ubase/su.c

/* See LICENSE file for copyright and license details. */
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
#include <grp.h>
#include <shadow.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "config.h"
#include "util.h"

extern char **environ;

static char *msetenv(const char *, const char *);
static void dologin(struct passwd *);

static void
usage(void)
{
	eprintf("usage: %s [-lp] [username]\n", argv0);
}

static int lflag = 0;
static int pflag = 0;

int
main(int argc, char **argv)
{
	char *usr = "root", *pass, *cryptpass;
	char * const *newargv;
	struct spwd *spw;
	struct passwd *pw;
	uid_t uid;
	int i;

	ARGBEGIN {
	case 'l':
		lflag = 1;
		break;
	case 'p':
		pflag = 1;
		break;
	default:
		usage();
	} ARGEND;

	if (argc < 1)
		;
	else if (argc == 1)
		usr = argv[0];
	else
		usage();

	errno = 0;
	spw = getspnam(usr);
	if (errno)
		eprintf("getspnam: %s:", usr);
	else if (!spw)
		enprintf(EXIT_FAILURE, "who are you?\n");

	switch (spw->sp_pwdp[0]) {
	case '!':
	case '*':
		enprintf(EXIT_FAILURE, "Denied\n");
	case '$':
		break;
	default:
		enprintf(EXIT_FAILURE, "Invalid shadow record\n");
	}

	uid = getuid();
	if (uid) {
		pass = getpass("Password: ");
		if (!pass)
			eprintf("getpass:");

		cryptpass = crypt(pass, spw->sp_pwdp);
		for (i = 0; pass[i]; i++)
			pass[i] = '\0';
		if (!cryptpass)
			eprintf("crypt:");

		if (strcmp(cryptpass, spw->sp_pwdp) != 0)
			enprintf(EXIT_FAILURE, "Denied\n");
	}

	errno = 0;
	pw = getpwnam(usr);
	if (errno)
		eprintf("getpwnam: %s", usr);
	else if (!pw)
		enprintf(EXIT_FAILURE, "who are you?\n");

	if (initgroups(usr, pw->pw_gid) < 0)
		eprintf("initgroups:");
	if (setgid(pw->pw_gid) < 0)
		eprintf("setgid:");
	if (setuid(pw->pw_uid) < 0)
		eprintf("setuid:");

	if (lflag) {
		dologin(pw);
	} else {
		newargv = (char *const[]){pw->pw_shell, NULL};
		if (!pflag) {
			setenv("HOME", pw->pw_dir, 1);
			setenv("SHELL", pw->pw_shell, 1);
			if (strcmp(pw->pw_name, "root") != 0) {
				setenv("USER", pw->pw_name, 1);
				setenv("LOGNAME", pw->pw_name, 1);
			}
		}
		if (strcmp(pw->pw_name, "root") == 0)
			setenv("PATH", ENV_SUPATH, 1);
		else
			setenv("PATH", ENV_PATH, 1);
		execve(pflag ? getenv("SHELL") : pw->pw_shell,
		       newargv, environ);
	}
	return (errno == ENOENT) ? 127 : 126;
}

static char *
msetenv(const char *name, const char *value)
{
	char *buf;
	size_t sz;

	sz = strlen(name) + strlen(value) + 2;
	buf = malloc(sz);
	if (!buf)
		eprintf("malloc:");
	snprintf(buf, sz, "%s=%s", name, value);
	return buf;
}

static void
dologin(struct passwd *pw)
{
	char shbuf[strlen(pw->pw_shell) + 1];
	char * const *newargv;
	char * const *newenv;

	strcpy(shbuf, pw->pw_shell);
	newargv = (char *const[]){shbuf, NULL};
	newenv = (char *const[]){
		msetenv("HOME", pw->pw_dir),
		msetenv("SHELL", pw->pw_shell),
		msetenv("USER", pw->pw_name),
		msetenv("LOGNAME", pw->pw_name),
		msetenv("TERM", getenv("TERM")),
		msetenv("PATH",
			strcmp(pw->pw_name, "root") == 0 ?
			ENV_SUPATH : ENV_PATH),
		NULL
	};
	if (chdir(pw->pw_dir) < 0)
		eprintf("chdir %s:", pw->pw_dir);
	execve(pw->pw_shell, newargv, newenv);
}
Add initial su(1) 2013-10-17 18:02:55 -04:00			`/* See LICENSE file for copyright and license details. */`
			`#include <sys/types.h>`
			`#include <unistd.h>`
			`#include <errno.h>`
			`#include <pwd.h>`
			`#include <grp.h>`
			`#include <shadow.h>`
			`#include <stdio.h>`
			`#include <string.h>`
			`#include <stdlib.h>`
Setup a sane PATH across su(1) Also added a config.h for the basic configuration of ubase. 2013-10-19 14:07:30 -04:00			`#include "config.h"`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`#include "util.h"`

We use environ so declare it 2013-10-18 05:33:02 -04:00			`extern char **environ;`

Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`static char msetenv(const char , const char *);`
			`static void dologin(struct passwd *);`

Add initial su(1) 2013-10-17 18:02:55 -04:00			`static void`
			`usage(void)`
			`{`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`eprintf("usage: %s [-lp] [username]\n", argv0);`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`}`

We use environ so declare it 2013-10-18 05:33:02 -04:00			`static int lflag = 0;`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`static int pflag = 0;`
We use environ so declare it 2013-10-18 05:33:02 -04:00
Add initial su(1) 2013-10-17 18:02:55 -04:00			`int`
			`main(int argc, char **argv)`
			`{`
su: set default 'root', fixes a uninitialised variable warning Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org> 2014-02-14 08:49:34 -05:00			`char usr = "root", pass, *cryptpass;`
Use a compound literal instead of malloc() in su(1) 2013-10-18 05:08:10 -04:00			`char * const *newargv;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`struct spwd *spw;`
			`struct passwd *pw;`
			`uid_t uid;`
			`int i;`

			`ARGBEGIN {`
We use environ so declare it 2013-10-18 05:33:02 -04:00			`case 'l':`
			`lflag = 1;`
			`break;`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`case 'p':`
			`pflag = 1;`
			`break;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`default:`
			`usage();`
			`} ARGEND;`

			`if (argc < 1)`
su: set default 'root', fixes a uninitialised variable warning Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org> 2014-02-14 08:49:34 -05:00			`;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`else if (argc == 1)`
			`usr = argv[0];`
			`else`
			`usage();`

Some stylistic changes to su(1) Also set errno to zero before calling getspnam(). 2013-10-18 05:20:13 -04:00			`errno = 0;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`spw = getspnam(usr);`
Some stylistic changes to su(1) Also set errno to zero before calling getspnam(). 2013-10-18 05:20:13 -04:00			`if (errno)`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`eprintf("getspnam: %s:", usr);`
Some stylistic changes to su(1) Also set errno to zero before calling getspnam(). 2013-10-18 05:20:13 -04:00			`else if (!spw)`
			`enprintf(EXIT_FAILURE, "who are you?\n");`
Add initial su(1) 2013-10-17 18:02:55 -04:00
			`switch (spw->sp_pwdp[0]) {`
			`case '!':`
			`case '*':`
			`enprintf(EXIT_FAILURE, "Denied\n");`
			`case '$':`
			`break;`
			`default:`
			`enprintf(EXIT_FAILURE, "Invalid shadow record\n");`
			`}`

su: set default 'root', fixes a uninitialised variable warning Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org> 2014-02-14 08:49:34 -05:00			`uid = getuid();`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`if (uid) {`
			`pass = getpass("Password: ");`
			`if (!pass)`
			`eprintf("getpass:");`

Only try to ask for a password and check if uid is != 0 2013-10-18 05:25:39 -04:00			`cryptpass = crypt(pass, spw->sp_pwdp);`
			`for (i = 0; pass[i]; i++)`
			`pass[i] = '\0';`
			`if (!cryptpass)`
			`eprintf("crypt:");`
Add initial su(1) 2013-10-17 18:02:55 -04:00
Only try to ask for a password and check if uid is != 0 2013-10-18 05:25:39 -04:00			`if (strcmp(cryptpass, spw->sp_pwdp) != 0)`
			`enprintf(EXIT_FAILURE, "Denied\n");`
			`}`
Add initial su(1) 2013-10-17 18:02:55 -04:00
			`errno = 0;`
			`pw = getpwnam(usr);`
			`if (errno)`
			`eprintf("getpwnam: %s", usr);`
			`else if (!pw)`
Some stylistic changes to su(1) Also set errno to zero before calling getspnam(). 2013-10-18 05:20:13 -04:00			`enprintf(EXIT_FAILURE, "who are you?\n");`
Add initial su(1) 2013-10-17 18:02:55 -04:00
			`if (initgroups(usr, pw->pw_gid) < 0)`
			`eprintf("initgroups:");`
			`if (setgid(pw->pw_gid) < 0)`
			`eprintf("setgid:");`
			`if (setuid(pw->pw_uid) < 0)`
			`eprintf("setuid:");`

Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`if (lflag) {`
			`dologin(pw);`
			`} else {`
			`newargv = (char *const[]){pw->pw_shell, NULL};`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`if (!pflag) {`
			`setenv("HOME", pw->pw_dir, 1);`
fix SHELL being set to the usr's home directory 2013-10-18 15:57:24 -04:00			`setenv("SHELL", pw->pw_shell, 1);`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`if (strcmp(pw->pw_name, "root") != 0) {`
			`setenv("USER", pw->pw_name, 1);`
			`setenv("LOGNAME", pw->pw_name, 1);`
			`}`
Set SHELL environment variable by default If target user is not root also set USER and LOGNAME. 2013-10-18 06:20:59 -04:00			`}`
Setup a sane PATH across su(1) Also added a config.h for the basic configuration of ubase. 2013-10-19 14:07:30 -04:00			`if (strcmp(pw->pw_name, "root") == 0)`
			`setenv("PATH", ENV_SUPATH, 1);`
			`else`
			`setenv("PATH", ENV_PATH, 1);`
If we are preserving the environment use SHELL instead of pw->pw_shell 2013-10-18 11:22:24 -04:00			`execve(pflag ? getenv("SHELL") : pw->pw_shell,`
			`newargv, environ);`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`}`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`return (errno == ENOENT) ? 127 : 126;`
			`}`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00
			`static char *`
			`msetenv(const char name, const char value)`
			`{`
			`char *buf;`
			`size_t sz;`

			`sz = strlen(name) + strlen(value) + 2;`
			`buf = malloc(sz);`
			`if (!buf)`
			`eprintf("malloc:");`
			`snprintf(buf, sz, "%s=%s", name, value);`
			`return buf;`
			`}`

			`static void`
			`dologin(struct passwd *pw)`
			`{`
			`char shbuf[strlen(pw->pw_shell) + 1];`
			`char * const *newargv;`
			`char * const *newenv;`

			`strcpy(shbuf, pw->pw_shell);`
			`newargv = (char *const[]){shbuf, NULL};`
			`newenv = (char *const[]){`
			`msetenv("HOME", pw->pw_dir),`
			`msetenv("SHELL", pw->pw_shell),`
			`msetenv("USER", pw->pw_name),`
			`msetenv("LOGNAME", pw->pw_name),`
			`msetenv("TERM", getenv("TERM")),`
Setup a sane PATH across su(1) Also added a config.h for the basic configuration of ubase. 2013-10-19 14:07:30 -04:00			`msetenv("PATH",`
			`strcmp(pw->pw_name, "root") == 0 ?`
			`ENV_SUPATH : ENV_PATH),`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`NULL`
			`};`
			`if (chdir(pw->pw_dir) < 0)`
			`eprintf("chdir %s:", pw->pw_dir);`
			`execve(pw->pw_shell, newargv, newenv);`
			`}`