17c478bd9Sstevel@tonic-gate /* 27c478bd9Sstevel@tonic-gate * CDDL HEADER START 37c478bd9Sstevel@tonic-gate * 47c478bd9Sstevel@tonic-gate * The contents of this file are subject to the terms of the 5*09295472Sgww * Common Development and Distribution License (the "License"). 6*09295472Sgww * You may not use this file except in compliance with the License. 77c478bd9Sstevel@tonic-gate * 87c478bd9Sstevel@tonic-gate * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 97c478bd9Sstevel@tonic-gate * or http://www.opensolaris.org/os/licensing. 107c478bd9Sstevel@tonic-gate * See the License for the specific language governing permissions 117c478bd9Sstevel@tonic-gate * and limitations under the License. 127c478bd9Sstevel@tonic-gate * 137c478bd9Sstevel@tonic-gate * When distributing Covered Code, include this CDDL HEADER in each 147c478bd9Sstevel@tonic-gate * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 157c478bd9Sstevel@tonic-gate * If applicable, add the following below this CDDL HEADER, with the 167c478bd9Sstevel@tonic-gate * fields enclosed by brackets "[]" replaced with your own identifying 177c478bd9Sstevel@tonic-gate * information: Portions Copyright [yyyy] [name of copyright owner] 187c478bd9Sstevel@tonic-gate * 197c478bd9Sstevel@tonic-gate * CDDL HEADER END 207c478bd9Sstevel@tonic-gate */ 217c478bd9Sstevel@tonic-gate /* 22f00e6aa6Sdarrenm * Copyright 2006 Sun Microsystems, Inc. All rights reserved. 237c478bd9Sstevel@tonic-gate * Use is subject to license terms. 247c478bd9Sstevel@tonic-gate */ 257c478bd9Sstevel@tonic-gate 267c478bd9Sstevel@tonic-gate /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */ 277c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 287c478bd9Sstevel@tonic-gate 297c478bd9Sstevel@tonic-gate /* Copyright (c) 1987, 1988 Microsoft Corporation */ 307c478bd9Sstevel@tonic-gate /* All Rights Reserved */ 317c478bd9Sstevel@tonic-gate 327c478bd9Sstevel@tonic-gate #pragma ident "%Z%%M% %I% %E% SMI" 337c478bd9Sstevel@tonic-gate 347c478bd9Sstevel@tonic-gate /* 357c478bd9Sstevel@tonic-gate * su [-] [name [arg ...]] change userid, `-' changes environment. 367c478bd9Sstevel@tonic-gate * If SULOG is defined, all attempts to su to another user are 377c478bd9Sstevel@tonic-gate * logged there. 387c478bd9Sstevel@tonic-gate * If CONSOLE is defined, all successful attempts to su to uid 0 397c478bd9Sstevel@tonic-gate * are also logged there. 407c478bd9Sstevel@tonic-gate * 417c478bd9Sstevel@tonic-gate * If su cannot create, open, or write entries into SULOG, 427c478bd9Sstevel@tonic-gate * (or on the CONSOLE, if defined), the entry will not 437c478bd9Sstevel@tonic-gate * be logged -- thus losing a record of the su's attempted 447c478bd9Sstevel@tonic-gate * during this period. 457c478bd9Sstevel@tonic-gate */ 467c478bd9Sstevel@tonic-gate 477c478bd9Sstevel@tonic-gate #include <stdio.h> 487c478bd9Sstevel@tonic-gate #include <sys/types.h> 497c478bd9Sstevel@tonic-gate #include <sys/stat.h> 507c478bd9Sstevel@tonic-gate #include <sys/param.h> 517c478bd9Sstevel@tonic-gate #include <unistd.h> 527c478bd9Sstevel@tonic-gate #include <stdlib.h> 537c478bd9Sstevel@tonic-gate #include <crypt.h> 547c478bd9Sstevel@tonic-gate #include <pwd.h> 557c478bd9Sstevel@tonic-gate #include <shadow.h> 567c478bd9Sstevel@tonic-gate #include <time.h> 577c478bd9Sstevel@tonic-gate #include <signal.h> 587c478bd9Sstevel@tonic-gate #include <fcntl.h> 597c478bd9Sstevel@tonic-gate #include <string.h> 607c478bd9Sstevel@tonic-gate #include <locale.h> 617c478bd9Sstevel@tonic-gate #include <syslog.h> 627c478bd9Sstevel@tonic-gate #include <sys/utsname.h> 63*09295472Sgww #include <sys/wait.h> 647c478bd9Sstevel@tonic-gate #include <grp.h> 657c478bd9Sstevel@tonic-gate #include <deflt.h> 667c478bd9Sstevel@tonic-gate #include <limits.h> 677c478bd9Sstevel@tonic-gate #include <errno.h> 687c478bd9Sstevel@tonic-gate #include <stdarg.h> 69*09295472Sgww #include <user_attr.h> 70*09295472Sgww #include <priv.h> 717c478bd9Sstevel@tonic-gate 725435d801Sgww #include <bsm/adt.h> 735435d801Sgww #include <bsm/adt_event.h> 745435d801Sgww 757c478bd9Sstevel@tonic-gate #include <security/pam_appl.h> 767c478bd9Sstevel@tonic-gate 777c478bd9Sstevel@tonic-gate #define PATH "/usr/bin:" /* path for users other than root */ 787c478bd9Sstevel@tonic-gate #define SUPATH "/usr/sbin:/usr/bin" /* path for root */ 797c478bd9Sstevel@tonic-gate #define SUPRMT "PS1=# " /* primary prompt for root */ 807c478bd9Sstevel@tonic-gate #define ELIM 128 817c478bd9Sstevel@tonic-gate #define ROOT 0 827c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 837c478bd9Sstevel@tonic-gate #define EMBEDDED_NAME "embedded_su" 845435d801Sgww #define DEF_ATTEMPTS 3 /* attempts to change password */ 857c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 867c478bd9Sstevel@tonic-gate 875435d801Sgww #define PW_FALSE 1 /* no password change */ 885435d801Sgww #define PW_TRUE 2 /* successful password change */ 895435d801Sgww #define PW_FAILED 3 /* failed password change */ 905435d801Sgww 917c478bd9Sstevel@tonic-gate /* 927c478bd9Sstevel@tonic-gate * Intervals to sleep after failed su 937c478bd9Sstevel@tonic-gate */ 947c478bd9Sstevel@tonic-gate #ifndef SLEEPTIME 957c478bd9Sstevel@tonic-gate #define SLEEPTIME 4 967c478bd9Sstevel@tonic-gate #endif 977c478bd9Sstevel@tonic-gate 987c478bd9Sstevel@tonic-gate #define DEFAULT_LOGIN "/etc/default/login" 997c478bd9Sstevel@tonic-gate #define DEFFILE "/etc/default/su" 1007c478bd9Sstevel@tonic-gate 1017c478bd9Sstevel@tonic-gate 1027c478bd9Sstevel@tonic-gate char *Sulog, *Console; 1037c478bd9Sstevel@tonic-gate char *Path, *Supath; 1047c478bd9Sstevel@tonic-gate 1057c478bd9Sstevel@tonic-gate /* 1067c478bd9Sstevel@tonic-gate * Locale variables to be propagated to "su -" environment 1077c478bd9Sstevel@tonic-gate */ 1087c478bd9Sstevel@tonic-gate static char *initvar; 1097c478bd9Sstevel@tonic-gate static char *initenv[] = { 1107c478bd9Sstevel@tonic-gate "TZ", "LANG", "LC_CTYPE", 1117c478bd9Sstevel@tonic-gate "LC_NUMERIC", "LC_TIME", "LC_COLLATE", 1127c478bd9Sstevel@tonic-gate "LC_MONETARY", "LC_MESSAGES", "LC_ALL", 0}; 1137c478bd9Sstevel@tonic-gate static char mail[30] = { "MAIL=/var/mail/" }; 1147c478bd9Sstevel@tonic-gate 1157c478bd9Sstevel@tonic-gate static void envalt(void); 1165435d801Sgww static void log(char *, char *, int); 1175435d801Sgww static void to(int); 1187c478bd9Sstevel@tonic-gate 1197c478bd9Sstevel@tonic-gate enum messagemode { USAGE, ERR, WARN }; 1205435d801Sgww static void message(enum messagemode, char *, ...); 1217c478bd9Sstevel@tonic-gate 1225435d801Sgww static char *alloc_vsprintf(const char *, va_list); 1235435d801Sgww static char *tail(char *); 1247c478bd9Sstevel@tonic-gate 1255435d801Sgww static void audit_success(int, struct passwd *); 126*09295472Sgww static void audit_logout(adt_session_data_t *, au_event_t); 127*09295472Sgww static void audit_failure(int, struct passwd *, char *, int); 1287c478bd9Sstevel@tonic-gate 1297c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 1305435d801Sgww static void validate(char *, int *); 1315435d801Sgww static int legalenvvar(char *); 1327c478bd9Sstevel@tonic-gate static int su_conv(int, struct pam_message **, struct pam_response **, void *); 1337c478bd9Sstevel@tonic-gate static int emb_su_conv(int, struct pam_message **, struct pam_response **, 1347c478bd9Sstevel@tonic-gate void *); 1355435d801Sgww static void freeresponse(int, struct pam_response **response); 1367c478bd9Sstevel@tonic-gate static struct pam_conv pam_conv = {su_conv, NULL}; 1377c478bd9Sstevel@tonic-gate static struct pam_conv emb_pam_conv = {emb_su_conv, NULL}; 1385435d801Sgww static void quotemsg(char *, ...); 1397c478bd9Sstevel@tonic-gate static void readinitblock(void); 1405435d801Sgww #else /* !DYNAMIC_SU */ 1415435d801Sgww static void update_audit(struct passwd *pwd); 1427c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 1437c478bd9Sstevel@tonic-gate 1445435d801Sgww static pam_handle_t *pamh = NULL; /* Authentication handle */ 1457c478bd9Sstevel@tonic-gate struct passwd pwd; 1467c478bd9Sstevel@tonic-gate char pwdbuf[1024]; /* buffer for getpwnam_r() */ 1477c478bd9Sstevel@tonic-gate char shell[] = "/usr/bin/sh"; /* default shell */ 1487c478bd9Sstevel@tonic-gate char safe_shell[] = "/sbin/sh"; /* "fallback" shell */ 1497c478bd9Sstevel@tonic-gate char su[PATH_MAX] = "su"; /* arg0 for exec of shprog */ 1507c478bd9Sstevel@tonic-gate char homedir[PATH_MAX] = "HOME="; 1517c478bd9Sstevel@tonic-gate char logname[20] = "LOGNAME="; 1527c478bd9Sstevel@tonic-gate char *suprmt = SUPRMT; 1537c478bd9Sstevel@tonic-gate char termtyp[PATH_MAX] = "TERM="; 1547c478bd9Sstevel@tonic-gate char *term; 1557c478bd9Sstevel@tonic-gate char shelltyp[PATH_MAX] = "SHELL="; 1567c478bd9Sstevel@tonic-gate char *hz; 1577c478bd9Sstevel@tonic-gate char tznam[PATH_MAX]; 1587c478bd9Sstevel@tonic-gate char hzname[10] = "HZ="; 1597c478bd9Sstevel@tonic-gate char path[PATH_MAX] = "PATH="; 1607c478bd9Sstevel@tonic-gate char supath[PATH_MAX] = "PATH="; 1617c478bd9Sstevel@tonic-gate char *envinit[ELIM]; 1627c478bd9Sstevel@tonic-gate extern char **environ; 1637c478bd9Sstevel@tonic-gate char *ttyn; 1647c478bd9Sstevel@tonic-gate char *username; /* the invoker */ 1657c478bd9Sstevel@tonic-gate static int dosyslog = 0; /* use syslog? */ 1667c478bd9Sstevel@tonic-gate char *myname; 1677c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 1685435d801Sgww int passreq = 0; 1697c478bd9Sstevel@tonic-gate boolean_t embedded = B_FALSE; 1707c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 1717c478bd9Sstevel@tonic-gate 1727c478bd9Sstevel@tonic-gate int 1737c478bd9Sstevel@tonic-gate main(int argc, char **argv) 1747c478bd9Sstevel@tonic-gate { 1757c478bd9Sstevel@tonic-gate #ifndef DYNAMIC_SU 1767c478bd9Sstevel@tonic-gate struct spwd sp; 1777c478bd9Sstevel@tonic-gate char spbuf[1024]; /* buffer for getspnam_r() */ 1787c478bd9Sstevel@tonic-gate char *password; 1795435d801Sgww #endif /* !DYNAMIC_SU */ 1807c478bd9Sstevel@tonic-gate char *nptr; 1817c478bd9Sstevel@tonic-gate char *pshell; 1827c478bd9Sstevel@tonic-gate int eflag = 0; 1837c478bd9Sstevel@tonic-gate int envidx = 0; 1847c478bd9Sstevel@tonic-gate uid_t uid; 1857c478bd9Sstevel@tonic-gate gid_t gid; 1867c478bd9Sstevel@tonic-gate char *dir, *shprog, *name; 1877c478bd9Sstevel@tonic-gate char *ptr; 1887c478bd9Sstevel@tonic-gate char *prog = argv[0]; 1897c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 1907c478bd9Sstevel@tonic-gate int sleeptime = SLEEPTIME; 1917c478bd9Sstevel@tonic-gate char **pam_env = 0; 1927c478bd9Sstevel@tonic-gate int flags = 0; 1937c478bd9Sstevel@tonic-gate int retcode; 1947c478bd9Sstevel@tonic-gate int idx = 0; 1957c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 1965435d801Sgww int pw_change = PW_FALSE; 1977c478bd9Sstevel@tonic-gate 1987c478bd9Sstevel@tonic-gate (void) setlocale(LC_ALL, ""); 1997c478bd9Sstevel@tonic-gate #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */ 2007c478bd9Sstevel@tonic-gate #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it wasn't */ 2017c478bd9Sstevel@tonic-gate #endif 2027c478bd9Sstevel@tonic-gate (void) textdomain(TEXT_DOMAIN); 2037c478bd9Sstevel@tonic-gate 2047c478bd9Sstevel@tonic-gate myname = tail(argv[0]); 2057c478bd9Sstevel@tonic-gate 2065435d801Sgww #ifdef DYNAMIC_SU 2077c478bd9Sstevel@tonic-gate if (strcmp(myname, EMBEDDED_NAME) == 0) { 2087c478bd9Sstevel@tonic-gate embedded = B_TRUE; 2097c478bd9Sstevel@tonic-gate setbuf(stdin, NULL); 2107c478bd9Sstevel@tonic-gate setbuf(stdout, NULL); 2117c478bd9Sstevel@tonic-gate readinitblock(); 2127c478bd9Sstevel@tonic-gate } 2135435d801Sgww #endif /* DYNAMIC_SU */ 2147c478bd9Sstevel@tonic-gate 2157c478bd9Sstevel@tonic-gate if (argc > 1 && *argv[1] == '-') { 2167c478bd9Sstevel@tonic-gate /* Explicitly check for just `-' (no trailing chars) */ 2177c478bd9Sstevel@tonic-gate if (strlen(argv[1]) == 1) { 2187c478bd9Sstevel@tonic-gate eflag++; /* set eflag if `-' is specified */ 2197c478bd9Sstevel@tonic-gate argv++; 2207c478bd9Sstevel@tonic-gate argc--; 2217c478bd9Sstevel@tonic-gate } else { 2227c478bd9Sstevel@tonic-gate message(USAGE, 2237c478bd9Sstevel@tonic-gate gettext("Usage: %s [-] [ username [ arg ... ] ]"), 2247c478bd9Sstevel@tonic-gate prog); 2257c478bd9Sstevel@tonic-gate exit(1); 2267c478bd9Sstevel@tonic-gate } 2277c478bd9Sstevel@tonic-gate } 2287c478bd9Sstevel@tonic-gate 2297c478bd9Sstevel@tonic-gate /* 2307c478bd9Sstevel@tonic-gate * Determine specified userid, get their password file entry, 2317c478bd9Sstevel@tonic-gate * and set variables to values in password file entry fields. 2327c478bd9Sstevel@tonic-gate */ 2337c478bd9Sstevel@tonic-gate if (argc > 1) { 2347c478bd9Sstevel@tonic-gate /* 2357c478bd9Sstevel@tonic-gate * Usernames can't start with a `-', so we check for that to 2367c478bd9Sstevel@tonic-gate * catch bad usage (like "su - -c ls"). 2377c478bd9Sstevel@tonic-gate */ 2387c478bd9Sstevel@tonic-gate if (*argv[1] == '-') { 2397c478bd9Sstevel@tonic-gate message(USAGE, 2407c478bd9Sstevel@tonic-gate gettext("Usage: %s [-] [ username [ arg ... ] ]"), 2417c478bd9Sstevel@tonic-gate prog); 2427c478bd9Sstevel@tonic-gate exit(1); 2437c478bd9Sstevel@tonic-gate } else 2447c478bd9Sstevel@tonic-gate nptr = argv[1]; /* use valid command-line username */ 2457c478bd9Sstevel@tonic-gate } else 2467c478bd9Sstevel@tonic-gate nptr = "root"; /* use default "root" username */ 2477c478bd9Sstevel@tonic-gate 2487c478bd9Sstevel@tonic-gate if (defopen(DEFFILE) == 0) { 2497c478bd9Sstevel@tonic-gate 2507c478bd9Sstevel@tonic-gate if (Sulog = defread("SULOG=")) 2517c478bd9Sstevel@tonic-gate Sulog = strdup(Sulog); 2527c478bd9Sstevel@tonic-gate if (Console = defread("CONSOLE=")) 2537c478bd9Sstevel@tonic-gate Console = strdup(Console); 2547c478bd9Sstevel@tonic-gate if (Path = defread("PATH=")) 2557c478bd9Sstevel@tonic-gate Path = strdup(Path); 2567c478bd9Sstevel@tonic-gate if (Supath = defread("SUPATH=")) 2577c478bd9Sstevel@tonic-gate Supath = strdup(Supath); 2587c478bd9Sstevel@tonic-gate if ((ptr = defread("SYSLOG=")) != NULL) 2597c478bd9Sstevel@tonic-gate dosyslog = strcmp(ptr, "YES") == 0; 2607c478bd9Sstevel@tonic-gate 2617c478bd9Sstevel@tonic-gate (void) defopen(NULL); 2627c478bd9Sstevel@tonic-gate } 2637c478bd9Sstevel@tonic-gate (void) strlcat(path, (Path) ? Path : PATH, sizeof (path)); 2647c478bd9Sstevel@tonic-gate (void) strlcat(supath, (Supath) ? Supath : SUPATH, sizeof (supath)); 2657c478bd9Sstevel@tonic-gate 2667c478bd9Sstevel@tonic-gate if ((ttyn = ttyname(0)) == NULL) 2677c478bd9Sstevel@tonic-gate if ((ttyn = ttyname(1)) == NULL) 2687c478bd9Sstevel@tonic-gate if ((ttyn = ttyname(2)) == NULL) 2697c478bd9Sstevel@tonic-gate ttyn = "/dev/???"; 2707c478bd9Sstevel@tonic-gate if ((username = cuserid(NULL)) == NULL) 2717c478bd9Sstevel@tonic-gate username = "(null)"; 2727c478bd9Sstevel@tonic-gate 2737c478bd9Sstevel@tonic-gate /* 2747c478bd9Sstevel@tonic-gate * if Sulog defined, create SULOG, if it does not exist, with 2757c478bd9Sstevel@tonic-gate * mode read/write user. Change owner and group to root 2767c478bd9Sstevel@tonic-gate */ 2777c478bd9Sstevel@tonic-gate if (Sulog != NULL) { 2787c478bd9Sstevel@tonic-gate (void) close(open(Sulog, O_WRONLY | O_APPEND | O_CREAT, 2797c478bd9Sstevel@tonic-gate (S_IRUSR|S_IWUSR))); 2807c478bd9Sstevel@tonic-gate (void) chown(Sulog, (uid_t)ROOT, (gid_t)ROOT); 2817c478bd9Sstevel@tonic-gate } 2827c478bd9Sstevel@tonic-gate 2837c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 2847c478bd9Sstevel@tonic-gate if (pam_start(embedded ? EMBEDDED_NAME : "su", nptr, 2857c478bd9Sstevel@tonic-gate embedded ? &emb_pam_conv : &pam_conv, &pamh) != PAM_SUCCESS) 2867c478bd9Sstevel@tonic-gate exit(1); 2877c478bd9Sstevel@tonic-gate if (pam_set_item(pamh, PAM_TTY, ttyn) != PAM_SUCCESS) 2887c478bd9Sstevel@tonic-gate exit(1); 2897c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 2907c478bd9Sstevel@tonic-gate 2917c478bd9Sstevel@tonic-gate openlog("su", LOG_CONS, LOG_AUTH); 2927c478bd9Sstevel@tonic-gate 2937c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 2947c478bd9Sstevel@tonic-gate 2957c478bd9Sstevel@tonic-gate /* 2965435d801Sgww * Use the same value of sleeptime and password required that 2975435d801Sgww * login(1) uses. 2985435d801Sgww * This is obtained by reading the file /etc/default/login 2995435d801Sgww * using the def*() functions 3005435d801Sgww */ 3015435d801Sgww if (defopen(DEFAULT_LOGIN) == 0) { 3025435d801Sgww if ((ptr = defread("SLEEPTIME=")) != NULL) { 3035435d801Sgww sleeptime = atoi(ptr); 3045435d801Sgww if (sleeptime < 0 || sleeptime > 5) 3055435d801Sgww sleeptime = SLEEPTIME; 3065435d801Sgww } 3075435d801Sgww 3085435d801Sgww if ((ptr = defread("PASSREQ=")) != NULL && 3095435d801Sgww strcasecmp("YES", ptr) == 0) 3105435d801Sgww passreq = 1; 3115435d801Sgww 3125435d801Sgww (void) defopen((char *)NULL); 3135435d801Sgww } 3145435d801Sgww /* 3157c478bd9Sstevel@tonic-gate * Ignore SIGQUIT and SIGINT 3167c478bd9Sstevel@tonic-gate */ 3177c478bd9Sstevel@tonic-gate (void) signal(SIGQUIT, SIG_IGN); 3187c478bd9Sstevel@tonic-gate (void) signal(SIGINT, SIG_IGN); 3197c478bd9Sstevel@tonic-gate 3207c478bd9Sstevel@tonic-gate /* call pam_authenticate() to authenticate the user through PAM */ 3217c478bd9Sstevel@tonic-gate if (getpwnam_r(nptr, &pwd, pwdbuf, sizeof (pwdbuf)) == NULL) 3227c478bd9Sstevel@tonic-gate retcode = PAM_USER_UNKNOWN; 3237c478bd9Sstevel@tonic-gate else if ((flags = (getuid() != (uid_t)ROOT)) != 0) { 3247c478bd9Sstevel@tonic-gate retcode = pam_authenticate(pamh, 0); 3257c478bd9Sstevel@tonic-gate } else /* root user does not need to authenticate */ 3267c478bd9Sstevel@tonic-gate retcode = PAM_SUCCESS; 3277c478bd9Sstevel@tonic-gate 3287c478bd9Sstevel@tonic-gate if (retcode != PAM_SUCCESS) { 3297c478bd9Sstevel@tonic-gate /* 3305435d801Sgww * 1st step: audit and log the error. 3317c478bd9Sstevel@tonic-gate * 2nd step: sleep. 3327c478bd9Sstevel@tonic-gate * 3rd step: print out message to user. 3337c478bd9Sstevel@tonic-gate */ 334*09295472Sgww /* don't let audit_failure distinguish a role here */ 335*09295472Sgww audit_failure(PW_FALSE, NULL, nptr, retcode); 3367c478bd9Sstevel@tonic-gate switch (retcode) { 3377c478bd9Sstevel@tonic-gate case PAM_USER_UNKNOWN: 3387c478bd9Sstevel@tonic-gate closelog(); 3397c478bd9Sstevel@tonic-gate (void) sleep(sleeptime); 3407c478bd9Sstevel@tonic-gate message(ERR, gettext("Unknown id: %s"), nptr); 3417c478bd9Sstevel@tonic-gate break; 3427c478bd9Sstevel@tonic-gate 3437c478bd9Sstevel@tonic-gate case PAM_AUTH_ERR: 3447c478bd9Sstevel@tonic-gate if (Sulog != NULL) 3457c478bd9Sstevel@tonic-gate log(Sulog, nptr, 0); /* log entry */ 3467c478bd9Sstevel@tonic-gate if (dosyslog) 3477c478bd9Sstevel@tonic-gate syslog(LOG_CRIT, "'su %s' failed for %s on %s", 3487c478bd9Sstevel@tonic-gate pwd.pw_name, username, ttyn); 3497c478bd9Sstevel@tonic-gate closelog(); 3507c478bd9Sstevel@tonic-gate (void) sleep(sleeptime); 3517c478bd9Sstevel@tonic-gate message(ERR, gettext("Sorry")); 3527c478bd9Sstevel@tonic-gate break; 3537c478bd9Sstevel@tonic-gate 3547c478bd9Sstevel@tonic-gate case PAM_CONV_ERR: 3557c478bd9Sstevel@tonic-gate default: 3567c478bd9Sstevel@tonic-gate if (dosyslog) 3577c478bd9Sstevel@tonic-gate syslog(LOG_CRIT, "'su %s' failed for %s on %s", 3587c478bd9Sstevel@tonic-gate pwd.pw_name, username, ttyn); 3597c478bd9Sstevel@tonic-gate closelog(); 3607c478bd9Sstevel@tonic-gate (void) sleep(sleeptime); 3617c478bd9Sstevel@tonic-gate message(ERR, gettext("Sorry")); 3627c478bd9Sstevel@tonic-gate break; 3637c478bd9Sstevel@tonic-gate } 3647c478bd9Sstevel@tonic-gate 3657c478bd9Sstevel@tonic-gate (void) signal(SIGQUIT, SIG_DFL); 3667c478bd9Sstevel@tonic-gate (void) signal(SIGINT, SIG_DFL); 3677c478bd9Sstevel@tonic-gate exit(1); 3687c478bd9Sstevel@tonic-gate } 3697c478bd9Sstevel@tonic-gate if (flags) 3705435d801Sgww validate(username, &pw_change); 3717c478bd9Sstevel@tonic-gate if (pam_setcred(pamh, PAM_REINITIALIZE_CRED) != PAM_SUCCESS) { 3727c478bd9Sstevel@tonic-gate message(ERR, gettext("unable to set credentials")); 3737c478bd9Sstevel@tonic-gate exit(2); 3747c478bd9Sstevel@tonic-gate } 3757c478bd9Sstevel@tonic-gate if (dosyslog) 3767c478bd9Sstevel@tonic-gate syslog(getuid() == 0 ? LOG_INFO : LOG_NOTICE, 3777c478bd9Sstevel@tonic-gate "'su %s' succeeded for %s on %s", 3787c478bd9Sstevel@tonic-gate pwd.pw_name, username, ttyn); 3797c478bd9Sstevel@tonic-gate closelog(); 3807c478bd9Sstevel@tonic-gate (void) signal(SIGQUIT, SIG_DFL); 3817c478bd9Sstevel@tonic-gate (void) signal(SIGINT, SIG_DFL); 3825435d801Sgww #else /* !DYNAMIC_SU */ 3837c478bd9Sstevel@tonic-gate if ((getpwnam_r(nptr, &pwd, pwdbuf, sizeof (pwdbuf)) == NULL) || 3847c478bd9Sstevel@tonic-gate (getspnam_r(nptr, &sp, spbuf, sizeof (spbuf)) == NULL)) { 3857c478bd9Sstevel@tonic-gate message(ERR, gettext("Unknown id: %s"), nptr); 386*09295472Sgww audit_failure(PW_FALSE, NULL, nptr, PAM_USER_UNKNOWN); 3877c478bd9Sstevel@tonic-gate closelog(); 3887c478bd9Sstevel@tonic-gate exit(1); 3897c478bd9Sstevel@tonic-gate } 3907c478bd9Sstevel@tonic-gate 3917c478bd9Sstevel@tonic-gate /* 3927c478bd9Sstevel@tonic-gate * Prompt for password if invoking user is not root or 3937c478bd9Sstevel@tonic-gate * if specified(new) user requires a password 3947c478bd9Sstevel@tonic-gate */ 3957c478bd9Sstevel@tonic-gate if (sp.sp_pwdp[0] == '\0' || getuid() == (uid_t)ROOT) 3967c478bd9Sstevel@tonic-gate goto ok; 3977c478bd9Sstevel@tonic-gate password = getpass(gettext("Password:")); 3987c478bd9Sstevel@tonic-gate 3997c478bd9Sstevel@tonic-gate if ((strcmp(sp.sp_pwdp, crypt(password, sp.sp_pwdp)) != 0)) { 4007c478bd9Sstevel@tonic-gate /* clear password file entry */ 4017c478bd9Sstevel@tonic-gate (void) memset((void *)spbuf, 0, sizeof (spbuf)); 4027c478bd9Sstevel@tonic-gate if (Sulog != NULL) 4037c478bd9Sstevel@tonic-gate log(Sulog, nptr, 0); /* log entry */ 4047c478bd9Sstevel@tonic-gate message(ERR, gettext("Sorry")); 405*09295472Sgww audit_failure(PW_FALSE, NULL, nptr, PAM_AUTH_ERR); 4067c478bd9Sstevel@tonic-gate if (dosyslog) 4077c478bd9Sstevel@tonic-gate syslog(LOG_CRIT, "'su %s' failed for %s on %s", 4087c478bd9Sstevel@tonic-gate pwd.pw_name, username, ttyn); 4097c478bd9Sstevel@tonic-gate closelog(); 4107c478bd9Sstevel@tonic-gate exit(2); 4117c478bd9Sstevel@tonic-gate } 4127c478bd9Sstevel@tonic-gate /* clear password file entry */ 4137c478bd9Sstevel@tonic-gate (void) memset((void *)spbuf, 0, sizeof (spbuf)); 4147c478bd9Sstevel@tonic-gate ok: 4155435d801Sgww /* update audit session in a non-pam environment */ 4165435d801Sgww update_audit(&pwd); 4177c478bd9Sstevel@tonic-gate if (dosyslog) 4187c478bd9Sstevel@tonic-gate syslog(getuid() == 0 ? LOG_INFO : LOG_NOTICE, 4197c478bd9Sstevel@tonic-gate "'su %s' succeeded for %s on %s", 4207c478bd9Sstevel@tonic-gate pwd.pw_name, username, ttyn); 4215435d801Sgww #endif /* DYNAMIC_SU */ 4227c478bd9Sstevel@tonic-gate 4235435d801Sgww audit_success(pw_change, &pwd); 4247c478bd9Sstevel@tonic-gate uid = pwd.pw_uid; 4257c478bd9Sstevel@tonic-gate gid = pwd.pw_gid; 4267c478bd9Sstevel@tonic-gate dir = strdup(pwd.pw_dir); 4277c478bd9Sstevel@tonic-gate shprog = strdup(pwd.pw_shell); 4287c478bd9Sstevel@tonic-gate name = strdup(pwd.pw_name); 4297c478bd9Sstevel@tonic-gate 4307c478bd9Sstevel@tonic-gate if (Sulog != NULL) 4317c478bd9Sstevel@tonic-gate log(Sulog, nptr, 1); /* log entry */ 4327c478bd9Sstevel@tonic-gate 4337c478bd9Sstevel@tonic-gate /* set user and group ids to specified user */ 4347c478bd9Sstevel@tonic-gate 4357c478bd9Sstevel@tonic-gate /* set the real (and effective) GID */ 4367c478bd9Sstevel@tonic-gate if (setgid(gid) == -1) { 4377c478bd9Sstevel@tonic-gate message(ERR, gettext("Invalid GID")); 4387c478bd9Sstevel@tonic-gate exit(2); 4397c478bd9Sstevel@tonic-gate } 4407c478bd9Sstevel@tonic-gate /* Initialize the supplementary group access list. */ 4417c478bd9Sstevel@tonic-gate if (!nptr) 4427c478bd9Sstevel@tonic-gate exit(2); 4437c478bd9Sstevel@tonic-gate if (initgroups(nptr, gid) == -1) { 4447c478bd9Sstevel@tonic-gate exit(2); 4457c478bd9Sstevel@tonic-gate } 4467c478bd9Sstevel@tonic-gate /* set the real (and effective) UID */ 4477c478bd9Sstevel@tonic-gate if (setuid(uid) == -1) { 4487c478bd9Sstevel@tonic-gate message(ERR, gettext("Invalid UID")); 4497c478bd9Sstevel@tonic-gate exit(2); 4507c478bd9Sstevel@tonic-gate } 4517c478bd9Sstevel@tonic-gate 4527c478bd9Sstevel@tonic-gate /* 4537c478bd9Sstevel@tonic-gate * If new user's shell field is neither NULL nor equal to /usr/bin/sh, 4547c478bd9Sstevel@tonic-gate * set: 4557c478bd9Sstevel@tonic-gate * 4567c478bd9Sstevel@tonic-gate * pshell = their shell 4577c478bd9Sstevel@tonic-gate * su = [-]last component of shell's pathname 4587c478bd9Sstevel@tonic-gate * 4597c478bd9Sstevel@tonic-gate * Otherwise, set the shell to /usr/bin/sh and set argv[0] to '[-]su'. 4607c478bd9Sstevel@tonic-gate */ 4617c478bd9Sstevel@tonic-gate if (shprog[0] != '\0' && strcmp(shell, shprog) != 0) { 4627c478bd9Sstevel@tonic-gate char *p; 4637c478bd9Sstevel@tonic-gate 4647c478bd9Sstevel@tonic-gate pshell = shprog; 4657c478bd9Sstevel@tonic-gate (void) strcpy(su, eflag ? "-" : ""); 4667c478bd9Sstevel@tonic-gate 4677c478bd9Sstevel@tonic-gate if ((p = strrchr(pshell, '/')) != NULL) 4687c478bd9Sstevel@tonic-gate (void) strlcat(su, p + 1, sizeof (su)); 4697c478bd9Sstevel@tonic-gate else 4707c478bd9Sstevel@tonic-gate (void) strlcat(su, pshell, sizeof (su)); 4717c478bd9Sstevel@tonic-gate } else { 4727c478bd9Sstevel@tonic-gate pshell = shell; 4737c478bd9Sstevel@tonic-gate (void) strcpy(su, eflag ? "-su" : "su"); 4747c478bd9Sstevel@tonic-gate } 4757c478bd9Sstevel@tonic-gate 4767c478bd9Sstevel@tonic-gate /* 4777c478bd9Sstevel@tonic-gate * set environment variables for new user; 4787c478bd9Sstevel@tonic-gate * arg0 for exec of shprog must now contain `-' 4797c478bd9Sstevel@tonic-gate * so that environment of new user is given 4807c478bd9Sstevel@tonic-gate */ 4817c478bd9Sstevel@tonic-gate if (eflag) { 4827c478bd9Sstevel@tonic-gate int j; 4837c478bd9Sstevel@tonic-gate char *var; 4847c478bd9Sstevel@tonic-gate 4857c478bd9Sstevel@tonic-gate if (strlen(dir) == 0) { 4867c478bd9Sstevel@tonic-gate (void) strcpy(dir, "/"); 4877c478bd9Sstevel@tonic-gate message(WARN, gettext("No directory! Using home=/")); 4887c478bd9Sstevel@tonic-gate } 4897c478bd9Sstevel@tonic-gate (void) strlcat(homedir, dir, sizeof (homedir)); 4907c478bd9Sstevel@tonic-gate (void) strlcat(logname, name, sizeof (logname)); 4917c478bd9Sstevel@tonic-gate if (hz = getenv("HZ")) 4927c478bd9Sstevel@tonic-gate (void) strlcat(hzname, hz, sizeof (hzname)); 4937c478bd9Sstevel@tonic-gate 4947c478bd9Sstevel@tonic-gate (void) strlcat(shelltyp, pshell, sizeof (shelltyp)); 4957c478bd9Sstevel@tonic-gate 4967c478bd9Sstevel@tonic-gate if (chdir(dir) < 0) { 4977c478bd9Sstevel@tonic-gate message(ERR, gettext("No directory!")); 4987c478bd9Sstevel@tonic-gate exit(1); 4997c478bd9Sstevel@tonic-gate } 5007c478bd9Sstevel@tonic-gate envinit[envidx = 0] = homedir; 5017c478bd9Sstevel@tonic-gate envinit[++envidx] = ((uid == (uid_t)ROOT) ? supath : path); 5027c478bd9Sstevel@tonic-gate envinit[++envidx] = logname; 5037c478bd9Sstevel@tonic-gate envinit[++envidx] = hzname; 5047c478bd9Sstevel@tonic-gate if ((term = getenv("TERM")) != NULL) { 5057c478bd9Sstevel@tonic-gate (void) strlcat(termtyp, term, sizeof (termtyp)); 5067c478bd9Sstevel@tonic-gate envinit[++envidx] = termtyp; 5077c478bd9Sstevel@tonic-gate } 5087c478bd9Sstevel@tonic-gate envinit[++envidx] = shelltyp; 5097c478bd9Sstevel@tonic-gate 5107c478bd9Sstevel@tonic-gate (void) strlcat(mail, name, sizeof (mail)); 5117c478bd9Sstevel@tonic-gate envinit[++envidx] = mail; 5127c478bd9Sstevel@tonic-gate 5137c478bd9Sstevel@tonic-gate /* 5147c478bd9Sstevel@tonic-gate * Fetch the relevant locale/TZ environment variables from 5157c478bd9Sstevel@tonic-gate * the inherited environment. 5167c478bd9Sstevel@tonic-gate * 5177c478bd9Sstevel@tonic-gate * We have a priority here for setting TZ. If TZ is set in 5187c478bd9Sstevel@tonic-gate * in the inherited environment, that value remains top 5197c478bd9Sstevel@tonic-gate * priority. If the file /etc/default/login has TIMEZONE set, 5207c478bd9Sstevel@tonic-gate * that has second highest priority. 5217c478bd9Sstevel@tonic-gate */ 5227c478bd9Sstevel@tonic-gate tznam[0] = '\0'; 5237c478bd9Sstevel@tonic-gate for (j = 0; initenv[j] != 0; j++) { 5247c478bd9Sstevel@tonic-gate if (initvar = getenv(initenv[j])) { 5257c478bd9Sstevel@tonic-gate 5267c478bd9Sstevel@tonic-gate /* 5277c478bd9Sstevel@tonic-gate * Skip over values beginning with '/' for 5287c478bd9Sstevel@tonic-gate * security. 5297c478bd9Sstevel@tonic-gate */ 5307c478bd9Sstevel@tonic-gate if (initvar[0] == '/') continue; 5317c478bd9Sstevel@tonic-gate 5327c478bd9Sstevel@tonic-gate if (strcmp(initenv[j], "TZ") == 0) { 5337c478bd9Sstevel@tonic-gate (void) strcpy(tznam, "TZ="); 5347c478bd9Sstevel@tonic-gate (void) strlcat(tznam, initvar, 5357c478bd9Sstevel@tonic-gate sizeof (tznam)); 5367c478bd9Sstevel@tonic-gate 5377c478bd9Sstevel@tonic-gate } else { 5387c478bd9Sstevel@tonic-gate var = (char *) 5397c478bd9Sstevel@tonic-gate malloc(strlen(initenv[j]) 5407c478bd9Sstevel@tonic-gate + strlen(initvar) 5417c478bd9Sstevel@tonic-gate + 2); 5427c478bd9Sstevel@tonic-gate (void) strcpy(var, initenv[j]); 5437c478bd9Sstevel@tonic-gate (void) strcat(var, "="); 5447c478bd9Sstevel@tonic-gate (void) strcat(var, initvar); 5457c478bd9Sstevel@tonic-gate envinit[++envidx] = var; 5467c478bd9Sstevel@tonic-gate } 5477c478bd9Sstevel@tonic-gate } 5487c478bd9Sstevel@tonic-gate } 5497c478bd9Sstevel@tonic-gate 5507c478bd9Sstevel@tonic-gate /* 5517c478bd9Sstevel@tonic-gate * Check if TZ was found. If not then try to read it from 5527c478bd9Sstevel@tonic-gate * /etc/default/login. 5537c478bd9Sstevel@tonic-gate */ 5547c478bd9Sstevel@tonic-gate if (tznam[0] == '\0') { 5557c478bd9Sstevel@tonic-gate if (defopen(DEFAULT_LOGIN) == 0) { 5567c478bd9Sstevel@tonic-gate if (initvar = defread("TIMEZONE=")) { 5577c478bd9Sstevel@tonic-gate (void) strcpy(tznam, "TZ="); 5587c478bd9Sstevel@tonic-gate (void) strlcat(tznam, initvar, 5597c478bd9Sstevel@tonic-gate sizeof (tznam)); 5607c478bd9Sstevel@tonic-gate } 5617c478bd9Sstevel@tonic-gate (void) defopen(NULL); 5627c478bd9Sstevel@tonic-gate } 5637c478bd9Sstevel@tonic-gate } 5647c478bd9Sstevel@tonic-gate 5657c478bd9Sstevel@tonic-gate if (tznam[0] != '\0') 5667c478bd9Sstevel@tonic-gate envinit[++envidx] = tznam; 5677c478bd9Sstevel@tonic-gate 5687c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 5697c478bd9Sstevel@tonic-gate /* 5707c478bd9Sstevel@tonic-gate * set the PAM environment variables - 5717c478bd9Sstevel@tonic-gate * check for legal environment variables 5727c478bd9Sstevel@tonic-gate */ 5737c478bd9Sstevel@tonic-gate if ((pam_env = pam_getenvlist(pamh)) != 0) { 5747c478bd9Sstevel@tonic-gate while (pam_env[idx] != 0) { 5757c478bd9Sstevel@tonic-gate if (envidx + 2 < ELIM && 5767c478bd9Sstevel@tonic-gate legalenvvar(pam_env[idx])) { 5777c478bd9Sstevel@tonic-gate envinit[++envidx] = pam_env[idx]; 5787c478bd9Sstevel@tonic-gate } 5797c478bd9Sstevel@tonic-gate idx++; 5807c478bd9Sstevel@tonic-gate } 5817c478bd9Sstevel@tonic-gate } 5825435d801Sgww #endif /* DYNAMIC_SU */ 5837c478bd9Sstevel@tonic-gate envinit[++envidx] = NULL; 5847c478bd9Sstevel@tonic-gate environ = envinit; 5857c478bd9Sstevel@tonic-gate } else { 5867c478bd9Sstevel@tonic-gate char **pp = environ, **qq, *p; 5877c478bd9Sstevel@tonic-gate 5887c478bd9Sstevel@tonic-gate while ((p = *pp) != NULL) { 5897c478bd9Sstevel@tonic-gate if (*p == 'L' && p[1] == 'D' && p[2] == '_') { 5907c478bd9Sstevel@tonic-gate for (qq = pp; (*qq = qq[1]) != NULL; qq++) 5917c478bd9Sstevel@tonic-gate ; 5927c478bd9Sstevel@tonic-gate /* pp is not advanced */ 5937c478bd9Sstevel@tonic-gate } else { 5947c478bd9Sstevel@tonic-gate pp++; 5957c478bd9Sstevel@tonic-gate } 5967c478bd9Sstevel@tonic-gate } 5977c478bd9Sstevel@tonic-gate } 5987c478bd9Sstevel@tonic-gate 5997c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 6007c478bd9Sstevel@tonic-gate if (pamh) 6017c478bd9Sstevel@tonic-gate (void) pam_end(pamh, PAM_SUCCESS); 6025435d801Sgww #endif /* DYNAMIC_SU */ 6037c478bd9Sstevel@tonic-gate 6047c478bd9Sstevel@tonic-gate /* 6057c478bd9Sstevel@tonic-gate * if new user is root: 6067c478bd9Sstevel@tonic-gate * if CONSOLE defined, log entry there; 6077c478bd9Sstevel@tonic-gate * if eflag not set, change environment to that of root. 6087c478bd9Sstevel@tonic-gate */ 6097c478bd9Sstevel@tonic-gate if (uid == (uid_t)ROOT) { 6107c478bd9Sstevel@tonic-gate if (Console != NULL) 6117c478bd9Sstevel@tonic-gate if (strcmp(ttyn, Console) != 0) { 6127c478bd9Sstevel@tonic-gate (void) signal(SIGALRM, to); 6137c478bd9Sstevel@tonic-gate (void) alarm(30); 6147c478bd9Sstevel@tonic-gate log(Console, nptr, 1); 6157c478bd9Sstevel@tonic-gate (void) alarm(0); 6167c478bd9Sstevel@tonic-gate } 6177c478bd9Sstevel@tonic-gate if (!eflag) 6187c478bd9Sstevel@tonic-gate envalt(); 6197c478bd9Sstevel@tonic-gate } 6207c478bd9Sstevel@tonic-gate 6217c478bd9Sstevel@tonic-gate /* 6227c478bd9Sstevel@tonic-gate * Default for SIGCPU and SIGXFSZ. Shells inherit 6237c478bd9Sstevel@tonic-gate * signal disposition from parent. And the 6247c478bd9Sstevel@tonic-gate * shells should have default dispositions for these 6257c478bd9Sstevel@tonic-gate * signals. 6267c478bd9Sstevel@tonic-gate */ 6277c478bd9Sstevel@tonic-gate (void) signal(SIGXCPU, SIG_DFL); 6287c478bd9Sstevel@tonic-gate (void) signal(SIGXFSZ, SIG_DFL); 6297c478bd9Sstevel@tonic-gate 6307c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 6317c478bd9Sstevel@tonic-gate if (embedded) { 6327c478bd9Sstevel@tonic-gate (void) puts("SUCCESS"); 6337c478bd9Sstevel@tonic-gate /* 6347c478bd9Sstevel@tonic-gate * After this point, we're no longer talking the 6357c478bd9Sstevel@tonic-gate * embedded_su protocol, so turn it off. 6367c478bd9Sstevel@tonic-gate */ 6377c478bd9Sstevel@tonic-gate embedded = B_FALSE; 6387c478bd9Sstevel@tonic-gate } 6397c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 6407c478bd9Sstevel@tonic-gate 6417c478bd9Sstevel@tonic-gate /* 6427c478bd9Sstevel@tonic-gate * if additional arguments, exec shell program with array 6437c478bd9Sstevel@tonic-gate * of pointers to arguments: 6447c478bd9Sstevel@tonic-gate * -> if shell = default, then su = [-]su 6457c478bd9Sstevel@tonic-gate * -> if shell != default, then su = [-]last component of 6467c478bd9Sstevel@tonic-gate * shell's pathname 6477c478bd9Sstevel@tonic-gate * 6487c478bd9Sstevel@tonic-gate * if no additional arguments, exec shell with arg0 of su 6497c478bd9Sstevel@tonic-gate * where: 6507c478bd9Sstevel@tonic-gate * -> if shell = default, then su = [-]su 6517c478bd9Sstevel@tonic-gate * -> if shell != default, then su = [-]last component of 6527c478bd9Sstevel@tonic-gate * shell's pathname 6537c478bd9Sstevel@tonic-gate */ 6547c478bd9Sstevel@tonic-gate if (argc > 2) { 6557c478bd9Sstevel@tonic-gate argv[1] = su; 6567c478bd9Sstevel@tonic-gate (void) execv(pshell, &argv[1]); 6577c478bd9Sstevel@tonic-gate } else 6587c478bd9Sstevel@tonic-gate (void) execl(pshell, su, 0); 6597c478bd9Sstevel@tonic-gate 6607c478bd9Sstevel@tonic-gate 6617c478bd9Sstevel@tonic-gate /* 6627c478bd9Sstevel@tonic-gate * Try to clean up after an administrator who has made a mistake 6637c478bd9Sstevel@tonic-gate * configuring root's shell; if root's shell is other than /sbin/sh, 6647c478bd9Sstevel@tonic-gate * try exec'ing /sbin/sh instead. 6657c478bd9Sstevel@tonic-gate */ 6667c478bd9Sstevel@tonic-gate if ((uid == (uid_t)ROOT) && (strcmp(name, "root") == 0) && 6677c478bd9Sstevel@tonic-gate (strcmp(safe_shell, pshell) != 0)) { 6687c478bd9Sstevel@tonic-gate message(WARN, 6697c478bd9Sstevel@tonic-gate gettext("No shell %s. Trying fallback shell %s."), 6707c478bd9Sstevel@tonic-gate pshell, safe_shell); 6717c478bd9Sstevel@tonic-gate 6727c478bd9Sstevel@tonic-gate if (eflag) { 6737c478bd9Sstevel@tonic-gate (void) strcpy(su, "-sh"); 6747c478bd9Sstevel@tonic-gate (void) strlcpy(shelltyp + strlen("SHELL="), 6757c478bd9Sstevel@tonic-gate safe_shell, sizeof (shelltyp) - strlen("SHELL=")); 6767c478bd9Sstevel@tonic-gate } else { 6777c478bd9Sstevel@tonic-gate (void) strcpy(su, "sh"); 6787c478bd9Sstevel@tonic-gate } 6797c478bd9Sstevel@tonic-gate 6807c478bd9Sstevel@tonic-gate if (argc > 2) { 6817c478bd9Sstevel@tonic-gate argv[1] = su; 6827c478bd9Sstevel@tonic-gate (void) execv(safe_shell, &argv[1]); 6837c478bd9Sstevel@tonic-gate } else { 6847c478bd9Sstevel@tonic-gate (void) execl(safe_shell, su, 0); 6857c478bd9Sstevel@tonic-gate } 6867c478bd9Sstevel@tonic-gate message(ERR, gettext("Couldn't exec fallback shell %s: %s"), 6877c478bd9Sstevel@tonic-gate safe_shell, strerror(errno)); 6887c478bd9Sstevel@tonic-gate } else { 6897c478bd9Sstevel@tonic-gate message(ERR, gettext("No shell")); 6907c478bd9Sstevel@tonic-gate } 6917c478bd9Sstevel@tonic-gate return (3); 6927c478bd9Sstevel@tonic-gate } 6937c478bd9Sstevel@tonic-gate 6947c478bd9Sstevel@tonic-gate /* 6957c478bd9Sstevel@tonic-gate * Environment altering routine - 6967c478bd9Sstevel@tonic-gate * This routine is called when a user is su'ing to root 6977c478bd9Sstevel@tonic-gate * without specifying the - flag. 6987c478bd9Sstevel@tonic-gate * The user's PATH and PS1 variables are reset 6997c478bd9Sstevel@tonic-gate * to the correct value for root. 7007c478bd9Sstevel@tonic-gate * All of the user's other environment variables retain 7017c478bd9Sstevel@tonic-gate * their current values after the su (if they are exported). 7027c478bd9Sstevel@tonic-gate */ 7037c478bd9Sstevel@tonic-gate static void 7047c478bd9Sstevel@tonic-gate envalt(void) 7057c478bd9Sstevel@tonic-gate { 7067c478bd9Sstevel@tonic-gate /* 7077c478bd9Sstevel@tonic-gate * If user has PATH variable in their environment, change its value 7087c478bd9Sstevel@tonic-gate * to /bin:/etc:/usr/bin ; 7097c478bd9Sstevel@tonic-gate * if user does not have PATH variable, add it to the user's 7107c478bd9Sstevel@tonic-gate * environment; 7117c478bd9Sstevel@tonic-gate * if either of the above fail, an error message is printed. 7127c478bd9Sstevel@tonic-gate */ 7137c478bd9Sstevel@tonic-gate if (putenv(supath) != 0) { 7147c478bd9Sstevel@tonic-gate message(ERR, 7157c478bd9Sstevel@tonic-gate gettext("unable to obtain memory to expand environment")); 7167c478bd9Sstevel@tonic-gate exit(4); 7177c478bd9Sstevel@tonic-gate } 7187c478bd9Sstevel@tonic-gate 7197c478bd9Sstevel@tonic-gate /* 7207c478bd9Sstevel@tonic-gate * If user has PROMPT variable in their environment, change its value 7217c478bd9Sstevel@tonic-gate * to # ; 7227c478bd9Sstevel@tonic-gate * if user does not have PROMPT variable, add it to the user's 7237c478bd9Sstevel@tonic-gate * environment; 7247c478bd9Sstevel@tonic-gate * if either of the above fail, an error message is printed. 7257c478bd9Sstevel@tonic-gate */ 7267c478bd9Sstevel@tonic-gate if (putenv(suprmt) != 0) { 7277c478bd9Sstevel@tonic-gate message(ERR, 7287c478bd9Sstevel@tonic-gate gettext("unable to obtain memory to expand environment")); 7297c478bd9Sstevel@tonic-gate exit(4); 7307c478bd9Sstevel@tonic-gate } 7317c478bd9Sstevel@tonic-gate } 7327c478bd9Sstevel@tonic-gate 7337c478bd9Sstevel@tonic-gate /* 7347c478bd9Sstevel@tonic-gate * Logging routine - 7357c478bd9Sstevel@tonic-gate * where = SULOG or CONSOLE 7367c478bd9Sstevel@tonic-gate * towho = specified user ( user being su'ed to ) 7377c478bd9Sstevel@tonic-gate * how = 0 if su attempt failed; 1 if su attempt succeeded 7387c478bd9Sstevel@tonic-gate */ 7397c478bd9Sstevel@tonic-gate static void 7407c478bd9Sstevel@tonic-gate log(char *where, char *towho, int how) 7417c478bd9Sstevel@tonic-gate { 7427c478bd9Sstevel@tonic-gate FILE *logf; 7437c478bd9Sstevel@tonic-gate time_t now; 7447c478bd9Sstevel@tonic-gate struct tm *tmp; 7457c478bd9Sstevel@tonic-gate 7467c478bd9Sstevel@tonic-gate /* 7477c478bd9Sstevel@tonic-gate * open SULOG or CONSOLE - if open fails, return 7487c478bd9Sstevel@tonic-gate */ 7497c478bd9Sstevel@tonic-gate if ((logf = fopen(where, "a")) == NULL) 7507c478bd9Sstevel@tonic-gate return; 7517c478bd9Sstevel@tonic-gate 7527c478bd9Sstevel@tonic-gate now = time(0); 7537c478bd9Sstevel@tonic-gate tmp = localtime(&now); 7547c478bd9Sstevel@tonic-gate 7557c478bd9Sstevel@tonic-gate /* 7567c478bd9Sstevel@tonic-gate * write entry into SULOG or onto CONSOLE - if write fails, return 7577c478bd9Sstevel@tonic-gate */ 7587c478bd9Sstevel@tonic-gate (void) fprintf(logf, "SU %.2d/%.2d %.2d:%.2d %c %s %s-%s\n", 7597c478bd9Sstevel@tonic-gate tmp->tm_mon + 1, tmp->tm_mday, tmp->tm_hour, tmp->tm_min, 7607c478bd9Sstevel@tonic-gate how ? '+' : '-', ttyn + sizeof ("/dev/") - 1, username, towho); 7617c478bd9Sstevel@tonic-gate 7627c478bd9Sstevel@tonic-gate (void) fclose(logf); /* close SULOG or CONSOLE */ 7637c478bd9Sstevel@tonic-gate } 7647c478bd9Sstevel@tonic-gate 7657c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 7667c478bd9Sstevel@tonic-gate static void 7677c478bd9Sstevel@tonic-gate to(int sig) 7687c478bd9Sstevel@tonic-gate {} 7697c478bd9Sstevel@tonic-gate 7705435d801Sgww /* 7715435d801Sgww * audit_success - audit successful su 7725435d801Sgww * 7735435d801Sgww * Entry process audit context established -- i.e., pam_setcred() 7745435d801Sgww * or equivalent called. 7755435d801Sgww * pw_change = PW_TRUE, if successful password change audit 7765435d801Sgww * required. 7775435d801Sgww * pwd = passwd entry for new user. 7785435d801Sgww */ 7795435d801Sgww 7805435d801Sgww static void 7815435d801Sgww audit_success(int pw_change, struct passwd *pwd) 7825435d801Sgww { 7835435d801Sgww adt_session_data_t *ah = NULL; 7845435d801Sgww adt_event_data_t *event; 785*09295472Sgww au_event_t event_id = ADT_su; 786*09295472Sgww userattr_t *user_entry; 787*09295472Sgww char *kva_value; 7885435d801Sgww 7895435d801Sgww if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) { 7905435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 7915435d801Sgww "adt_start_session(ADT_su): %m"); 7925435d801Sgww return; 7935435d801Sgww } 794*09295472Sgww if (((user_entry = getusernam(pwd->pw_name)) != NULL) && 795*09295472Sgww ((kva_value = kva_match((kva_t *)user_entry->attr, 796*09295472Sgww USERATTR_TYPE_KW)) != NULL) && 797*09295472Sgww ((strcmp(kva_value, USERATTR_TYPE_NONADMIN_KW) == 0) || 798*09295472Sgww (strcmp(kva_value, USERATTR_TYPE_ADMIN_KW) == 0))) { 799*09295472Sgww event_id = ADT_role_login; 800*09295472Sgww } 801*09295472Sgww free_userattr(user_entry); /* OK to use, checks for NULL */ 802*09295472Sgww 8035435d801Sgww /* since proc uid/gid not yet updated */ 8045435d801Sgww if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid, pwd->pw_uid, 8055435d801Sgww pwd->pw_gid, NULL, ADT_USER) != 0) { 8065435d801Sgww syslog(LOG_AUTH | LOG_ERR, 8075435d801Sgww "adt_set_user(ADT_su, ADT_FAILURE): %m"); 8085435d801Sgww } 809*09295472Sgww if ((event = adt_alloc_event(ah, event_id)) == NULL) { 8105435d801Sgww syslog(LOG_AUTH | LOG_ALERT, "adt_alloc_event(ADT_su): %m"); 8115435d801Sgww } else if (adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS) != 0) { 8125435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 8135435d801Sgww "adt_put_event(ADT_su, ADT_SUCCESS): %m"); 8145435d801Sgww } 8155435d801Sgww 8165435d801Sgww if (pw_change == PW_TRUE) { 8175435d801Sgww /* Also audit password change */ 8185435d801Sgww adt_free_event(event); 8195435d801Sgww if ((event = adt_alloc_event(ah, ADT_passwd)) == NULL) { 8205435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 8215435d801Sgww "adt_alloc_event(ADT_passwd): %m"); 8225435d801Sgww } else if (adt_put_event(event, ADT_SUCCESS, 8235435d801Sgww ADT_SUCCESS) != 0) { 8245435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 8255435d801Sgww "adt_put_event(ADT_passwd, ADT_SUCCESS): %m"); 8265435d801Sgww } 8275435d801Sgww } 8285435d801Sgww adt_free_event(event); 829*09295472Sgww /* 830*09295472Sgww * The preceeding code is a noop if audit isn't enabled, 831*09295472Sgww * but, let's not make a new process when it's not necessary. 832*09295472Sgww */ 833*09295472Sgww if (adt_audit_enabled()) { 834*09295472Sgww audit_logout(ah, event_id); 835*09295472Sgww } 836*09295472Sgww (void) adt_end_session(ah); 837*09295472Sgww } 838*09295472Sgww 839*09295472Sgww 840*09295472Sgww /* 841*09295472Sgww * audit_logout - audit successful su logout 842*09295472Sgww * 843*09295472Sgww * Entry ah = Successful su audit handle 844*09295472Sgww * event_id = su event ID: ADT_su, ADT_role_login 845*09295472Sgww * 846*09295472Sgww * Exit Errors are just ignored and we go on. 847*09295472Sgww * su logout event written. 848*09295472Sgww */ 849*09295472Sgww static void 850*09295472Sgww audit_logout(adt_session_data_t *ah, au_event_t event_id) 851*09295472Sgww { 852*09295472Sgww adt_event_data_t *event; 853*09295472Sgww int status; /* wait status */ 854*09295472Sgww pid_t pid; 855*09295472Sgww priv_set_t *priv; /* waiting process privs */ 856*09295472Sgww 857*09295472Sgww if ((pid = fork()) == 0) { 858*09295472Sgww return; 859*09295472Sgww } else if (pid == -1) { 860*09295472Sgww syslog(LOG_AUTH | LOG_ALERT, "su: could not fork: %m"); 861*09295472Sgww return; 862*09295472Sgww } else { 863*09295472Sgww /* 864*09295472Sgww * When this routine is called, the current working 865*09295472Sgww * directory is the unknown. Change it to root for the 866*09295472Sgww * waiting process so that the current directory can be 867*09295472Sgww * unmounted if necessary. 868*09295472Sgww */ 869*09295472Sgww if (chdir("/") != 0) { 870*09295472Sgww syslog(LOG_AUTH | LOG_ALERT, 871*09295472Sgww "su waitron: could not chdir: %m"); 872*09295472Sgww /* since we let the child finish we just bail */ 873*09295472Sgww exit(0); 874*09295472Sgww } 875*09295472Sgww /* 876*09295472Sgww * Reduce privileges to just those needed. 877*09295472Sgww */ 878*09295472Sgww if ((priv = priv_allocset()) == NULL) { 879*09295472Sgww syslog(LOG_AUTH | LOG_ALERT, 880*09295472Sgww "su waitron: could not reduce privs: %m"); 881*09295472Sgww /* since we let the child finish we just bail */ 882*09295472Sgww exit(0); 883*09295472Sgww } 884*09295472Sgww priv_emptyset(priv); 885*09295472Sgww if ((priv_addset(priv, PRIV_PROC_AUDIT) != 0) || 886*09295472Sgww (setppriv(PRIV_SET, PRIV_PERMITTED, priv) != 0)) { 887*09295472Sgww syslog(LOG_AUTH | LOG_ALERT, 888*09295472Sgww "su waitron: could not reduce privs: %m"); 889*09295472Sgww /* since we let the child finish we just bail */ 890*09295472Sgww priv_freeset(priv); 891*09295472Sgww exit(0); 892*09295472Sgww } 893*09295472Sgww priv_freeset(priv); 894*09295472Sgww while (pid != waitpid(pid, &status, 0)) 895*09295472Sgww continue; 896*09295472Sgww 897*09295472Sgww if (event_id == ADT_su) { 898*09295472Sgww event_id = ADT_su_logout; 899*09295472Sgww } else { 900*09295472Sgww event_id = ADT_role_logout; 901*09295472Sgww } 902*09295472Sgww if ((event = adt_alloc_event(ah, event_id)) == NULL) { 903*09295472Sgww syslog(LOG_AUTH | LOG_ALERT, 904*09295472Sgww "adt_alloc_event(ADT_su_logout): %m"); 905*09295472Sgww exit(0); 906*09295472Sgww } 907*09295472Sgww 908*09295472Sgww (void) adt_put_event(event, ADT_SUCCESS, ADT_SUCCESS); 909*09295472Sgww adt_free_event(event); 910*09295472Sgww (void) adt_end_session(ah); 911*09295472Sgww exit(0); 912*09295472Sgww } 9135435d801Sgww } 9145435d801Sgww 9155435d801Sgww 9165435d801Sgww /* 9175435d801Sgww * audit_failure - audit failed su 9185435d801Sgww * 9195435d801Sgww * Entry New audit context not set. 9205435d801Sgww * pw_change == PW_FALSE, if no password change requested. 9215435d801Sgww * PW_FAILED, if failed password change audit 9225435d801Sgww * required. 923*09295472Sgww * pwd = NULL, or password entry to use. 924*09295472Sgww * user = username entered. Add to record if pwd == NULL. 9255435d801Sgww * pamerr = PAM error code; reason for failure. 9265435d801Sgww */ 9275435d801Sgww 9285435d801Sgww static void 929*09295472Sgww audit_failure(int pw_change, struct passwd *pwd, char *user, int pamerr) 9305435d801Sgww { 9315435d801Sgww adt_session_data_t *ah; /* audit session handle */ 9325435d801Sgww adt_event_data_t *event; /* event to generate */ 933*09295472Sgww au_event_t event_id = ADT_su; 934*09295472Sgww userattr_t *user_entry; 935*09295472Sgww char *kva_value; 9365435d801Sgww 9375435d801Sgww if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) { 9385435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 9395435d801Sgww "adt_start_session(ADT_su, ADT_FAILURE): %m"); 9405435d801Sgww return; 9415435d801Sgww } 942*09295472Sgww 9435435d801Sgww if (pwd != NULL) { 9445435d801Sgww /* target user authenticated, merge audit state */ 9455435d801Sgww if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid, pwd->pw_uid, 9465435d801Sgww pwd->pw_gid, NULL, ADT_UPDATE) != 0) { 9475435d801Sgww syslog(LOG_AUTH | LOG_ERR, 9485435d801Sgww "adt_set_user(ADT_su, ADT_FAILURE): %m"); 9495435d801Sgww } 950*09295472Sgww if (((user_entry = getusernam(pwd->pw_name)) != NULL) && 951*09295472Sgww ((kva_value = kva_match((kva_t *)user_entry->attr, 952*09295472Sgww USERATTR_TYPE_KW)) != NULL) && 953*09295472Sgww ((strcmp(kva_value, USERATTR_TYPE_NONADMIN_KW) == 0) || 954*09295472Sgww (strcmp(kva_value, USERATTR_TYPE_ADMIN_KW) == 0))) { 955*09295472Sgww event_id = ADT_role_login; 9565435d801Sgww } 957*09295472Sgww free_userattr(user_entry); /* OK to use, checks for NULL */ 958*09295472Sgww } 959*09295472Sgww if ((event = adt_alloc_event(ah, event_id)) == NULL) { 9605435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 9615435d801Sgww "adt_alloc_event(ADT_su, ADT_FAILURE): %m"); 9625435d801Sgww return; 963*09295472Sgww } 964*09295472Sgww /* 965*09295472Sgww * can't tell if user not found is a role, so always use su 966*09295472Sgww * If we do pass in pwd when the JNI is fixed, then can 967*09295472Sgww * distinguish and set name in both su and role_login 968*09295472Sgww */ 969*09295472Sgww if (pwd == NULL) { 970*09295472Sgww /* 971*09295472Sgww * this should be "fail_user" rather than "message" 972*09295472Sgww * see adt_xml. The JNI breaks, so for now we leave 973*09295472Sgww * this alone. 974*09295472Sgww */ 975*09295472Sgww event->adt_su.message = user; 976*09295472Sgww } 977*09295472Sgww if (adt_put_event(event, ADT_FAILURE, 9785435d801Sgww ADT_FAIL_PAM + pamerr) != 0) { 9795435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 9805435d801Sgww "adt_put_event(ADT_su(ADT_FAIL, %s): %m", 9815435d801Sgww pam_strerror(pamh, pamerr)); 9825435d801Sgww } 9835435d801Sgww if (pw_change != PW_FALSE) { 9845435d801Sgww /* Also audit password change failed */ 9855435d801Sgww adt_free_event(event); 9865435d801Sgww if ((event = adt_alloc_event(ah, ADT_passwd)) == NULL) { 9875435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 9885435d801Sgww "adt_alloc_event(ADT_passwd): %m"); 9895435d801Sgww } else if (adt_put_event(event, ADT_FAILURE, 9905435d801Sgww ADT_FAIL_PAM + pamerr) != 0) { 9915435d801Sgww syslog(LOG_AUTH | LOG_ALERT, 9925435d801Sgww "adt_put_event(ADT_passwd, ADT_FAILURE): %m"); 9935435d801Sgww } 9945435d801Sgww } 9955435d801Sgww adt_free_event(event); 996*09295472Sgww (void) adt_end_session(ah); 9975435d801Sgww } 9985435d801Sgww 9997c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 10007c478bd9Sstevel@tonic-gate /* 10017c478bd9Sstevel@tonic-gate * su_conv(): 10027c478bd9Sstevel@tonic-gate * This is the conv (conversation) function called from 10037c478bd9Sstevel@tonic-gate * a PAM authentication module to print error messages 10047c478bd9Sstevel@tonic-gate * or garner information from the user. 10057c478bd9Sstevel@tonic-gate */ 10067c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 10077c478bd9Sstevel@tonic-gate static int 10087c478bd9Sstevel@tonic-gate su_conv(int num_msg, struct pam_message **msg, struct pam_response **response, 10097c478bd9Sstevel@tonic-gate void *appdata_ptr) 10107c478bd9Sstevel@tonic-gate { 10117c478bd9Sstevel@tonic-gate struct pam_message *m; 10127c478bd9Sstevel@tonic-gate struct pam_response *r; 10137c478bd9Sstevel@tonic-gate char *temp; 10147c478bd9Sstevel@tonic-gate int k; 10157c478bd9Sstevel@tonic-gate char respbuf[PAM_MAX_RESP_SIZE]; 10167c478bd9Sstevel@tonic-gate 10177c478bd9Sstevel@tonic-gate if (num_msg <= 0) 10187c478bd9Sstevel@tonic-gate return (PAM_CONV_ERR); 10197c478bd9Sstevel@tonic-gate 10207c478bd9Sstevel@tonic-gate *response = (struct pam_response *)calloc(num_msg, 10217c478bd9Sstevel@tonic-gate sizeof (struct pam_response)); 10227c478bd9Sstevel@tonic-gate if (*response == NULL) 10237c478bd9Sstevel@tonic-gate return (PAM_BUF_ERR); 10247c478bd9Sstevel@tonic-gate 10257c478bd9Sstevel@tonic-gate k = num_msg; 10267c478bd9Sstevel@tonic-gate m = *msg; 10277c478bd9Sstevel@tonic-gate r = *response; 10287c478bd9Sstevel@tonic-gate while (k--) { 10297c478bd9Sstevel@tonic-gate 10307c478bd9Sstevel@tonic-gate switch (m->msg_style) { 10317c478bd9Sstevel@tonic-gate 10327c478bd9Sstevel@tonic-gate case PAM_PROMPT_ECHO_OFF: 10337c478bd9Sstevel@tonic-gate errno = 0; 10347c478bd9Sstevel@tonic-gate temp = getpassphrase(m->msg); 10357c478bd9Sstevel@tonic-gate if (errno == EINTR) 10367c478bd9Sstevel@tonic-gate return (PAM_CONV_ERR); 10377c478bd9Sstevel@tonic-gate if (temp != NULL) { 10387c478bd9Sstevel@tonic-gate r->resp = strdup(temp); 10397c478bd9Sstevel@tonic-gate if (r->resp == NULL) { 10407c478bd9Sstevel@tonic-gate freeresponse(num_msg, response); 10417c478bd9Sstevel@tonic-gate return (PAM_BUF_ERR); 10427c478bd9Sstevel@tonic-gate } 10437c478bd9Sstevel@tonic-gate } 10447c478bd9Sstevel@tonic-gate break; 10457c478bd9Sstevel@tonic-gate 10467c478bd9Sstevel@tonic-gate case PAM_PROMPT_ECHO_ON: 10477c478bd9Sstevel@tonic-gate if (m->msg != NULL) { 10487c478bd9Sstevel@tonic-gate (void) fputs(m->msg, stdout); 10497c478bd9Sstevel@tonic-gate } 10507c478bd9Sstevel@tonic-gate 10517c478bd9Sstevel@tonic-gate (void) fgets(respbuf, sizeof (respbuf), stdin); 10527c478bd9Sstevel@tonic-gate temp = strchr(respbuf, '\n'); 10537c478bd9Sstevel@tonic-gate if (temp != NULL) 10547c478bd9Sstevel@tonic-gate *temp = '\0'; 10557c478bd9Sstevel@tonic-gate 10567c478bd9Sstevel@tonic-gate r->resp = strdup(respbuf); 10577c478bd9Sstevel@tonic-gate if (r->resp == NULL) { 10587c478bd9Sstevel@tonic-gate freeresponse(num_msg, response); 10597c478bd9Sstevel@tonic-gate return (PAM_BUF_ERR); 10607c478bd9Sstevel@tonic-gate } 10617c478bd9Sstevel@tonic-gate break; 10627c478bd9Sstevel@tonic-gate 10637c478bd9Sstevel@tonic-gate case PAM_ERROR_MSG: 10647c478bd9Sstevel@tonic-gate if (m->msg != NULL) { 10657c478bd9Sstevel@tonic-gate (void) fputs(m->msg, stderr); 10667c478bd9Sstevel@tonic-gate (void) fputs("\n", stderr); 10677c478bd9Sstevel@tonic-gate } 10687c478bd9Sstevel@tonic-gate break; 10697c478bd9Sstevel@tonic-gate 10707c478bd9Sstevel@tonic-gate case PAM_TEXT_INFO: 10717c478bd9Sstevel@tonic-gate if (m->msg != NULL) { 10727c478bd9Sstevel@tonic-gate (void) fputs(m->msg, stdout); 10737c478bd9Sstevel@tonic-gate (void) fputs("\n", stdout); 10747c478bd9Sstevel@tonic-gate } 10757c478bd9Sstevel@tonic-gate break; 10767c478bd9Sstevel@tonic-gate 10777c478bd9Sstevel@tonic-gate default: 10787c478bd9Sstevel@tonic-gate break; 10797c478bd9Sstevel@tonic-gate } 10807c478bd9Sstevel@tonic-gate m++; 10817c478bd9Sstevel@tonic-gate r++; 10827c478bd9Sstevel@tonic-gate } 10837c478bd9Sstevel@tonic-gate return (PAM_SUCCESS); 10847c478bd9Sstevel@tonic-gate } 10857c478bd9Sstevel@tonic-gate 10867c478bd9Sstevel@tonic-gate /* 10877c478bd9Sstevel@tonic-gate * emb_su_conv(): 10887c478bd9Sstevel@tonic-gate * This is the conv (conversation) function called from 10897c478bd9Sstevel@tonic-gate * a PAM authentication module to print error messages 10907c478bd9Sstevel@tonic-gate * or garner information from the user. 10917c478bd9Sstevel@tonic-gate * This version is used for embedded_su. 10927c478bd9Sstevel@tonic-gate */ 10937c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 10947c478bd9Sstevel@tonic-gate static int 10957c478bd9Sstevel@tonic-gate emb_su_conv(int num_msg, struct pam_message **msg, 10967c478bd9Sstevel@tonic-gate struct pam_response **response, void *appdata_ptr) 10977c478bd9Sstevel@tonic-gate { 10987c478bd9Sstevel@tonic-gate struct pam_message *m; 10997c478bd9Sstevel@tonic-gate struct pam_response *r; 11007c478bd9Sstevel@tonic-gate char *temp; 11017c478bd9Sstevel@tonic-gate int k; 11027c478bd9Sstevel@tonic-gate char respbuf[PAM_MAX_RESP_SIZE]; 11037c478bd9Sstevel@tonic-gate 11047c478bd9Sstevel@tonic-gate if (num_msg <= 0) 11057c478bd9Sstevel@tonic-gate return (PAM_CONV_ERR); 11067c478bd9Sstevel@tonic-gate 11077c478bd9Sstevel@tonic-gate *response = (struct pam_response *)calloc(num_msg, 11087c478bd9Sstevel@tonic-gate sizeof (struct pam_response)); 11097c478bd9Sstevel@tonic-gate if (*response == NULL) 11107c478bd9Sstevel@tonic-gate return (PAM_BUF_ERR); 11117c478bd9Sstevel@tonic-gate 11127c478bd9Sstevel@tonic-gate /* First, send the prompts */ 11137c478bd9Sstevel@tonic-gate (void) printf("CONV %d\n", num_msg); 11147c478bd9Sstevel@tonic-gate k = num_msg; 11157c478bd9Sstevel@tonic-gate m = *msg; 11167c478bd9Sstevel@tonic-gate while (k--) { 11177c478bd9Sstevel@tonic-gate switch (m->msg_style) { 11187c478bd9Sstevel@tonic-gate 11197c478bd9Sstevel@tonic-gate case PAM_PROMPT_ECHO_OFF: 11207c478bd9Sstevel@tonic-gate (void) puts("PAM_PROMPT_ECHO_OFF"); 11217c478bd9Sstevel@tonic-gate goto msg_common; 11227c478bd9Sstevel@tonic-gate 11237c478bd9Sstevel@tonic-gate case PAM_PROMPT_ECHO_ON: 11247c478bd9Sstevel@tonic-gate (void) puts("PAM_PROMPT_ECHO_ON"); 11257c478bd9Sstevel@tonic-gate goto msg_common; 11267c478bd9Sstevel@tonic-gate 11277c478bd9Sstevel@tonic-gate case PAM_ERROR_MSG: 11287c478bd9Sstevel@tonic-gate (void) puts("PAM_ERROR_MSG"); 11297c478bd9Sstevel@tonic-gate goto msg_common; 11307c478bd9Sstevel@tonic-gate 11317c478bd9Sstevel@tonic-gate case PAM_TEXT_INFO: 11327c478bd9Sstevel@tonic-gate (void) puts("PAM_TEXT_INFO"); 11337c478bd9Sstevel@tonic-gate /* fall through to msg_common */ 11347c478bd9Sstevel@tonic-gate msg_common: 11357c478bd9Sstevel@tonic-gate if (m->msg == NULL) 11367c478bd9Sstevel@tonic-gate quotemsg(NULL); 11377c478bd9Sstevel@tonic-gate else 11387c478bd9Sstevel@tonic-gate quotemsg("%s", m->msg); 11397c478bd9Sstevel@tonic-gate break; 11407c478bd9Sstevel@tonic-gate 11417c478bd9Sstevel@tonic-gate default: 11427c478bd9Sstevel@tonic-gate break; 11437c478bd9Sstevel@tonic-gate } 11447c478bd9Sstevel@tonic-gate m++; 11457c478bd9Sstevel@tonic-gate } 11467c478bd9Sstevel@tonic-gate 11477c478bd9Sstevel@tonic-gate /* Next, collect the responses */ 11487c478bd9Sstevel@tonic-gate k = num_msg; 11497c478bd9Sstevel@tonic-gate m = *msg; 11507c478bd9Sstevel@tonic-gate r = *response; 11517c478bd9Sstevel@tonic-gate while (k--) { 11527c478bd9Sstevel@tonic-gate 11537c478bd9Sstevel@tonic-gate switch (m->msg_style) { 11547c478bd9Sstevel@tonic-gate 11557c478bd9Sstevel@tonic-gate case PAM_PROMPT_ECHO_OFF: 11567c478bd9Sstevel@tonic-gate case PAM_PROMPT_ECHO_ON: 11577c478bd9Sstevel@tonic-gate (void) fgets(respbuf, sizeof (respbuf), stdin); 11587c478bd9Sstevel@tonic-gate 11597c478bd9Sstevel@tonic-gate temp = strchr(respbuf, '\n'); 11607c478bd9Sstevel@tonic-gate if (temp != NULL) 11617c478bd9Sstevel@tonic-gate *temp = '\0'; 11627c478bd9Sstevel@tonic-gate 11637c478bd9Sstevel@tonic-gate r->resp = strdup(respbuf); 11647c478bd9Sstevel@tonic-gate if (r->resp == NULL) { 11657c478bd9Sstevel@tonic-gate freeresponse(num_msg, response); 11667c478bd9Sstevel@tonic-gate return (PAM_BUF_ERR); 11677c478bd9Sstevel@tonic-gate } 11687c478bd9Sstevel@tonic-gate 11697c478bd9Sstevel@tonic-gate break; 11707c478bd9Sstevel@tonic-gate 11717c478bd9Sstevel@tonic-gate case PAM_ERROR_MSG: 11727c478bd9Sstevel@tonic-gate case PAM_TEXT_INFO: 11737c478bd9Sstevel@tonic-gate break; 11747c478bd9Sstevel@tonic-gate 11757c478bd9Sstevel@tonic-gate default: 11767c478bd9Sstevel@tonic-gate break; 11777c478bd9Sstevel@tonic-gate } 11787c478bd9Sstevel@tonic-gate m++; 11797c478bd9Sstevel@tonic-gate r++; 11807c478bd9Sstevel@tonic-gate } 11817c478bd9Sstevel@tonic-gate return (PAM_SUCCESS); 11827c478bd9Sstevel@tonic-gate } 11837c478bd9Sstevel@tonic-gate 11847c478bd9Sstevel@tonic-gate static void 11857c478bd9Sstevel@tonic-gate freeresponse(int num_msg, struct pam_response **response) 11867c478bd9Sstevel@tonic-gate { 11877c478bd9Sstevel@tonic-gate struct pam_response *r; 11887c478bd9Sstevel@tonic-gate int i; 11897c478bd9Sstevel@tonic-gate 11907c478bd9Sstevel@tonic-gate /* free responses */ 11917c478bd9Sstevel@tonic-gate r = *response; 11927c478bd9Sstevel@tonic-gate for (i = 0; i < num_msg; i++, r++) { 11937c478bd9Sstevel@tonic-gate if (r->resp != NULL) { 11947c478bd9Sstevel@tonic-gate /* Zap it in case it's a password */ 11957c478bd9Sstevel@tonic-gate (void) memset(r->resp, '\0', strlen(r->resp)); 11967c478bd9Sstevel@tonic-gate free(r->resp); 11977c478bd9Sstevel@tonic-gate } 11987c478bd9Sstevel@tonic-gate } 11997c478bd9Sstevel@tonic-gate free(*response); 12007c478bd9Sstevel@tonic-gate *response = NULL; 12017c478bd9Sstevel@tonic-gate } 12027c478bd9Sstevel@tonic-gate 12037c478bd9Sstevel@tonic-gate /* 12047c478bd9Sstevel@tonic-gate * Print a message, applying quoting for lines starting with '.'. 12057c478bd9Sstevel@tonic-gate * 12067c478bd9Sstevel@tonic-gate * I18n note: \n is "safe" in all locales, and all locales use 12077c478bd9Sstevel@tonic-gate * a high-bit-set character to start multibyte sequences, so 12087c478bd9Sstevel@tonic-gate * scanning for a \n followed by a '.' is safe. 12097c478bd9Sstevel@tonic-gate */ 12107c478bd9Sstevel@tonic-gate static void 12117c478bd9Sstevel@tonic-gate quotemsg(char *fmt, ...) 12127c478bd9Sstevel@tonic-gate { 12137c478bd9Sstevel@tonic-gate if (fmt != NULL) { 12147c478bd9Sstevel@tonic-gate char *msg; 12157c478bd9Sstevel@tonic-gate char *p; 12167c478bd9Sstevel@tonic-gate boolean_t bol; 12177c478bd9Sstevel@tonic-gate va_list v; 12187c478bd9Sstevel@tonic-gate 12197c478bd9Sstevel@tonic-gate va_start(v, fmt); 12207c478bd9Sstevel@tonic-gate msg = alloc_vsprintf(fmt, v); 12217c478bd9Sstevel@tonic-gate va_end(v); 12227c478bd9Sstevel@tonic-gate 12237c478bd9Sstevel@tonic-gate bol = B_TRUE; 12247c478bd9Sstevel@tonic-gate for (p = msg; *p != '\0'; p++) { 12257c478bd9Sstevel@tonic-gate if (bol) { 12267c478bd9Sstevel@tonic-gate if (*p == '.') 12277c478bd9Sstevel@tonic-gate (void) putchar('.'); 12287c478bd9Sstevel@tonic-gate bol = B_FALSE; 12297c478bd9Sstevel@tonic-gate } 12307c478bd9Sstevel@tonic-gate (void) putchar(*p); 12317c478bd9Sstevel@tonic-gate if (*p == '\n') 12327c478bd9Sstevel@tonic-gate bol = B_TRUE; 12337c478bd9Sstevel@tonic-gate } 12347c478bd9Sstevel@tonic-gate (void) putchar('\n'); 12357c478bd9Sstevel@tonic-gate free(msg); 12367c478bd9Sstevel@tonic-gate } 12377c478bd9Sstevel@tonic-gate (void) putchar('.'); 12387c478bd9Sstevel@tonic-gate (void) putchar('\n'); 12397c478bd9Sstevel@tonic-gate } 12407c478bd9Sstevel@tonic-gate 12417c478bd9Sstevel@tonic-gate /* 12427c478bd9Sstevel@tonic-gate * validate - Check that the account is valid for switching to. 12437c478bd9Sstevel@tonic-gate */ 12447c478bd9Sstevel@tonic-gate static void 12455435d801Sgww validate(char *usernam, int *pw_change) 12467c478bd9Sstevel@tonic-gate { 12475435d801Sgww int error; 12485435d801Sgww int flag = 0; 12495435d801Sgww int tries; 12507c478bd9Sstevel@tonic-gate 12515435d801Sgww if (passreq) 12525435d801Sgww flag = PAM_DISALLOW_NULL_AUTHTOK; 12535435d801Sgww 12545435d801Sgww if ((error = pam_acct_mgmt(pamh, flag)) != PAM_SUCCESS) { 12557c478bd9Sstevel@tonic-gate if (Sulog != NULL) 12567c478bd9Sstevel@tonic-gate log(Sulog, pwd.pw_name, 0); /* log entry */ 12577c478bd9Sstevel@tonic-gate if (error == PAM_NEW_AUTHTOK_REQD) { 12585435d801Sgww tries = 0; 12597c478bd9Sstevel@tonic-gate message(ERR, gettext("Password for user " 12605435d801Sgww "'%s' has expired"), pwd.pw_name); 1261f00e6aa6Sdarrenm while ((error = pam_chauthtok(pamh, 1262f00e6aa6Sdarrenm PAM_CHANGE_EXPIRED_AUTHTOK)) != PAM_SUCCESS) { 12635435d801Sgww if ((error == PAM_AUTHTOK_ERR || 12645435d801Sgww error == PAM_TRY_AGAIN) && 12655435d801Sgww (tries++ < DEF_ATTEMPTS)) { 12665435d801Sgww continue; 12675435d801Sgww } 12685435d801Sgww message(ERR, gettext("Sorry")); 1269*09295472Sgww audit_failure(PW_FAILED, &pwd, NULL, error); 12707c478bd9Sstevel@tonic-gate if (dosyslog) 12715435d801Sgww syslog(LOG_CRIT, 12725435d801Sgww "'su %s' failed for %s on %s", 12737c478bd9Sstevel@tonic-gate pwd.pw_name, usernam, ttyn); 12747c478bd9Sstevel@tonic-gate closelog(); 12757c478bd9Sstevel@tonic-gate exit(1); 12765435d801Sgww } 12775435d801Sgww *pw_change = PW_TRUE; 12785435d801Sgww return; 12797c478bd9Sstevel@tonic-gate } else { 12807c478bd9Sstevel@tonic-gate message(ERR, gettext("Sorry")); 1281*09295472Sgww audit_failure(PW_FALSE, &pwd, NULL, error); 12827c478bd9Sstevel@tonic-gate if (dosyslog) 12837c478bd9Sstevel@tonic-gate syslog(LOG_CRIT, "'su %s' failed for %s on %s", 12847c478bd9Sstevel@tonic-gate pwd.pw_name, usernam, ttyn); 12857c478bd9Sstevel@tonic-gate closelog(); 12867c478bd9Sstevel@tonic-gate exit(3); 12877c478bd9Sstevel@tonic-gate } 12887c478bd9Sstevel@tonic-gate } 12897c478bd9Sstevel@tonic-gate } 12907c478bd9Sstevel@tonic-gate 12917c478bd9Sstevel@tonic-gate static char *illegal[] = { 12927c478bd9Sstevel@tonic-gate "SHELL=", 12937c478bd9Sstevel@tonic-gate "HOME=", 12947c478bd9Sstevel@tonic-gate "LOGNAME=", 12957c478bd9Sstevel@tonic-gate #ifndef NO_MAIL 12967c478bd9Sstevel@tonic-gate "MAIL=", 12977c478bd9Sstevel@tonic-gate #endif 12987c478bd9Sstevel@tonic-gate "CDPATH=", 12997c478bd9Sstevel@tonic-gate "IFS=", 13007c478bd9Sstevel@tonic-gate "PATH=", 13017c478bd9Sstevel@tonic-gate "TZ=", 13027c478bd9Sstevel@tonic-gate "HZ=", 13037c478bd9Sstevel@tonic-gate "TERM=", 13047c478bd9Sstevel@tonic-gate 0 13057c478bd9Sstevel@tonic-gate }; 13067c478bd9Sstevel@tonic-gate 13077c478bd9Sstevel@tonic-gate /* 13087c478bd9Sstevel@tonic-gate * legalenvvar - can PAM modules insert this environmental variable? 13097c478bd9Sstevel@tonic-gate */ 13107c478bd9Sstevel@tonic-gate 13117c478bd9Sstevel@tonic-gate static int 13127c478bd9Sstevel@tonic-gate legalenvvar(char *s) 13137c478bd9Sstevel@tonic-gate { 13147c478bd9Sstevel@tonic-gate register char **p; 13157c478bd9Sstevel@tonic-gate 13167c478bd9Sstevel@tonic-gate for (p = illegal; *p; p++) 13177c478bd9Sstevel@tonic-gate if (strncmp(s, *p, strlen(*p)) == 0) 13187c478bd9Sstevel@tonic-gate return (0); 13197c478bd9Sstevel@tonic-gate 13207c478bd9Sstevel@tonic-gate if (s[0] == 'L' && s[1] == 'D' && s[2] == '_') 13217c478bd9Sstevel@tonic-gate return (0); 13227c478bd9Sstevel@tonic-gate 13237c478bd9Sstevel@tonic-gate return (1); 13247c478bd9Sstevel@tonic-gate } 13257c478bd9Sstevel@tonic-gate 13267c478bd9Sstevel@tonic-gate /* 13277c478bd9Sstevel@tonic-gate * The embedded_su protocol allows the client application to supply 13287c478bd9Sstevel@tonic-gate * an initialization block terminated by a line with just a "." on it. 13297c478bd9Sstevel@tonic-gate * 13307c478bd9Sstevel@tonic-gate * This initialization block is currently unused, reserved for future 13317c478bd9Sstevel@tonic-gate * expansion. Ignore it. This is made very slightly more complex by 13327c478bd9Sstevel@tonic-gate * the desire to cleanly ignore input lines of any length, while still 13337c478bd9Sstevel@tonic-gate * correctly detecting a line with just a "." on it. 13347c478bd9Sstevel@tonic-gate * 13357c478bd9Sstevel@tonic-gate * I18n note: It appears that none of the Solaris-supported locales 13367c478bd9Sstevel@tonic-gate * use 0x0a for any purpose other than newline, so looking for '\n' 13377c478bd9Sstevel@tonic-gate * seems safe. 13387c478bd9Sstevel@tonic-gate * All locales use high-bit-set leadin characters for their multi-byte 13397c478bd9Sstevel@tonic-gate * sequences, so a line consisting solely of ".\n" is what it appears 13407c478bd9Sstevel@tonic-gate * to be. 13417c478bd9Sstevel@tonic-gate */ 13427c478bd9Sstevel@tonic-gate static void 13437c478bd9Sstevel@tonic-gate readinitblock(void) 13447c478bd9Sstevel@tonic-gate { 13457c478bd9Sstevel@tonic-gate char buf[100]; 13467c478bd9Sstevel@tonic-gate boolean_t bol; 13477c478bd9Sstevel@tonic-gate 13487c478bd9Sstevel@tonic-gate bol = B_TRUE; 13497c478bd9Sstevel@tonic-gate for (;;) { 13507c478bd9Sstevel@tonic-gate if (fgets(buf, sizeof (buf), stdin) == NULL) 13517c478bd9Sstevel@tonic-gate return; 13527c478bd9Sstevel@tonic-gate if (bol && strcmp(buf, ".\n") == 0) 13537c478bd9Sstevel@tonic-gate return; 13547c478bd9Sstevel@tonic-gate bol = (strchr(buf, '\n') != NULL); 13557c478bd9Sstevel@tonic-gate } 13567c478bd9Sstevel@tonic-gate } 13575435d801Sgww #else /* !DYNAMIC_SU */ 13585435d801Sgww static void 13595435d801Sgww update_audit(struct passwd *pwd) 13605435d801Sgww { 13615435d801Sgww adt_session_data_t *ah; /* audit session handle */ 13625435d801Sgww 13635435d801Sgww if (adt_start_session(&ah, NULL, ADT_USE_PROC_DATA) != 0) { 13645435d801Sgww message(ERR, gettext("Sorry")); 13655435d801Sgww if (dosyslog) 13665435d801Sgww syslog(LOG_CRIT, "'su %s' failed for %s " 13675435d801Sgww "cannot start audit session %m", 13685435d801Sgww pwd->pw_name, username); 13695435d801Sgww closelog(); 13705435d801Sgww exit(2); 13715435d801Sgww } 13725435d801Sgww if (adt_set_user(ah, pwd->pw_uid, pwd->pw_gid, pwd->pw_uid, 13735435d801Sgww pwd->pw_gid, NULL, ADT_UPDATE) != 0) { 13745435d801Sgww if (dosyslog) 13755435d801Sgww syslog(LOG_CRIT, "'su %s' failed for %s " 13765435d801Sgww "cannot update audit session %m", 13775435d801Sgww pwd->pw_name, username); 13785435d801Sgww closelog(); 13795435d801Sgww exit(2); 13805435d801Sgww } 13815435d801Sgww } 13827c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 13837c478bd9Sstevel@tonic-gate 13847c478bd9Sstevel@tonic-gate /* 13857c478bd9Sstevel@tonic-gate * Report an error, either a fatal one, a warning, or a usage message, 13867c478bd9Sstevel@tonic-gate * depending on the mode parameter. 13877c478bd9Sstevel@tonic-gate */ 13887c478bd9Sstevel@tonic-gate /*ARGSUSED*/ 13897c478bd9Sstevel@tonic-gate static void 13907c478bd9Sstevel@tonic-gate message(enum messagemode mode, char *fmt, ...) 13917c478bd9Sstevel@tonic-gate { 13927c478bd9Sstevel@tonic-gate char *s; 13937c478bd9Sstevel@tonic-gate va_list v; 13947c478bd9Sstevel@tonic-gate 13957c478bd9Sstevel@tonic-gate va_start(v, fmt); 13967c478bd9Sstevel@tonic-gate s = alloc_vsprintf(fmt, v); 13977c478bd9Sstevel@tonic-gate va_end(v); 13987c478bd9Sstevel@tonic-gate 13997c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 14007c478bd9Sstevel@tonic-gate if (embedded) { 14017c478bd9Sstevel@tonic-gate if (mode == WARN) { 14027c478bd9Sstevel@tonic-gate (void) printf("CONV 1\n"); 14037c478bd9Sstevel@tonic-gate (void) printf("PAM_ERROR_MSG\n"); 14047c478bd9Sstevel@tonic-gate } else { /* ERR, USAGE */ 14057c478bd9Sstevel@tonic-gate (void) printf("ERROR\n"); 14067c478bd9Sstevel@tonic-gate } 14077c478bd9Sstevel@tonic-gate if (mode == USAGE) { 14087c478bd9Sstevel@tonic-gate quotemsg("%s", s); 14097c478bd9Sstevel@tonic-gate } else { /* ERR, WARN */ 14107c478bd9Sstevel@tonic-gate quotemsg("%s: %s", myname, s); 14117c478bd9Sstevel@tonic-gate } 14127c478bd9Sstevel@tonic-gate } else { 14137c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 14147c478bd9Sstevel@tonic-gate if (mode == USAGE) { 14157c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s\n", s); 14167c478bd9Sstevel@tonic-gate } else { /* ERR, WARN */ 14177c478bd9Sstevel@tonic-gate (void) fprintf(stderr, "%s: %s\n", myname, s); 14187c478bd9Sstevel@tonic-gate } 14197c478bd9Sstevel@tonic-gate #ifdef DYNAMIC_SU 14207c478bd9Sstevel@tonic-gate } 14217c478bd9Sstevel@tonic-gate #endif /* DYNAMIC_SU */ 14227c478bd9Sstevel@tonic-gate 14237c478bd9Sstevel@tonic-gate free(s); 14247c478bd9Sstevel@tonic-gate } 14257c478bd9Sstevel@tonic-gate 14267c478bd9Sstevel@tonic-gate /* 14277c478bd9Sstevel@tonic-gate * Return a pointer to the last path component of a. 14287c478bd9Sstevel@tonic-gate */ 14297c478bd9Sstevel@tonic-gate static char * 14307c478bd9Sstevel@tonic-gate tail(char *a) 14317c478bd9Sstevel@tonic-gate { 14327c478bd9Sstevel@tonic-gate char *p; 14337c478bd9Sstevel@tonic-gate 14347c478bd9Sstevel@tonic-gate p = strrchr(a, '/'); 14357c478bd9Sstevel@tonic-gate if (p == NULL) 14367c478bd9Sstevel@tonic-gate p = a; 14377c478bd9Sstevel@tonic-gate else 14387c478bd9Sstevel@tonic-gate p++; /* step over the '/' */ 14397c478bd9Sstevel@tonic-gate 14407c478bd9Sstevel@tonic-gate return (p); 14417c478bd9Sstevel@tonic-gate } 14427c478bd9Sstevel@tonic-gate 14437c478bd9Sstevel@tonic-gate static char * 14447c478bd9Sstevel@tonic-gate alloc_vsprintf(const char *fmt, va_list ap1) 14457c478bd9Sstevel@tonic-gate { 14467c478bd9Sstevel@tonic-gate va_list ap2; 14477c478bd9Sstevel@tonic-gate int n; 14487c478bd9Sstevel@tonic-gate char buf[1]; 14497c478bd9Sstevel@tonic-gate char *s; 14507c478bd9Sstevel@tonic-gate 14517c478bd9Sstevel@tonic-gate /* 14527c478bd9Sstevel@tonic-gate * We need to scan the argument list twice. Save off a copy 14537c478bd9Sstevel@tonic-gate * of the argument list pointer(s) for the second pass. Note that 14547c478bd9Sstevel@tonic-gate * we are responsible for va_end'ing our copy. 14557c478bd9Sstevel@tonic-gate */ 14567c478bd9Sstevel@tonic-gate va_copy(ap2, ap1); 14577c478bd9Sstevel@tonic-gate 14587c478bd9Sstevel@tonic-gate /* 14597c478bd9Sstevel@tonic-gate * vsnprintf into a dummy to get a length. One might 14607c478bd9Sstevel@tonic-gate * think that passing 0 as the length to snprintf would 14617c478bd9Sstevel@tonic-gate * do what we want, but it's defined not to. 14627c478bd9Sstevel@tonic-gate * 14637c478bd9Sstevel@tonic-gate * Perhaps we should sprintf into a 100 character buffer 14647c478bd9Sstevel@tonic-gate * or something like that, to avoid two calls to snprintf 14657c478bd9Sstevel@tonic-gate * in most cases. 14667c478bd9Sstevel@tonic-gate */ 14677c478bd9Sstevel@tonic-gate n = vsnprintf(buf, sizeof (buf), fmt, ap2); 14687c478bd9Sstevel@tonic-gate va_end(ap2); 14697c478bd9Sstevel@tonic-gate 14707c478bd9Sstevel@tonic-gate /* 14717c478bd9Sstevel@tonic-gate * Allocate an appropriately-sized buffer. 14727c478bd9Sstevel@tonic-gate */ 14737c478bd9Sstevel@tonic-gate s = malloc(n + 1); 14747c478bd9Sstevel@tonic-gate if (s == NULL) { 14757c478bd9Sstevel@tonic-gate perror("malloc"); 14767c478bd9Sstevel@tonic-gate exit(4); 14777c478bd9Sstevel@tonic-gate } 14787c478bd9Sstevel@tonic-gate 14797c478bd9Sstevel@tonic-gate (void) vsnprintf(s, n+1, fmt, ap1); 14807c478bd9Sstevel@tonic-gate 14817c478bd9Sstevel@tonic-gate return (s); 14827c478bd9Sstevel@tonic-gate } 1483