ubase/su.c

/* See LICENSE file for copyright and license details. */
#include <sys/types.h>
#include <unistd.h>
#include <errno.h>
#include <pwd.h>
#include <grp.h>
#include <shadow.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include "config.h"
#include "util.h"

extern char **environ;

static const char *randreply(void);
static int dologin(struct passwd *);

static void
usage(void)
{
	eprintf("usage: %s [-lp] [user]\n", argv0);
}

static int lflag = 0;
static int pflag = 0;

int
main(int argc, char *argv[])
{
	char *usr = "root", *pass, *cryptpass;
	char *shell;
	struct spwd *spw;
	struct passwd *pw;
	char *newargv[2];
	uid_t uid;

	ARGBEGIN {
	case 'l':
		lflag = 1;
		break;
	case 'p':
		pflag = 1;
		break;
	default:
		usage();
	} ARGEND;

	if (argc < 1)
		;
	else if (argc == 1)
		usr = argv[0];
	else
		usage();

	srand(time(NULL));

	errno = 0;
	pw = getpwnam(usr);
	if (errno)
		eprintf("getpwnam: %s:", usr);
	else if (!pw)
		eprintf("who are you?\n");

	switch (pw->pw_passwd[0]) {
	case '!':
	case '*':
		eprintf("denied\n");
	}

	/* Empty password? Su now */
	if (pw->pw_passwd[0] == '\0')
		goto dosu;

	uid = getuid();
	if (uid) {
		pass = getpass("Password: ");
		if (!pass)
			eprintf("getpass:");
	}

	if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') {
		errno = 0;
		spw = getspnam(usr);
		if (errno)
			eprintf("getspnam: %s:", usr);
		else if (!spw)
			eprintf("who are you?\n");

		switch (spw->sp_pwdp[0]) {
		case '!':
		case '*':
			eprintf("denied\n");
		}
		if (uid) {
			cryptpass = crypt(pass, spw->sp_pwdp);
			if (!cryptpass)
				eprintf("crypt:");
			if (strcmp(cryptpass, spw->sp_pwdp) != 0)
				eprintf(randreply());
		}
	} else {
		if (uid) {
			cryptpass = crypt(pass, pw->pw_passwd);
			if (!cryptpass)
				eprintf("crypt:");
			if (strcmp(cryptpass, pw->pw_passwd) != 0)
				eprintf("login failed\n");
		}
	}

dosu:
	if (initgroups(usr, pw->pw_gid) < 0)
		eprintf("initgroups:");
	if (setgid(pw->pw_gid) < 0)
		eprintf("setgid:");
	if (setuid(pw->pw_uid) < 0)
		eprintf("setuid:");

	if (lflag) {
		return dologin(pw);
	} else {
		shell = pw->pw_shell[0] == '\0' ? "/bin/sh" : pw->pw_shell;
		newargv[0] = shell;
		newargv[1] = NULL;
		if (!pflag) {
			setenv("HOME", pw->pw_dir, 1);
			setenv("SHELL", shell, 1);
			if (strcmp(pw->pw_name, "root") != 0) {
				setenv("USER", pw->pw_name, 1);
				setenv("LOGNAME", pw->pw_name, 1);
			}
		}
		if (strcmp(pw->pw_name, "root") == 0)
			setenv("PATH", ENV_SUPATH, 1);
		else
			setenv("PATH", ENV_PATH, 1);
		execve(pflag ? getenv("SHELL") : shell,
		       newargv, environ);
		weprintf("execve %s:", shell);
		return (errno == ENOENT) ? 127 : 126;
	}
	return EXIT_SUCCESS;
}

static const char *
randreply(void)
{
	static const char *replies[] = {
		"Time flies like an arrow, fruit flies like a banana.\n",
		"Denied.\n",
		"You type like a dairy farmer.\n",
		"CChheecckk yyoouurr dduupplleexx sswwiittcchh..\n",
		"I met a girl with 12 nipples, it sounds weird dozen tit?\n",
		"Here I am, brain the size of a planet and they ask me to keep hashing rubbish.\n",
		"Clones are people two.\n",
		"Your mom is an interesting su response.\n",
		"no.\n",
		"Your mom forgot to null-terminate???B?33??Abort (core dumped)\n",
		"A fool-proof method for sculpting an elephant: first, get a huge block of marble; then you chip away everything that doesn't look like an elephant.\n",
		"Bloating .data for fun and profit.\n",
	};
	return replies[rand() % LEN(replies)];
}

static int
dologin(struct passwd *pw)
{
	char *shell = pw->pw_shell[0] == '\0' ? "/bin/sh" : pw->pw_shell;
	char *term = getenv("TERM");
	clearenv();
	setenv("HOME", pw->pw_dir, 1);
	setenv("SHELL", shell, 1);
	setenv("USER", pw->pw_name, 1);
	setenv("LOGNAME", pw->pw_name, 1);
	setenv("TERM", term ? term : "linux", 1);
	if (strcmp(pw->pw_name, "root") == 0)
		setenv("PATH", ENV_SUPATH, 1);
	else
		setenv("PATH", ENV_PATH, 1);
	if (chdir(pw->pw_dir) < 0)
		eprintf("chdir %s:", pw->pw_dir);
	execlp(shell, shell, "-l", NULL);
	weprintf("execlp %s:", shell);
	return (errno == ENOENT) ? 127 : 126;
}
Add initial su(1) 2013-10-17 18:02:55 -04:00			`/* See LICENSE file for copyright and license details. */`
			`#include <sys/types.h>`
			`#include <unistd.h>`
			`#include <errno.h>`
			`#include <pwd.h>`
			`#include <grp.h>`
			`#include <shadow.h>`
			`#include <stdio.h>`
			`#include <string.h>`
			`#include <stdlib.h>`
Add random replies for failed password attempts in su(1) 2014-04-22 11:35:24 -04:00			`#include <time.h>`
Setup a sane PATH across su(1) Also added a config.h for the basic configuration of ubase. 2013-10-19 14:07:30 -04:00			`#include "config.h"`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`#include "util.h"`

We use environ so declare it 2013-10-18 05:33:02 -04:00			`extern char **environ;`

Add random replies for failed password attempts in su(1) 2014-04-22 11:35:24 -04:00			`static const char *randreply(void);`
Inform the user if exec*() fails 2014-06-03 07:29:16 -04:00			`static int dologin(struct passwd *);`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00
Add initial su(1) 2013-10-17 18:02:55 -04:00			`static void`
			`usage(void)`
			`{`
Add su manpage and fix su usage line 2014-04-13 12:23:04 -04:00			`eprintf("usage: %s [-lp] [user]\n", argv0);`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`}`

We use environ so declare it 2013-10-18 05:33:02 -04:00			`static int lflag = 0;`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`static int pflag = 0;`
We use environ so declare it 2013-10-18 05:33:02 -04:00
Add initial su(1) 2013-10-17 18:02:55 -04:00			`int`
Fix char *argv to char argv[] 2014-04-18 06:49:10 -04:00			`main(int argc, char *argv[])`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`{`
su: set default 'root', fixes a uninitialised variable warning Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org> 2014-02-14 08:49:34 -05:00			`char usr = "root", pass, *cryptpass;`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`char *shell;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`struct spwd *spw;`
			`struct passwd *pw;`
Bring back some C89/C90 elements dmesg: don't use VLAs getty, su: no need to use compound literals 2014-06-05 06:28:08 -04:00			`char *newargv[2];`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`uid_t uid;`

			`ARGBEGIN {`
We use environ so declare it 2013-10-18 05:33:02 -04:00			`case 'l':`
			`lflag = 1;`
			`break;`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`case 'p':`
			`pflag = 1;`
			`break;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`default:`
			`usage();`
			`} ARGEND;`

			`if (argc < 1)`
su: set default 'root', fixes a uninitialised variable warning Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org> 2014-02-14 08:49:34 -05:00			`;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`else if (argc == 1)`
			`usr = argv[0];`
			`else`
			`usage();`

Add random replies for failed password attempts in su(1) 2014-04-22 11:35:24 -04:00			`srand(time(NULL));`

Some stylistic changes to su(1) Also set errno to zero before calling getspnam(). 2013-10-18 05:20:13 -04:00			`errno = 0;`
Add /etc/passwd support to su(1) 2014-06-03 07:09:25 -04:00			`pw = getpwnam(usr);`
Some stylistic changes to su(1) Also set errno to zero before calling getspnam(). 2013-10-18 05:20:13 -04:00			`if (errno)`
Add /etc/passwd support to su(1) 2014-06-03 07:09:25 -04:00			`eprintf("getpwnam: %s:", usr);`
			`else if (!pw)`
Simply use eprintf() instead of enprintf() 2014-02-27 09:57:22 -05:00			`eprintf("who are you?\n");`
Add initial su(1) 2013-10-17 18:02:55 -04:00
Add /etc/passwd support to su(1) 2014-06-03 07:09:25 -04:00			`switch (pw->pw_passwd[0]) {`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`case '!':`
			`case '*':`
use lowercase for errors 2014-06-02 12:14:53 -04:00			`eprintf("denied\n");`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`}`

Add /etc/passwd support to su(1) 2014-06-03 07:09:25 -04:00			`/* Empty password? Su now */`
			`if (pw->pw_passwd[0] == '\0')`
			`goto dosu;`

su: set default 'root', fixes a uninitialised variable warning Signed-off-by: Hiltjo Posthuma <hiltjo@codemadness.org> 2014-02-14 08:49:34 -05:00			`uid = getuid();`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`if (uid) {`
			`pass = getpass("Password: ");`
			`if (!pass)`
			`eprintf("getpass:");`
Add /etc/passwd support to su(1) 2014-06-03 07:09:25 -04:00			`}`
Add initial su(1) 2013-10-17 18:02:55 -04:00
Add /etc/passwd support to su(1) 2014-06-03 07:09:25 -04:00			`if (pw->pw_passwd[0] == 'x' && pw->pw_passwd[1] == '\0') {`
			`errno = 0;`
			`spw = getspnam(usr);`
			`if (errno)`
			`eprintf("getspnam: %s:", usr);`
			`else if (!spw)`
			`eprintf("who are you?\n");`

			`switch (spw->sp_pwdp[0]) {`
			`case '!':`
			`case '*':`
			`eprintf("denied\n");`
			`}`
			`if (uid) {`
			`cryptpass = crypt(pass, spw->sp_pwdp);`
			`if (!cryptpass)`
			`eprintf("crypt:");`
			`if (strcmp(cryptpass, spw->sp_pwdp) != 0)`
			`eprintf(randreply());`
			`}`
			`} else {`
			`if (uid) {`
			`cryptpass = crypt(pass, pw->pw_passwd);`
			`if (!cryptpass)`
			`eprintf("crypt:");`
			`if (strcmp(cryptpass, pw->pw_passwd) != 0)`
			`eprintf("login failed\n");`
			`}`
Only try to ask for a password and check if uid is != 0 2013-10-18 05:25:39 -04:00			`}`
Add initial su(1) 2013-10-17 18:02:55 -04:00
Add /etc/passwd support to su(1) 2014-06-03 07:09:25 -04:00			`dosu:`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`if (initgroups(usr, pw->pw_gid) < 0)`
			`eprintf("initgroups:");`
			`if (setgid(pw->pw_gid) < 0)`
			`eprintf("setgid:");`
			`if (setuid(pw->pw_uid) < 0)`
			`eprintf("setuid:");`

Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`if (lflag) {`
Inform the user if exec*() fails 2014-06-03 07:29:16 -04:00			`return dologin(pw);`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`} else {`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`shell = pw->pw_shell[0] == '\0' ? "/bin/sh" : pw->pw_shell;`
			`newargv[0] = shell;`
Bring back some C89/C90 elements dmesg: don't use VLAs getty, su: no need to use compound literals 2014-06-05 06:28:08 -04:00			`newargv[1] = NULL;`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`if (!pflag) {`
			`setenv("HOME", pw->pw_dir, 1);`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`setenv("SHELL", shell, 1);`
Implement -p for su(1) 2013-10-18 09:26:14 -04:00			`if (strcmp(pw->pw_name, "root") != 0) {`
			`setenv("USER", pw->pw_name, 1);`
			`setenv("LOGNAME", pw->pw_name, 1);`
			`}`
Set SHELL environment variable by default If target user is not root also set USER and LOGNAME. 2013-10-18 06:20:59 -04:00			`}`
Setup a sane PATH across su(1) Also added a config.h for the basic configuration of ubase. 2013-10-19 14:07:30 -04:00			`if (strcmp(pw->pw_name, "root") == 0)`
			`setenv("PATH", ENV_SUPATH, 1);`
			`else`
			`setenv("PATH", ENV_PATH, 1);`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`execve(pflag ? getenv("SHELL") : shell,`
If we are preserving the environment use SHELL instead of pw->pw_shell 2013-10-18 11:22:24 -04:00			`newargv, environ);`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`weprintf("execve %s:", shell);`
Inform the user if exec*() fails 2014-06-03 07:29:16 -04:00			`return (errno == ENOENT) ? 127 : 126;`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`}`
Inform the user if exec*() fails 2014-06-03 07:29:16 -04:00			`return EXIT_SUCCESS;`
Add initial su(1) 2013-10-17 18:02:55 -04:00			`}`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00
Add random replies for failed password attempts in su(1) 2014-04-22 11:35:24 -04:00			`static const char *`
			`randreply(void)`
			`{`
			`static const char *replies[] = {`
			`"Time flies like an arrow, fruit flies like a banana.\n",`
			`"Denied.\n",`
			`"You type like a dairy farmer.\n",`
			`"CChheecckk yyoouurr dduupplleexx sswwiittcchh..\n",`
			`"I met a girl with 12 nipples, it sounds weird dozen tit?\n",`
			`"Here I am, brain the size of a planet and they ask me to keep hashing rubbish.\n",`
			`"Clones are people two.\n",`
			`"Your mom is an interesting su response.\n",`
			`"no.\n",`
			`"Your mom forgot to null-terminate???B?33??Abort (core dumped)\n",`
			`"A fool-proof method for sculpting an elephant: first, get a huge block of marble; then you chip away everything that doesn't look like an elephant.\n",`
			`"Bloating .data for fun and profit.\n",`
			`};`
			`return replies[rand() % LEN(replies)];`
			`}`

Inform the user if exec*() fails 2014-06-03 07:29:16 -04:00			`static int`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`dologin(struct passwd *pw)`
			`{`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`char *shell = pw->pw_shell[0] == '\0' ? "/bin/sh" : pw->pw_shell;`
Simplify dologin() in su(1) Exec the user's shell with -l to fake a login. 2014-06-03 07:24:17 -04:00			`char *term = getenv("TERM");`
			`clearenv();`
			`setenv("HOME", pw->pw_dir, 1);`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`setenv("SHELL", shell, 1);`
Simplify dologin() in su(1) Exec the user's shell with -l to fake a login. 2014-06-03 07:24:17 -04:00			`setenv("USER", pw->pw_name, 1);`
			`setenv("LOGNAME", pw->pw_name, 1);`
Set TERM to linux if needed for su and login 2014-06-03 13:19:31 -04:00			`setenv("TERM", term ? term : "linux", 1);`
Simplify dologin() in su(1) Exec the user's shell with -l to fake a login. 2014-06-03 07:24:17 -04:00			`if (strcmp(pw->pw_name, "root") == 0)`
			`setenv("PATH", ENV_SUPATH, 1);`
			`else`
			`setenv("PATH", ENV_PATH, 1);`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`if (chdir(pw->pw_dir) < 0)`
			`eprintf("chdir %s:", pw->pw_dir);`
the shell field in passwd is optional - fallback to /bin/sh 2014-06-05 07:12:18 -04:00			`execlp(shell, shell, "-l", NULL);`
			`weprintf("execlp %s:", shell);`
Inform the user if exec*() fails 2014-06-03 07:29:16 -04:00			`return (errno == ENOENT) ? 127 : 126;`
Implement -l support for su(1) 2013-10-18 06:14:36 -04:00			`}`