1 /* 2 * Copyright (c) 1999 - 2001 Kungliga Tekniska H�gskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of KTH nor the names of its contributors may be 18 * used to endorse or promote products derived from this software without 19 * specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY 22 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 24 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE 25 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 26 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 27 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR 28 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 29 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 30 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 31 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ 32 33 #include <config.h> 34 35 RCSID("$Id: su.c,v 1.23 2002/01/09 19:40:12 nectar Exp $"); 36 37 #include <stdio.h> 38 #include <stdlib.h> 39 #include <string.h> 40 41 #include <syslog.h> 42 43 #ifdef HAVE_PATHS_H 44 #include <paths.h> 45 #endif 46 47 #ifdef HAVE_SHADOW_H 48 #include <shadow.h> 49 #endif 50 51 #include <pwd.h> 52 53 #ifdef HAVE_OPENSSL 54 #include <openssl/des.h> 55 #else 56 #include <des.h> 57 #endif 58 #include <krb5.h> 59 #include <kafs.h> 60 #include <err.h> 61 #include <roken.h> 62 #include <getarg.h> 63 #include <kafs.h> 64 65 #ifndef _PATH_DEFPATH 66 #define _PATH_DEFPATH "/usr/bin:/bin" 67 #endif 68 69 #ifndef _PATH_BSHELL 70 #define _PATH_BSHELL "/bin/sh" 71 #endif 72 73 int kerberos_flag = 1; 74 int csh_f_flag; 75 int full_login; 76 int env_flag; 77 char *kerberos_instance = "root"; 78 int help_flag; 79 int version_flag; 80 char *cmd; 81 82 struct getargs args[] = { 83 { "kerberos", 'K', arg_negative_flag, &kerberos_flag, 84 "don't use kerberos" }, 85 { NULL, 'f', arg_flag, &csh_f_flag, 86 "don't read .cshrc" }, 87 { "full", 'l', arg_flag, &full_login, 88 "simulate full login" }, 89 { NULL, 'm', arg_flag, &env_flag, 90 "leave environment unmodified" }, 91 { "instance", 'i', arg_string, &kerberos_instance, 92 "root instance to use" }, 93 { "command", 'c', arg_string, &cmd, 94 "command to execute" }, 95 { "help", 'h', arg_flag, &help_flag }, 96 { "version", 0, arg_flag, &version_flag }, 97 }; 98 99 100 static void 101 usage (int ret) 102 { 103 arg_printusage (args, 104 sizeof(args)/sizeof(*args), 105 NULL, 106 "[login [shell arguments]]"); 107 exit (ret); 108 } 109 110 static void 111 free_info(struct passwd *p) 112 { 113 free (p->pw_name); 114 free (p->pw_passwd); 115 free (p->pw_dir); 116 free (p->pw_shell); 117 free (p); 118 } 119 120 static struct passwd* 121 dup_info(const struct passwd *pwd) 122 { 123 struct passwd *info; 124 125 info = malloc(sizeof(*info)); 126 if(info == NULL) 127 return NULL; 128 info->pw_name = strdup(pwd->pw_name); 129 info->pw_passwd = strdup(pwd->pw_passwd); 130 info->pw_uid = pwd->pw_uid; 131 info->pw_gid = pwd->pw_gid; 132 info->pw_dir = strdup(pwd->pw_dir); 133 info->pw_shell = strdup(pwd->pw_shell); 134 if(info->pw_name == NULL || info->pw_passwd == NULL || 135 info->pw_dir == NULL || info->pw_shell == NULL) { 136 free_info (info); 137 return NULL; 138 } 139 return info; 140 } 141 142 #ifdef KRB5 143 static krb5_context context; 144 static krb5_ccache ccache; 145 #endif 146 147 static int 148 krb5_verify(const struct passwd *login_info, 149 const struct passwd *su_info, 150 const char *kerberos_instance) 151 { 152 #ifdef KRB5 153 krb5_error_code ret; 154 krb5_principal p; 155 char *login_name = NULL; 156 157 #if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN) 158 login_name = getlogin(); 159 #endif 160 ret = krb5_init_context (&context); 161 if (ret) { 162 #if 0 163 warnx("krb5_init_context failed: %d", ret); 164 #endif 165 return 1; 166 } 167 168 if (login_name == NULL || strcmp (login_name, "root") == 0) 169 login_name = login_info->pw_name; 170 if (strcmp (su_info->pw_name, "root") == 0) 171 ret = krb5_make_principal(context, &p, NULL, 172 login_name, 173 kerberos_instance, 174 NULL); 175 else 176 ret = krb5_make_principal(context, &p, NULL, 177 su_info->pw_name, 178 NULL); 179 if(ret) 180 return 1; 181 182 if(su_info->pw_uid != 0 || krb5_kuserok(context, p, su_info->pw_name)) { 183 ret = krb5_cc_gen_new(context, &krb5_mcc_ops, &ccache); 184 if(ret) { 185 #if 1 186 krb5_warn(context, ret, "krb5_cc_gen_new"); 187 #endif 188 krb5_free_principal (context, p); 189 return 1; 190 } 191 ret = krb5_verify_user_lrealm(context, p, ccache, NULL, TRUE, NULL); 192 krb5_free_principal (context, p); 193 if(ret) { 194 krb5_cc_destroy(context, ccache); 195 switch (ret) { 196 case KRB5_LIBOS_PWDINTR : 197 break; 198 case KRB5KRB_AP_ERR_BAD_INTEGRITY: 199 case KRB5KRB_AP_ERR_MODIFIED: 200 krb5_warnx(context, "Password incorrect"); 201 break; 202 default : 203 krb5_warn(context, ret, "krb5_verify_user"); 204 break; 205 } 206 return 1; 207 } 208 return 0; 209 } 210 krb5_free_principal (context, p); 211 #endif 212 return 1; 213 } 214 215 #ifdef KRB5 216 static int 217 krb5_start_session(void) 218 { 219 krb5_ccache ccache2; 220 char *cc_name; 221 int ret; 222 223 ret = krb5_cc_gen_new(context, &krb5_fcc_ops, &ccache2); 224 if (ret) { 225 krb5_cc_destroy(context, ccache); 226 return 1; 227 } 228 229 ret = krb5_cc_copy_cache(context, ccache, ccache2); 230 231 asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2), 232 krb5_cc_get_name(context, ccache2)); 233 esetenv("KRB5CCNAME", cc_name, 1); 234 235 /* we want to export this even if we don't directly support KRB4 */ 236 { 237 #ifndef TKT_ROOT 238 #define TKT_ROOT "/tmp/tkt" 239 #endif 240 int fd; 241 char tkfile[256]; 242 strlcpy(tkfile, TKT_ROOT, sizeof(tkfile)); 243 strlcat(tkfile, "_XXXXXX", sizeof(tkfile)); 244 fd = mkstemp(tkfile); 245 if(fd >= 0) { 246 close(fd); 247 esetenv("KRBTKFILE", tkfile, 1); 248 } 249 } 250 251 #ifdef KRB4 252 /* convert creds? */ 253 if(k_hasafs()) { 254 if (k_setpag() == 0) 255 krb5_afslog(context, ccache2, NULL, NULL); 256 } 257 #endif 258 259 krb5_cc_close(context, ccache2); 260 krb5_cc_destroy(context, ccache); 261 return 0; 262 } 263 #endif 264 265 static int 266 verify_unix(struct passwd *su) 267 { 268 char prompt[128]; 269 char pw_buf[1024]; 270 char *pw; 271 int r; 272 if(su->pw_passwd != NULL && *su->pw_passwd != '\0') { 273 snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name); 274 r = des_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0); 275 if(r != 0) 276 exit(0); 277 pw = crypt(pw_buf, su->pw_passwd); 278 memset(pw_buf, 0, sizeof(pw_buf)); 279 if(strcmp(pw, su->pw_passwd) != 0) 280 return 1; 281 } 282 return 0; 283 } 284 285 int 286 main(int argc, char **argv) 287 { 288 int i, optind = 0; 289 char *su_user; 290 struct passwd *su_info; 291 struct passwd *login_info; 292 293 struct passwd *pwd; 294 295 char *shell; 296 297 int ok = 0; 298 int kerberos_error=1; 299 300 setprogname (argv[0]); 301 302 if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind)) 303 usage(1); 304 305 for (i=0; i < optind; i++) 306 if (strcmp(argv[i], "-") == 0) { 307 full_login = 1; 308 break; 309 } 310 311 if(help_flag) 312 usage(0); 313 if(version_flag) { 314 print_version(NULL); 315 exit(0); 316 } 317 if(optind >= argc) 318 su_user = "root"; 319 else 320 su_user = argv[optind++]; 321 322 pwd = k_getpwnam(su_user); 323 if(pwd == NULL) 324 errx (1, "unknown login %s", su_user); 325 if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) { 326 syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user); 327 errx (1, "unknown login %s", su_user); 328 } 329 su_info = dup_info(pwd); 330 if (su_info == NULL) 331 errx (1, "malloc: out of memory"); 332 333 pwd = getpwuid(getuid()); 334 if(pwd == NULL) 335 errx(1, "who are you?"); 336 login_info = dup_info(pwd); 337 if (login_info == NULL) 338 errx (1, "malloc: out of memory"); 339 if(env_flag) 340 shell = login_info->pw_shell; 341 else 342 shell = su_info->pw_shell; 343 if(shell == NULL || *shell == '\0') 344 shell = _PATH_BSHELL; 345 346 if(kerberos_flag && ok == 0 && 347 (kerberos_error=krb5_verify(login_info, su_info, kerberos_instance)) == 0) 348 ok++; 349 350 if(ok == 0 && login_info->pw_uid && verify_unix(su_info) != 0) { 351 printf("Sorry!\n"); 352 exit(1); 353 } 354 355 #ifdef HAVE_GETSPNAM 356 { struct spwd *sp; 357 long today; 358 359 sp = getspnam(su_info->pw_name); 360 if (sp != NULL) { 361 today = time(0)/(24L * 60 * 60); 362 if (sp->sp_expire > 0) { 363 if (today >= sp->sp_expire) { 364 if (login_info->pw_uid) 365 errx(1,"Your account has expired."); 366 else 367 printf("Your account has expired."); 368 } 369 else if (sp->sp_expire - today < 14) 370 printf("Your account will expire in %d days.\n", 371 (int)(sp->sp_expire - today)); 372 } 373 if (sp->sp_max > 0) { 374 if (today >= sp->sp_lstchg + sp->sp_max) { 375 if (login_info->pw_uid) 376 errx(1,"Your password has expired. Choose a new one."); 377 else 378 printf("Your password has expired. Choose a new one."); 379 } 380 else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn) 381 printf("Your account will expire in %d days.\n", 382 (int)(sp->sp_lstchg + sp->sp_max -today)); 383 } 384 } 385 } 386 #endif 387 { 388 char *tty = ttyname (STDERR_FILENO); 389 syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s" : "%s to %s on %s", 390 login_info->pw_name, su_info->pw_name, tty); 391 } 392 393 394 if(!env_flag) { 395 if(full_login) { 396 char *t = getenv ("TERM"); 397 398 environ = malloc (10 * sizeof (char *)); 399 if (environ == NULL) 400 err (1, "malloc"); 401 environ[0] = NULL; 402 esetenv ("PATH", _PATH_DEFPATH, 1); 403 if (t) 404 esetenv ("TERM", t, 1); 405 if (chdir (su_info->pw_dir) < 0) 406 errx (1, "no directory"); 407 } 408 if (full_login || su_info->pw_uid) 409 esetenv ("USER", su_info->pw_name, 1); 410 esetenv("HOME", su_info->pw_dir, 1); 411 esetenv("SHELL", shell, 1); 412 } 413 414 { 415 int i; 416 char **args; 417 char *p; 418 419 p = strrchr(shell, '/'); 420 if(p) 421 p++; 422 else 423 p = shell; 424 425 if (strcmp(p, "csh") != 0) 426 csh_f_flag = 0; 427 428 args = malloc(((cmd ? 2 : 0) + 1 + argc - optind + 1 + csh_f_flag) * sizeof(*args)); 429 if (args == NULL) 430 err (1, "malloc"); 431 i = 0; 432 if(full_login) 433 asprintf(&args[i++], "-%s", p); 434 else 435 args[i++] = p; 436 if (cmd) { 437 args[i++] = "-c"; 438 args[i++] = cmd; 439 } 440 441 if (csh_f_flag) 442 args[i++] = "-f"; 443 444 for (argv += optind; *argv; ++argv) 445 args[i++] = *argv; 446 args[i] = NULL; 447 448 if(setgid(su_info->pw_gid) < 0) 449 err(1, "setgid"); 450 if (initgroups (su_info->pw_name, su_info->pw_gid) < 0) 451 err (1, "initgroups"); 452 if(setuid(su_info->pw_uid) < 0 453 || (su_info->pw_uid != 0 && setuid(0) == 0)) 454 err(1, "setuid"); 455 456 #ifdef KRB5 457 if (!kerberos_error) 458 krb5_start_session(); 459 #endif 460 execv(shell, args); 461 } 462 463 exit(1); 464 } 465