xref: /freebsd/crypto/heimdal/appl/su/su.c (revision ae83180158c4c937f170e31eff311b18c0286a93)
1 /*
2  * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan
3  * (Royal Institute of Technology, Stockholm, Sweden).
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  *    notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * 3. Neither the name of KTH nor the names of its contributors may be
18  *    used to endorse or promote products derived from this software without
19  *    specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25  * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28  * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32 
33 #include <config.h>
34 
35 RCSID("$Id: su.c,v 1.23 2002/01/09 19:40:12 nectar Exp $");
36 
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 
41 #include <syslog.h>
42 
43 #ifdef HAVE_PATHS_H
44 #include <paths.h>
45 #endif
46 
47 #ifdef HAVE_SHADOW_H
48 #include <shadow.h>
49 #endif
50 
51 #include <pwd.h>
52 
53 #ifdef HAVE_OPENSSL
54 #include <openssl/des.h>
55 #else
56 #include <des.h>
57 #endif
58 #include <krb5.h>
59 #include <kafs.h>
60 #include <err.h>
61 #include <roken.h>
62 #include <getarg.h>
63 #include <kafs.h>
64 
65 #ifndef _PATH_DEFPATH
66 #define _PATH_DEFPATH "/usr/bin:/bin"
67 #endif
68 
69 #ifndef _PATH_BSHELL
70 #define _PATH_BSHELL "/bin/sh"
71 #endif
72 
73 int kerberos_flag = 1;
74 int csh_f_flag;
75 int full_login;
76 int env_flag;
77 char *kerberos_instance = "root";
78 int help_flag;
79 int version_flag;
80 char *cmd;
81 
82 struct getargs args[] = {
83     { "kerberos", 'K', arg_negative_flag, &kerberos_flag,
84       "don't use kerberos" },
85     { NULL,	  'f', arg_flag,	  &csh_f_flag,
86       "don't read .cshrc" },
87     { "full",	  'l', arg_flag,          &full_login,
88       "simulate full login" },
89     { NULL,	  'm', arg_flag,          &env_flag,
90       "leave environment unmodified" },
91     { "instance", 'i', arg_string,        &kerberos_instance,
92       "root instance to use" },
93     { "command",  'c', arg_string,        &cmd,
94       "command to execute" },
95     { "help", 	  'h', arg_flag,          &help_flag },
96     { "version",  0,   arg_flag,          &version_flag },
97 };
98 
99 
100 static void
101 usage (int ret)
102 {
103     arg_printusage (args,
104 		    sizeof(args)/sizeof(*args),
105 		    NULL,
106 		    "[login [shell arguments]]");
107     exit (ret);
108 }
109 
110 static void
111 free_info(struct passwd *p)
112 {
113     free (p->pw_name);
114     free (p->pw_passwd);
115     free (p->pw_dir);
116     free (p->pw_shell);
117     free (p);
118 }
119 
120 static struct passwd*
121 dup_info(const struct passwd *pwd)
122 {
123     struct passwd *info;
124 
125     info = malloc(sizeof(*info));
126     if(info == NULL)
127 	return NULL;
128     info->pw_name = strdup(pwd->pw_name);
129     info->pw_passwd = strdup(pwd->pw_passwd);
130     info->pw_uid = pwd->pw_uid;
131     info->pw_gid = pwd->pw_gid;
132     info->pw_dir = strdup(pwd->pw_dir);
133     info->pw_shell = strdup(pwd->pw_shell);
134     if(info->pw_name == NULL || info->pw_passwd == NULL ||
135        info->pw_dir == NULL || info->pw_shell == NULL) {
136 	free_info (info);
137 	return NULL;
138     }
139     return info;
140 }
141 
142 #ifdef KRB5
143 static krb5_context context;
144 static krb5_ccache ccache;
145 #endif
146 
147 static int
148 krb5_verify(const struct passwd *login_info,
149 	    const struct passwd *su_info,
150 	    const char *kerberos_instance)
151 {
152 #ifdef KRB5
153     krb5_error_code ret;
154     krb5_principal p;
155     char *login_name = NULL;
156 
157 #if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
158     login_name = getlogin();
159 #endif
160     ret = krb5_init_context (&context);
161     if (ret) {
162 #if 0
163 	warnx("krb5_init_context failed: %d", ret);
164 #endif
165 	return 1;
166     }
167 
168     if (login_name == NULL || strcmp (login_name, "root") == 0)
169 	login_name = login_info->pw_name;
170     if (strcmp (su_info->pw_name, "root") == 0)
171 	ret = krb5_make_principal(context, &p, NULL,
172 				  login_name,
173 				  kerberos_instance,
174 				  NULL);
175     else
176 	ret = krb5_make_principal(context, &p, NULL,
177 				  su_info->pw_name,
178 				  NULL);
179     if(ret)
180 	return 1;
181 
182     if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) {
183 	ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache);
184 	if(ret) {
185 #if 1
186 	    krb5_warn(context, ret, "krb5_cc_gen_new");
187 #endif
188 	    krb5_free_principal (context, p);
189 	    return 1;
190 	}
191 	ret = krb5_verify_user_lrealm(context, p, ccache, NULL, TRUE, NULL);
192 	krb5_free_principal (context, p);
193 	if(ret) {
194 	    krb5_cc_destroy(context, ccache);
195 	    switch (ret) {
196 	    case KRB5_LIBOS_PWDINTR :
197 		break;
198 	    case KRB5KRB_AP_ERR_BAD_INTEGRITY:
199 	    case KRB5KRB_AP_ERR_MODIFIED:
200 		krb5_warnx(context, "Password incorrect");
201 		break;
202 	    default :
203 		krb5_warn(context, ret, "krb5_verify_user");
204 		break;
205 	    }
206 	    return 1;
207 	}
208 	return 0;
209     }
210     krb5_free_principal (context, p);
211 #endif
212     return 1;
213 }
214 
215 #ifdef KRB5
216 static int
217 krb5_start_session(void)
218 {
219     krb5_ccache ccache2;
220     char *cc_name;
221     int ret;
222 
223     ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2);
224     if (ret) {
225 	krb5_cc_destroy(context, ccache);
226 	return 1;
227     }
228 
229     ret = krb5_cc_copy_cache(context, ccache, ccache2);
230 
231     asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
232 	     krb5_cc_get_name(context, ccache2));
233     esetenv("KRB5CCNAME", cc_name, 1);
234 
235     /* we want to export this even if we don't directly support KRB4 */
236     {
237 #ifndef TKT_ROOT
238 #define TKT_ROOT "/tmp/tkt"
239 #endif
240 	int fd;
241 	char tkfile[256];
242 	strlcpy(tkfile, TKT_ROOT, sizeof(tkfile));
243 	strlcat(tkfile, "_XXXXXX", sizeof(tkfile));
244 	fd = mkstemp(tkfile);
245 	if(fd >= 0) {
246 	    close(fd);
247 	    esetenv("KRBTKFILE", tkfile, 1);
248 	}
249     }
250 
251 #ifdef KRB4
252     /* convert creds? */
253     if(k_hasafs()) {
254 	if (k_setpag() == 0)
255 	    krb5_afslog(context, ccache2, NULL, NULL);
256     }
257 #endif
258 
259     krb5_cc_close(context, ccache2);
260     krb5_cc_destroy(context, ccache);
261     return 0;
262 }
263 #endif
264 
265 static int
266 verify_unix(struct passwd *su)
267 {
268     char prompt[128];
269     char pw_buf[1024];
270     char *pw;
271     int r;
272     if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
273 	snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
274 	r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
275 	if(r != 0)
276 	    exit(0);
277 	pw = crypt(pw_buf, su->pw_passwd);
278 	memset(pw_buf, 0, sizeof(pw_buf));
279 	if(strcmp(pw, su->pw_passwd) != 0)
280 	    return 1;
281     }
282     return 0;
283 }
284 
285 int
286 main(int argc, char **argv)
287 {
288     int i, optind = 0;
289     char *su_user;
290     struct passwd *su_info;
291     struct passwd *login_info;
292 
293     struct passwd *pwd;
294 
295     char *shell;
296 
297     int ok = 0;
298     int kerberos_error=1;
299 
300     setprogname (argv[0]);
301 
302     if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
303 	usage(1);
304 
305     for (i=0; i < optind; i++)
306       if (strcmp(argv[i], "-") == 0) {
307 	 full_login = 1;
308 	 break;
309       }
310 
311     if(help_flag)
312 	usage(0);
313     if(version_flag) {
314 	print_version(NULL);
315 	exit(0);
316     }
317     if(optind >= argc)
318 	su_user = "root";
319     else
320 	su_user = argv[optind++];
321 
322     pwd = k_getpwnam(su_user);
323     if(pwd == NULL)
324 	errx (1, "unknown login %s", su_user);
325     if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) {
326 	syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user);
327 	errx (1, "unknown login %s", su_user);
328     }
329     su_info = dup_info(pwd);
330     if (su_info == NULL)
331 	errx (1, "malloc: out of memory");
332 
333 	pwd = getpwuid(getuid());
334     if(pwd == NULL)
335 	errx(1, "who are you?");
336     login_info = dup_info(pwd);
337     if (login_info == NULL)
338 	errx (1, "malloc: out of memory");
339     if(env_flag)
340 	shell = login_info->pw_shell;
341     else
342 	shell = su_info->pw_shell;
343     if(shell == NULL || *shell == '\0')
344 	shell = _PATH_BSHELL;
345 
346     if(kerberos_flag && ok == 0 &&
347       (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0)
348 	ok++;
349 
350     if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) {
351 	printf("Sorry!\n");
352 	exit(1);
353     }
354 
355 #ifdef HAVE_GETSPNAM
356    {  struct spwd *sp;
357       long    today;
358 
359     sp = getspnam(su_info->pw_name);
360     if (sp != NULL) {
361 	today = time(0)/(24L * 60 * 60);
362 	if (sp->sp_expire > 0) {
363 	    if (today >= sp->sp_expire) {
364 		if (login_info->pw_uid)
365 		    errx(1,"Your account has expired.");
366 		else
367 		    printf("Your account has expired.");
368             }
369             else if (sp->sp_expire - today < 14)
370                 printf("Your account will expire in %d days.\n",
371 		       (int)(sp->sp_expire - today));
372 	}
373 	if (sp->sp_max > 0) {
374 	    if (today >= sp->sp_lstchg + sp->sp_max) {
375 		if (login_info->pw_uid)
376 		    errx(1,"Your password has expired. Choose a new one.");
377 		else
378 		    printf("Your password has expired. Choose a new one.");
379 	    }
380 	    else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn)
381 		printf("Your account will expire in %d days.\n",
382 		       (int)(sp->sp_lstchg + sp->sp_max -today));
383 	}
384     }
385     }
386 #endif
387     {
388 	char *tty = ttyname (STDERR_FILENO);
389 	syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s" : "%s to %s on %s",
390 		login_info->pw_name, su_info->pw_name, tty);
391     }
392 
393 
394     if(!env_flag) {
395 	if(full_login) {
396 	    char *t = getenv ("TERM");
397 
398 	    environ = malloc (10 * sizeof (char *));
399 	    if (environ == NULL)
400 		err (1, "malloc");
401 	    environ[0] = NULL;
402 	    esetenv ("PATH", _PATH_DEFPATH, 1);
403 	    if (t)
404 		esetenv ("TERM", t, 1);
405 	    if (chdir (su_info->pw_dir) < 0)
406 		errx (1, "no directory");
407 	}
408 	if (full_login || su_info->pw_uid)
409 	    esetenv ("USER", su_info->pw_name, 1);
410 	esetenv("HOME", su_info->pw_dir, 1);
411 	esetenv("SHELL", shell, 1);
412     }
413 
414     {
415 	int i;
416 	char **args;
417 	char *p;
418 
419 	p = strrchr(shell, '/');
420 	if(p)
421 	    p++;
422 	else
423 	    p = shell;
424 
425 	if (strcmp(p, "csh") != 0)
426 	    csh_f_flag = 0;
427 
428         args = malloc(((cmd ? 2 : 0) + 1 + argc - optind + 1 + csh_f_flag) * sizeof(*args));
429 	if (args == NULL)
430 	    err (1, "malloc");
431 	i = 0;
432 	if(full_login)
433 	    asprintf(&args[i++], "-%s", p);
434 	else
435 	    args[i++] = p;
436 	if (cmd) {
437 	   args[i++] = "-c";
438 	   args[i++] = cmd;
439 	}
440 
441 	if (csh_f_flag)
442 	    args[i++] = "-f";
443 
444 	for (argv += optind; *argv; ++argv)
445 	   args[i++] = *argv;
446 	args[i] = NULL;
447 
448 	if(setgid(su_info->pw_gid) < 0)
449 	    err(1, "setgid");
450 	if (initgroups (su_info->pw_name, su_info->pw_gid) < 0)
451 	    err (1, "initgroups");
452 	if(setuid(su_info->pw_uid) < 0
453 	   || (su_info->pw_uid != 0 && setuid(0) == 0))
454 	    err(1, "setuid");
455 
456 #ifdef KRB5
457         if (!kerberos_error)
458            krb5_start_session();
459 #endif
460 	execv(shell, args);
461     }
462 
463     exit(1);
464 }
465