
72 int csh_f_flag;
73 int full_login;
74 int env_flag;
75 char *kerberos_instance = "root";
76 int help_flag;
77 int version_flag;
78 char *cmd;
79 char tkfile[256];
80 
81 struct getargs args[] = {
82     { "kerberos", 'K', arg_negative_flag, &kerberos_flag,
83       "don't use kerberos" },
84     { NULL,	  'f', arg_flag,	  &csh_f_flag,
85       "don't read .cshrc" },
86     { "full",	  'l', arg_flag,          &full_login,
87       "simulate full login" },
88     { NULL,	  'm', arg_flag,          &env_flag,
89       "leave environment unmodified" },
90     { "instance", 'i', arg_string,        &kerberos_instance,
91       "root instance to use" },
92     { "command",  'c', arg_string,        &cmd,
93       "command to execute" },
94     { "help", 	  'h', arg_flag,          &help_flag },
95     { "version",  0,   arg_flag,          &version_flag },
96 };
97 
98 
99 static void
100 usage (int ret)
101 {
102     arg_printusage (args,
103 		    sizeof(args)/sizeof(*args),
104 		    NULL,
105 		    "[login [shell arguments]]");
106     exit (ret);
107 }
108 
109 static void
110 free_info(struct passwd *p)
111 {
112     free (p->pw_name);
113     free (p->pw_passwd);
114     free (p->pw_dir);
115     free (p->pw_shell);
116     free (p);
117 }
118 
119 static struct passwd*
120 dup_info(const struct passwd *pwd)
121 {
122     struct passwd *info;
123 
124     info = malloc(sizeof(*info));
125     if(info == NULL)
126 	return NULL;
127     info->pw_name = strdup(pwd->pw_name);
128     info->pw_passwd = strdup(pwd->pw_passwd);
129     info->pw_uid = pwd->pw_uid;
130     info->pw_gid = pwd->pw_gid;
131     info->pw_dir = strdup(pwd->pw_dir);
132     info->pw_shell = strdup(pwd->pw_shell);
133     if(info->pw_name == NULL || info->pw_passwd == NULL ||
134        info->pw_dir == NULL || info->pw_shell == NULL) {
135 	free_info (info);
136 	return NULL;
137     }
138     return info;
139 }
140 
141 #ifdef KRB5
142 static krb5_context context;
143 static krb5_ccache ccache;
144 
145 static int
146 krb5_verify(const struct passwd *login_info,
147 	    const struct passwd *su_info,
148 	    const char *kerberos_instance)
149 {
150     krb5_error_code ret;
151     krb5_principal p;
152     krb5_realm *realms, *r;
153     char *login_name = NULL;
154     int user_ok = 0;
155 
156 #if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
157     login_name = getlogin();
158 #endif
159     ret = krb5_init_context (&context);
160     if (ret) {
161 #if 0
162 	warnx("krb5_init_context failed: %d", ret);
163 #endif
164 	return 1;
165     }
166 
167     ret = krb5_get_default_realms(context, &realms);
168     if (ret)
169 	return 1;
170 
171     /* Check all local realms */
172     for (r = realms; *r != NULL && !user_ok; r++) {
173 
174 	if (login_name == NULL || strcmp (login_name, "root") == 0)
175 	    login_name = login_info->pw_name;
176 	if (strcmp (su_info->pw_name, "root") == 0)
177 	    ret = krb5_make_principal(context, &p, *r,
178 				      login_name,
179 				      kerberos_instance,
180 				      NULL);
181 	else
182 	    ret = krb5_make_principal(context, &p, *r,
183 				      su_info->pw_name,
184 				      NULL);
185 	if (ret) {
186 	    krb5_free_host_realm(context, realms);
187 	    return 1;
188 	}
189 
190 	/* if we are su-ing too root, check with krb5_kuserok */
191 	if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name))
192 	    continue;
193 
194 	ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache);
195 	if(ret) {
196 	    krb5_free_host_realm(context, realms);
197 	    krb5_free_principal (context, p);
198 	    return 1;
199 	}
200   	ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL);
201 	krb5_free_principal (context, p);
202 	switch (ret) {
203 	case 0:
204 	    user_ok = 1;
205 	    break;
206 	case KRB5_LIBOS_PWDINTR :
207 	    krb5_cc_destroy(context, ccache);
208 	    break;
209 	case KRB5KRB_AP_ERR_BAD_INTEGRITY:
210 	case KRB5KRB_AP_ERR_MODIFIED:
211 	    krb5_cc_destroy(context, ccache);
212 	    krb5_warnx(context, "Password incorrect");
213 	    break;
214 	default :
215 	    krb5_cc_destroy(context, ccache);
216 	    krb5_warn(context, ret, "krb5_verify_user");
217 	    break;
218 	}
219     }
220     krb5_free_host_realm(context, realms);
221     if (!user_ok)
222 	return 1;
223     return 0;
224 }
225 
226 static int
227 krb5_start_session(void)
228 {
229     krb5_ccache ccache2;
230     char *cc_name;
231     int ret;
232 
233     ret = krb5_cc_new_unique(context, krb5_cc_type_file, NULL, &ccache2);
234     if (ret) {
235 	krb5_cc_destroy(context, ccache);
236 	return 1;
237     }
238 
239     ret = krb5_cc_copy_cache(context, ccache, ccache2);
240     if (ret) {
241 	krb5_cc_destroy(context, ccache);
242 	krb5_cc_destroy(context, ccache2);
243 	return 1;
244     }
245 
246     ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
247 		   krb5_cc_get_name(context, ccache2));
248     if (ret == -1) {
249 	krb5_cc_destroy(context, ccache);
250 	krb5_cc_destroy(context, ccache2);
251 	errx(1, "malloc - out of memory");
252     }
253     esetenv("KRB5CCNAME", cc_name, 1);
254 
255     /* convert creds? */
256     if(k_hasafs()) {
257 	if (k_setpag() == 0)
258 	    krb5_afslog(context, ccache2, NULL, NULL);
259     }
260 
261     krb5_cc_close(context, ccache2);
262     krb5_cc_destroy(context, ccache);
263     return 0;
264 }
265 #endif
266 
267 
268 #define GROUP_MEMBER		0
269 #define GROUP_MISSING		1
270 #define GROUP_EMPTY		2
271 #define GROUP_NOT_MEMBER	3
272 
273 static int
274 group_member_p(const char *group, const char *user)
275 {
276     struct group *g;
277     int i;
278     g = getgrnam(group);
279     if(g == NULL)
280 	return GROUP_MISSING;
281     if(g->gr_mem[0] == NULL)
282 	return GROUP_EMPTY;
283     for(i = 0; g->gr_mem[i] != NULL; i++)
284 	if(strcmp(user, g->gr_mem[i]) == 0)
285 	    return GROUP_MEMBER;
286     return GROUP_NOT_MEMBER;
287 }
288 
289 static int
290 verify_unix(struct passwd *login, struct passwd *su)
291 {
292     char prompt[128];
293     char pw_buf[1024];
294     char *pw;
295     int r;
296     if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
297 	snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
298 	r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
299 	if(r != 0)
300 	    exit(0);
301 	pw = crypt(pw_buf, su->pw_passwd);
302 	memset(pw_buf, 0, sizeof(pw_buf));
303 	if(strcmp(pw, su->pw_passwd) != 0) {
304 	    syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
305 		    login->pw_name, su->pw_name);
306 	    return 1;
307 	}
308     }
309     /* if su:ing to root, check membership of group wheel or root; if
310        that group doesn't exist, or is empty, allow anyone to su
311        root */
312     if(su->pw_uid == 0) {
313 #ifndef ROOT_GROUP
314 #define ROOT_GROUP "wheel"
315 #endif
316 	int gs = group_member_p(ROOT_GROUP, login->pw_name);
317 	if(gs == GROUP_NOT_MEMBER) {
318 	    syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
319 		    login->pw_name, su->pw_name, ROOT_GROUP);
320 	    return 1;
321 	}
322 	return 0;
323     }
324     return 0;
325 }
326 
327 int
328 main(int argc, char **argv)
329 {
330     int i, optind = 0;
331     char *su_user;
332     struct passwd *su_info;
333     struct passwd *login_info;
334 
335     struct passwd *pwd;
336 
337     char *shell;
338 
339     int ok = 0;
340 
341     setprogname (argv[0]);
342 
343     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
344 	usage(1);
345 
346     for (i=0; i < optind; i++)
347       if (strcmp(argv[i], "-") == 0) {
348 	 full_login = 1;
349 	 break;
350       }
351 
352     if(help_flag)
353 	usage(0);
354     if(version_flag) {
355 	print_version(NULL);
356 	exit(0);
357     }
358     if(optind >= argc)
359 	su_user = "root";
360     else
361 	su_user = argv[optind++];
362 
363     if (!issuid() && getuid() != 0)
364 	warnx("Not setuid and you are not root, expect this to fail");
365 
366     pwd = k_getpwnam(su_user);
367     if(pwd == NULL)
368 	errx (1, "unknown login %s", su_user);
369     if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) {
370 	syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user);
371 	errx (1, "unknown login %s", su_user);
372     }
373     su_info = dup_info(pwd);
374     if (su_info == NULL)
375 	errx (1, "malloc: out of memory");
376 
377 	pwd = getpwuid(getuid());
378     if(pwd == NULL)
379 	errx(1, "who are you?");
380     login_info = dup_info(pwd);
381     if (login_info == NULL)
382 	errx (1, "malloc: out of memory");
383     if(env_flag)
384 	shell = login_info->pw_shell;
385     else
386 	shell = su_info->pw_shell;
387     if(shell == NULL || *shell == '\0')
388 	shell = _PATH_BSHELL;
389 
390 
391 #ifdef KRB5
392     if(kerberos_flag && ok == 0 &&
393        krb5_verify(login_info, su_info, kerberos_instance) == 0)
394 	ok = 5;
395 #endif
396 
397     if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
398 	printf("Sorry!\n");
399 	exit(1);
400     }
401 
402 #ifdef HAVE_GETSPNAM
403    {  struct spwd *sp;
404       long    today;
405 
406     sp = getspnam(su_info->pw_name);
407     if (sp != NULL) {
408 	today = time(0)/(24L * 60 * 60);
409 	if (sp->sp_expire > 0) {
410 	    if (today >= sp->sp_expire) {
411 		if (login_info->pw_uid)
412 		    errx(1,"Your account has expired.");
413 		else
414 		    printf("Your account has expired.");
415             }
416             else if (sp->sp_expire - today < 14)
417                 printf("Your account will expire in %d days.\n",
418 		       (int)(sp->sp_expire - today));
419 	}
420 	if (sp->sp_max > 0) {
421 	    if (today >= sp->sp_lstchg + sp->sp_max) {
422 		if (login_info->pw_uid)
423 		    errx(1,"Your password has expired. Choose a new one.");
424 		else
425 		    printf("Your password has expired. Choose a new one.");
426 	    }
427 	    else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn)
428 		printf("Your account will expire in %d days.\n",
429 		       (int)(sp->sp_lstchg + sp->sp_max -today));
430 	}
431     }
432     }
433 #endif
434     {
435 	char *tty = ttyname (STDERR_FILENO);
436 	syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s",
437 		login_info->pw_name, su_info->pw_name, tty);
438     }
439 
440 
441     if(!env_flag) {
442 	if(full_login) {
443 	    char *t = getenv ("TERM");
444 	    char **newenv = NULL;
445 	    int i, j;
446 
447 	    i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv);
448 
449 	    environ = malloc ((10 + i) * sizeof (char *));
450 	    if (environ == NULL)
451 		err (1, "malloc");
452 	    environ[0] = NULL;
453 
454 	    for (j = 0; j < i; j++) {
455 		char *p = strchr(newenv[j], '=');
456 		if (p == NULL)
457 		    errx(1, "enviroment '%s' missing '='", newenv[j]);
458 		*p++ = 0;
459 		esetenv (newenv[j], p, 1);
460 	    }
461 	    free(newenv);
462 
463 	    esetenv ("PATH", _PATH_DEFPATH, 1);
464 	    if (t)
465 		esetenv ("TERM", t, 1);
466 	    if (chdir (su_info->pw_dir) < 0)
467 		errx (1, "no directory");
468 	}
469 	if (full_login || su_info->pw_uid)
470 	    esetenv ("USER", su_info->pw_name, 1);
471 	esetenv("HOME", su_info->pw_dir, 1);
472 	esetenv("SHELL", shell, 1);
473     }
474 
475     {
476 	int i;
477 	char **args;
478 	char *p;
479 
480 	p = strrchr(shell, '/');
481 	if(p)
482 	    p++;
483 	else
484 	    p = shell;
485 
486 	if (strcmp(p, "csh") != 0)
487 	    csh_f_flag = 0;
488 
489         args = malloc(((cmd ? 2 : 0) + 1 + argc - optind + 1 + csh_f_flag) * sizeof(*args));
490 	if (args == NULL)
491 	    err (1, "malloc");
492 	i = 0;
493 	if(full_login) {
494 	    if (asprintf(&args[i++], "-%s", p) == -1)
495 		errx (1, "malloc");
496 	} else
497 	    args[i++] = p;
498 	if (cmd) {
499 	   args[i++] = "-c";
500 	   args[i++] = cmd;
501 	}
502 
503 	if (csh_f_flag)
504 	    args[i++] = "-f";
505 
506 	for (argv += optind; *argv; ++argv)
507 	   args[i++] = *argv;
508 	args[i] = NULL;
509 
510 	if(setgid(su_info->pw_gid) < 0)
511 	    err(1, "setgid");
512 	if (initgroups (su_info->pw_name, su_info->pw_gid) < 0)
513 	    err (1, "initgroups");
514 	if(setuid(su_info->pw_uid) < 0
515 	   || (su_info->pw_uid != 0 && setuid(0) == 0))
516 	    err(1, "setuid");
517 
518 #ifdef KRB5
519         if (ok == 5)
520            krb5_start_session();
521 #endif
522 	execve(shell, args, environ);
523     }
524 
525     exit(1);
526 }
527