1if [ ! "$_MUSTBEROOT_SUBR" ]; then _MUSTBEROOT_SUBR=1 2# 3# Copyright (c) 2006-2013 Devin Teske 4# All rights reserved. 5# 6# Redistribution and use in source and binary forms, with or without 7# modification, are permitted provided that the following conditions 8# are met: 9# 1. Redistributions of source code must retain the above copyright 10# notice, this list of conditions and the following disclaimer. 11# 2. Redistributions in binary form must reproduce the above copyright 12# notice, this list of conditions and the following disclaimer in the 13# documentation and/or other materials provided with the distribution. 14# 15# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25# SUCH DAMAGE. 26# 27# $FreeBSD$ 28# 29############################################################ INCLUDES 30 31BSDCFG_SHARE="/usr/share/bsdconfig" 32. $BSDCFG_SHARE/common.subr || exit 1 33f_dprintf "%s: loading includes..." mustberoot.subr 34f_include $BSDCFG_SHARE/dialog.subr 35 36BSDCFG_LIBE="/usr/libexec/bsdconfig" 37f_include_lang $BSDCFG_LIBE/include/messages.subr 38 39############################################################ CONFIGURATION 40# NOTE: These are not able to be overridden/inherited for security purposes. 41 42# 43# Number of tries a user gets to enter his/her password before we log the 44# sudo(8) failure and exit. 45# 46PASSWD_TRIES=3 47 48# 49# While in SECURE mode, should authentication as `root' be allowed? Set to 50# non-NULL to enable authentication as `root', otherwise disabled. 51# 52# WARNING: 53# Unless using a custom sudo(8) configuration, user `root' should not be 54# allowed because no password is required to become `root' when already `root' 55# and therefore, any value entered as password will work. 56# 57SECURE_ALLOW_ROOT= 58 59# 60# While in SECURE mode, should we divulge (through error message) when the 61# requested authentication user does not exist? Set to non-NULL to enable, 62# otherwise a non-existent user is treated like an invalid password. 63# 64SECURE_DIVULGE_UNKNOWN_USER= 65 66############################################################ FUNCTIONS 67 68# f_become_root_via_sudo 69# 70# If not running as root, prompt for sudo(8) credentials to become root. 71# Re-execution of the current program via sudo is automatically handled. 72# 73# The following environment variables effect functionality: 74# 75# USE_XDIALOG Either NULL or Non-NULL. If given a value will indicate 76# that Xdialog(1) should be used instead of dialog(1). 77# 78f_become_root_via_sudo() 79{ 80 local prompt hline height width rows msg 81 82 [ "$( id -u )" = "0" ] && return $SUCCESS 83 84 f_have sudo || f_die 1 "$msg_must_be_root_to_execute" "$pgm" 85 86 # 87 # Ask the user if it's OK to become root via sudo(8) and give them 88 # the option to save this preference (by touch(1)ing a file in the 89 # user's $HOME directory). 90 # 91 local checkpath="${HOME%/}/.bsdconfig_uses_sudo" 92 if [ ! -e "$checkpath" ]; then 93 prompt=$( printf "$msg_you_are_not_root_but" bsdconfig ) 94 msg=$( printf "$msg_always_try_sudo_when_run_as" "$USER" ) 95 local menu_list=" 96 'X' '$msg_cancel_exit' 97 '1' '$msg' 98 '2' '$msg_try_sudo_only_this_once' 99 " # END-QUOTE 100 hline="$hline_arrows_tab_enter" 101 102 eval f_dialog_menu_size height width rows \ 103 \"\$DIALOG_TITLE\" \ 104 \"\$DIALOG_BACKTITLE\" \ 105 \"\$prompt\" \ 106 \"\$hline\" \ 107 $menu_list 108 109 local mtag 110 mtag=$( eval $DIALOG \ 111 --title \"\$DIALOG_TITLE\" \ 112 --backtitle \"\$DIALOG_BACKTITLE\" \ 113 --hline \"\$hline\" \ 114 --ok-label \"\$msg_ok\" \ 115 --cancel-label \"\$msg_cancel\" \ 116 --menu \"\$prompt\" \ 117 $height $width $rows \ 118 $menu_list \ 119 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 120 ) || f_die 121 f_dialog_data_sanitize mtag 122 123 case "$mtag" in 124 X) # Cancel/Exit 125 f_die ;; 126 1) # Always try sudo(8) when run as $user 127 local err 128 if ! err=$( touch "$checkpath" 2>&1 ); then 129 f_dialog_msgbox "$err" 130 else 131 f_show_msg "$msg_created_path" "$checkpath" 132 fi 133 esac 134 else 135 # 136 # This user has created the path signing-off on sudo(8)-use 137 # but let's still give them a short/quick/unobtrusive reminder 138 # 139 f_dialog_info "$msg_becoming_root_via_sudo" 140 [ "$USE_XDIALOG" ] || sleep 0.6 141 fi 142 143 # 144 # Check sudo(8) access before prompting for password. 145 # 146 :| sudo -S -v 2> /dev/null 147 if [ $? -ne $SUCCESS ]; then 148 # 149 # sudo(8) access denied. Prompt for their password. 150 # 151 prompt="$msg_please_enter_password" 152 hline="$hline_alnum_punc_tab_enter" 153 f_dialog_inputbox_size height width \ 154 "$DIALOG_TITLE" \ 155 "$DIALOG_BACKTITLE" \ 156 "$prompt" \ 157 "$hline" 158 159 # 160 # Continue prompting until they either Cancel, succeed 161 # or exceed the number of allowed failures. 162 # 163 local password nfailures=0 retval 164 while [ $nfailures -lt $PASSWD_TRIES ]; do 165 if [ "$USE_XDIALOG" ]; then 166 password=$( $DIALOG \ 167 --title "$DIALOG_TITLE" \ 168 --backtitle "$DIALOG_BACKTITLE" \ 169 --hline "$hline" \ 170 --ok-label "$msg_ok" \ 171 --cancel-label "$msg_cancel" \ 172 --password --inputbox "$prompt" \ 173 $height $width \ 174 2>&1 > /dev/null 175 ) 176 retval=$? 177 178 # Catch X11-related errors 179 if [ $retval -eq 255 ]; then 180 f_die $retval "$password" 181 elif [ $retval -ne 0 ]; then 182 # User cancelled 183 exit $retval 184 fi 185 else 186 password=$( $DIALOG \ 187 --title "$DIALOG_TITLE" \ 188 --backtitle "$DIALOG_BACKTITLE" \ 189 --hline "$hline" \ 190 --ok-label "$msg_ok" \ 191 --cancel-label "$msg_cancel" \ 192 --insecure \ 193 --passwordbox "$prompt" \ 194 $height $width \ 195 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 196 ) || exit $? 197 fi 198 debug= f_dialog_line_sanitize password 199 200 # 201 # Validate sudo(8) credentials 202 # 203 sudo -S -v 2> /dev/null <<-EOF 204 $password 205 EOF 206 retval=$? 207 unset password # scrub memory 208 if [ $retval -eq $SUCCESS ]; then 209 # Access granted... 210 break 211 else 212 # Access denied... 213 nfailures=$(( $nfailures + 1 )) 214 215 # introduce a short delay 216 if [ $nfailures -lt $PASSWD_TRIES ]; then 217 f_dialog_info "$msg_sorry_try_again" 218 sleep 1 219 fi 220 fi 221 done 222 223 # 224 # If user exhausted number of allowed password tries, log 225 # the security event and exit immediately. 226 # 227 if [ $nfailures -ge $PASSWD_TRIES ]; then 228 msg=$( printf "$msg_nfailed_attempts" "$nfailures" ) 229 logger -p auth.notice -t sudo " " \ 230 "$USER : $msg" \ 231 "; TTY=$(tty)" \ 232 "; PWD=$PWD" \ 233 "; USER=root" \ 234 "; COMMAND=$0" 235 f_die 1 "sudo: $msg" 236 fi 237 fi 238 239 # Use xauth(1) to grant root the ability to use this X11/SSH session 240 if [ "$USE_XDIALOG" -a "$SSH_CONNECTION" -a "$DISPLAY" ]; then 241 f_have xauth || f_die 1 \ 242 "$msg_no_such_file_or_directory" "$pgm" "xauth" 243 local HOSTNAME displaynum 244 HOSTNAME=$(hostname) 245 displaynum="${DISPLAY#*:}" 246 xauth -f ~/.Xauthority extract - $HOSTNAME/unix:$displaynum \ 247 $HOSTNAME:$displaynum | sudo sh -c 'xauth -ivf \ 248 ~root/.Xauthority merge - > /dev/null 2>&1' 249 fi 250 251 # Re-execute ourselves with sudo(8) 252 f_dprintf "%s: Becoming root via sudo(8)..." mustberoot.subr 253 if [ $ARGC -gt 0 ]; then 254 exec sudo "$0" $ARGV 255 else 256 exec sudo "$0" 257 fi 258 exit $? # Never reached unless error 259} 260 261# f_authenticate_some_user 262# 263# Only used if running as root and requires X11 (see USE_XDIALOG below). 264# Prompts the user to enter a username and password to be authenticated via 265# sudo(8) to proceed. 266# 267# The following environment variables effect functionality: 268# 269# USE_XDIALOG Either NULL or Non-NULL. If given a value will indicate 270# that Xdialog(1) should be used instead of dialog(1). 271# 272f_authenticate_some_user() 273{ 274 local msg hline height width 275 276 f_have sudo || f_die 1 "$msg_must_be_root_to_execute" "$pgm" 277 278 # 279 # Secure-mode has been requested. 280 # 281 282 [ "$USE_XDIALOG" ] || f_die 1 "$msg_secure_mode_requires_x11" 283 [ "$(id -u)" = "0" ] || f_die 1 "$msg_secure_mode_requires_root" 284 285 # 286 # Prompt for sudo(8) credentials. 287 # 288 289 msg="$msg_please_enter_username_password" 290 hline="$hline_alnum_punc_tab_enter" 291 f_xdialog_2inputsbox_size height width \ 292 "$DIALOG_TITLE" \ 293 "$DIALOG_BACKTITLE" \ 294 "$msg" \ 295 "$field_username" "" \ 296 "$field_password" "" 297 height=$(( $height + 2 )) # Add height for --password 298 299 # 300 # Continue prompting until they either Cancel, succeed or exceed the 301 # number of allowed failures. 302 # 303 local user_pass nfailures=0 retval 304 while [ $nfailures -lt $PASSWD_TRIES ]; do 305 user_pass=$( $DIALOG \ 306 --title "$DIALOG_TITLE" \ 307 --backtitle "$DIALOG_BACKTITLE" \ 308 --hline "$hline" \ 309 --ok-label "$msg_ok" \ 310 --cancel-label "$msg_cancel" \ 311 --password --2inputsbox "$msg" \ 312 $height $width \ 313 "$field_username" "" \ 314 "$field_password" "" \ 315 2>&1 > /dev/null ) 316 retval=$? 317 318 # Catch X11-related errors 319 [ $retval -eq 255 ] && f_die $retval "$user_pass" 320 321 # Exit if the user cancelled. 322 [ $retval -eq $SUCCESS ] || exit $retval 323 324 # 325 # Make sure the user exists and is non-root 326 # 327 local user password 328 user="${user_pass%%/*}" 329 password="${user_pass#*/}" 330 unset user_pass # scrub memory 331 if [ ! "$user" ]; then 332 nfailures=$(( $nfailures + 1 )) 333 f_show_msg "$msg_no_username" 334 continue 335 fi 336 if [ ! "$SECURE_ALLOW_ROOT" ]; then 337 case "$user" in 338 root|toor) 339 nfailures=$(( $nfailures + 1 )) 340 f_show_msg "$msg_user_disallowed" "$user" 341 continue 342 esac 343 fi 344 if ! f_quietly id "$user"; then 345 nfailures=$(( $nfailures + 1 )) 346 if [ "$SECURE_DIVULGE_UNKNOWN_USER" ]; then 347 f_show_msg "$msg_unknown_user" "$user" 348 elif [ $nfailures -lt $PASSWD_TRIES ]; then 349 f_dialog_info "$msg_sorry_try_again" 350 sleep 1 351 fi 352 continue 353 fi 354 355 # 356 # Validate sudo(8) credentials for given user 357 # 358 su -m "$user" <<-EOF 359 sh <<EOS 360 sudo -k 361 sudo -S -v 2> /dev/null <<EOP 362 $password 363 EOP 364 EOS 365 EOF 366 retval=$? 367 unset user 368 unset password # scrub memory 369 370 if [ $retval -eq $SUCCESS ]; then 371 # Access granted... 372 break 373 else 374 # Access denied... 375 nfailures=$(( $nfailures + 1 )) 376 377 # introduce a short delay 378 if [ $nfailures -lt $PASSWD_TRIES ]; then 379 f_dialog_info "$msg_sorry_try_again" 380 sleep 1 381 fi 382 fi 383 done 384 385 # 386 # If user exhausted number of allowed password tries, log 387 # the security event and exit immediately. 388 # 389 if [ $nfailures -ge $PASSWD_TRIES ]; then 390 msg=$( printf "$msg_nfailed_attempts" "$nfailures" ) 391 logger -p auth.notice -t sudo " " \ 392 "${SUDO_USER:-$USER} : $msg" \ 393 "; TTY=$(tty)" \ 394 "; PWD=$PWD" \ 395 "; USER=root" \ 396 "; COMMAND=$0" 397 f_die 1 "sudo: $message" 398 fi 399} 400 401# f_mustberoot_init 402# 403# If not already root, make the switch to root by re-executing ourselves via 404# sudo(8) using user-supplied credentials. 405# 406# The following environment variables effect functionality: 407# 408# SECURE Either NULL or Non-NULL. If given a value will indicate 409# that (while running as root) sudo(8) authentication is 410# required to proceed. 411# 412f_mustberoot_init() 413{ 414 if [ "$(id -u)" != "0" -a ! "$SECURE" ]; then 415 f_become_root_via_sudo 416 elif [ "$SECURE" ]; then 417 f_authenticate_some_user 418 fi 419} 420 421############################################################ MAIN 422 423f_dprintf "%s: Successfully loaded." mustberoot.subr 424 425fi # ! $_MUSTBEROOT_SUBR 426