2016-10-13 06:14:58 -05:00
|
|
|
/*
|
|
|
|
* su(1) for Linux. Run a shell with substitute user and group IDs.
|
|
|
|
*
|
|
|
|
* Copyright (C) 1992-2006 Free Software Foundation, Inc.
|
|
|
|
* Copyright (C) 2012 SUSE Linux Products GmbH, Nuernberg
|
|
|
|
* Copyright (C) 2016 Karel Zak <kzak@redhat.com>
|
|
|
|
*
|
|
|
|
* This program is free software; you can redistribute it and/or modify it
|
|
|
|
* under the terms of the GNU General Public License as published by the Free
|
|
|
|
* Software Foundation; either version 2, or (at your option) any later
|
|
|
|
* version.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful, but WITHOUT
|
|
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
|
|
|
|
* more details. You should have received a copy of the GNU General Public
|
|
|
|
* License along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301,
|
|
|
|
* USA.
|
|
|
|
*
|
|
|
|
*
|
|
|
|
* Based on an implementation by David MacKenzie <djm@gnu.ai.mit.edu>.
|
|
|
|
*/
|
2012-08-28 11:10:58 -05:00
|
|
|
#include <stdio.h>
|
|
|
|
#include <getopt.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <grp.h>
|
|
|
|
#include <security/pam_appl.h>
|
2014-12-09 20:40:31 -06:00
|
|
|
#ifdef HAVE_SECURITY_PAM_MISC_H
|
2016-10-13 06:14:58 -05:00
|
|
|
# include <security/pam_misc.h>
|
2014-12-09 20:40:31 -06:00
|
|
|
#elif defined(HAVE_SECURITY_OPENPAM_H)
|
2016-10-13 06:14:58 -05:00
|
|
|
# include <security/openpam.h>
|
2014-12-09 20:40:31 -06:00
|
|
|
#endif
|
2012-08-28 11:10:58 -05:00
|
|
|
#include <signal.h>
|
|
|
|
#include <sys/wait.h>
|
|
|
|
#include <syslog.h>
|
2016-12-01 02:52:11 -06:00
|
|
|
#include <utmpx.h>
|
2012-08-28 11:10:58 -05:00
|
|
|
|
|
|
|
#include "err.h"
|
|
|
|
|
|
|
|
#include <stdbool.h>
|
2016-10-13 06:14:58 -05:00
|
|
|
|
2012-08-28 11:10:58 -05:00
|
|
|
#include "c.h"
|
|
|
|
#include "xalloc.h"
|
|
|
|
#include "nls.h"
|
|
|
|
#include "pathnames.h"
|
|
|
|
#include "env.h"
|
2012-09-05 04:21:07 -05:00
|
|
|
#include "closestream.h"
|
2012-11-22 08:23:14 -06:00
|
|
|
#include "strutils.h"
|
2012-11-22 07:45:49 -06:00
|
|
|
#include "ttyutils.h"
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 06:14:58 -05:00
|
|
|
#include "logindefs.h"
|
|
|
|
#include "su-common.h"
|
|
|
|
|
2012-08-28 11:10:58 -05:00
|
|
|
/* name of the pam configuration files. separate configs for su and su - */
|
2012-08-29 10:34:26 -05:00
|
|
|
#define PAM_SRVNAME_SU "su"
|
|
|
|
#define PAM_SRVNAME_SU_L "su-l"
|
|
|
|
|
|
|
|
#define PAM_SRVNAME_RUNUSER "runuser"
|
|
|
|
#define PAM_SRVNAME_RUNUSER_L "runuser-l"
|
|
|
|
|
2017-01-20 04:02:23 -06:00
|
|
|
#define _PATH_LOGINDEFS_SU "/etc/default/su"
|
|
|
|
#define _PATH_LOGINDEFS_RUNUSER "/etc/default/runuser"
|
2012-08-28 11:10:58 -05:00
|
|
|
|
|
|
|
#define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS)
|
|
|
|
|
|
|
|
/* The shell to run if none is given in the user's passwd entry. */
|
|
|
|
#define DEFAULT_SHELL "/bin/sh"
|
|
|
|
|
|
|
|
/* The user to become if none is specified. */
|
|
|
|
#define DEFAULT_USER "root"
|
|
|
|
|
|
|
|
#ifndef HAVE_ENVIRON_DECL
|
|
|
|
extern char **environ;
|
|
|
|
#endif
|
|
|
|
|
2016-10-13 06:14:58 -05:00
|
|
|
enum {
|
|
|
|
EXIT_CANNOT_INVOKE = 126,
|
|
|
|
EXIT_ENOENT = 127
|
|
|
|
};
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
/*
|
|
|
|
* su/runuser control struct
|
|
|
|
*/
|
|
|
|
struct su_context {
|
|
|
|
pam_handle_t *pamh; /* PAM handler */
|
|
|
|
struct pam_conv conv; /* PAM conversation */
|
|
|
|
|
|
|
|
unsigned int runuser :1, /* flase=su, true=runuser */
|
|
|
|
fast_startup :1, /* pass the `-f' option to the subshell. */
|
|
|
|
simulate_login :1, /* simulate a login instead of just starting a shell. */
|
|
|
|
change_environment :1, /* change some environment vars to indicate the user su'd to.*/
|
|
|
|
same_session :1, /* don't call setsid() with a command. */
|
|
|
|
suppress_pam_info:1, /* don't print PAM info messages (Last login, etc.). */
|
|
|
|
pam_has_session :1, /* PAM session opened */
|
|
|
|
pam_has_cred :1, /* PAM cred established */
|
|
|
|
restricted :1; /* false for root user */
|
|
|
|
};
|
2012-08-28 11:10:58 -05:00
|
|
|
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
static void run_shell(struct su_context *, char const *, char const *, char **, size_t);
|
2013-08-27 04:23:54 -05:00
|
|
|
|
2012-08-28 11:10:58 -05:00
|
|
|
static sig_atomic_t volatile caught_signal = false;
|
|
|
|
|
2012-08-29 10:34:26 -05:00
|
|
|
|
2017-04-15 15:46:38 -05:00
|
|
|
static const struct passwd *
|
2012-09-05 04:13:34 -05:00
|
|
|
current_getpwuid(void)
|
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
uid_t ruid;
|
|
|
|
|
|
|
|
/* GNU Hurd implementation has an extension where a process can exist in a
|
|
|
|
* non-conforming environment, and thus be outside the realms of POSIX
|
|
|
|
* process identifiers; on this platform, getuid() fails with a status of
|
|
|
|
* (uid_t)(-1) and sets errno if a program is run from a non-conforming
|
|
|
|
* environment.
|
|
|
|
*
|
|
|
|
* http://austingroupbugs.net/view.php?id=511
|
|
|
|
*/
|
|
|
|
errno = 0;
|
|
|
|
ruid = getuid();
|
|
|
|
|
|
|
|
return errno == 0 ? getpwuid(ruid) : NULL;
|
2012-09-05 04:13:34 -05:00
|
|
|
}
|
|
|
|
|
2012-08-28 11:10:58 -05:00
|
|
|
/* Log the fact that someone has run su to the user given by PW;
|
|
|
|
if SUCCESSFUL is true, they gave the correct password, etc. */
|
|
|
|
|
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
log_syslog(struct su_context *su, struct passwd const *pw, bool successful)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
const char *new_user, *old_user, *tty;
|
|
|
|
|
|
|
|
new_user = pw->pw_name;
|
|
|
|
/* The utmp entry (via getlogin) is probably the best way to identify
|
|
|
|
the user, especially if someone su's from a su-shell. */
|
|
|
|
old_user = getlogin();
|
|
|
|
if (!old_user) {
|
|
|
|
/* getlogin can fail -- usually due to lack of utmp entry.
|
|
|
|
Resort to getpwuid. */
|
|
|
|
const struct passwd *pwd = current_getpwuid();
|
|
|
|
old_user = pwd ? pwd->pw_name : "";
|
|
|
|
}
|
|
|
|
|
|
|
|
if (get_terminal_name(NULL, &tty, NULL) != 0 || !tty)
|
|
|
|
tty = "none";
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
openlog(program_invocation_short_name, 0, LOG_AUTH);
|
|
|
|
syslog(LOG_NOTICE, "%s(to %s) %s on %s",
|
|
|
|
successful ? "" :
|
2016-10-13 07:22:52 -05:00
|
|
|
su->runuser ? "FAILED RUNUSER " : "FAILED SU ",
|
2016-10-13 06:06:35 -05:00
|
|
|
new_user, old_user, tty);
|
|
|
|
closelog();
|
|
|
|
}
|
2012-11-22 08:23:14 -06:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Log failed login attempts in _PATH_BTMP if that exists.
|
|
|
|
*/
|
2017-04-15 15:46:38 -05:00
|
|
|
static void log_btmp(struct passwd const * const pw)
|
2012-11-22 08:23:14 -06:00
|
|
|
{
|
2016-12-01 02:52:11 -06:00
|
|
|
struct utmpx ut;
|
2012-11-22 08:23:14 -06:00
|
|
|
struct timeval tv;
|
|
|
|
const char *tty_name, *tty_num;
|
|
|
|
|
|
|
|
memset(&ut, 0, sizeof(ut));
|
|
|
|
|
|
|
|
strncpy(ut.ut_user,
|
|
|
|
pw && pw->pw_name ? pw->pw_name : "(unknown)",
|
|
|
|
sizeof(ut.ut_user));
|
|
|
|
|
2016-05-14 13:50:41 -05:00
|
|
|
get_terminal_name(NULL, &tty_name, &tty_num);
|
2012-11-22 08:23:14 -06:00
|
|
|
if (tty_num)
|
|
|
|
xstrncpy(ut.ut_id, tty_num, sizeof(ut.ut_id));
|
|
|
|
if (tty_name)
|
|
|
|
xstrncpy(ut.ut_line, tty_name, sizeof(ut.ut_line));
|
|
|
|
|
|
|
|
gettimeofday(&tv, NULL);
|
|
|
|
ut.ut_tv.tv_sec = tv.tv_sec;
|
|
|
|
ut.ut_tv.tv_usec = tv.tv_usec;
|
|
|
|
ut.ut_type = LOGIN_PROCESS; /* XXX doesn't matter */
|
|
|
|
ut.ut_pid = getpid();
|
|
|
|
|
2016-12-01 02:52:11 -06:00
|
|
|
updwtmpx(_PATH_BTMP, &ut);
|
2012-11-22 08:23:14 -06:00
|
|
|
}
|
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
static int
|
|
|
|
su_pam_conv(int num_msg, const struct pam_message **msg,
|
|
|
|
struct pam_response **resp, void *appdata_ptr)
|
2013-08-27 04:23:54 -05:00
|
|
|
{
|
2016-10-13 07:22:52 -05:00
|
|
|
struct su_context *su = (struct su_context *) appdata_ptr;
|
|
|
|
|
|
|
|
if (su->suppress_pam_info
|
2016-10-13 06:06:35 -05:00
|
|
|
&& num_msg == 1 && msg && msg[0]->msg_style == PAM_TEXT_INFO)
|
2013-08-27 04:23:54 -05:00
|
|
|
return PAM_SUCCESS;
|
2016-10-13 07:22:52 -05:00
|
|
|
|
2014-12-09 20:40:31 -06:00
|
|
|
#ifdef HAVE_SECURITY_PAM_MISC_H
|
2013-08-27 04:23:54 -05:00
|
|
|
return misc_conv(num_msg, msg, resp, appdata_ptr);
|
2014-12-09 20:40:31 -06:00
|
|
|
#elif defined(HAVE_SECURITY_OPENPAM_H)
|
|
|
|
return openpam_ttyconv(num_msg, msg, resp, appdata_ptr);
|
|
|
|
#endif
|
2013-08-27 04:23:54 -05:00
|
|
|
}
|
|
|
|
|
2012-08-28 11:10:58 -05:00
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
cleanup_pam(struct su_context *su, int retcode)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
const int saved_errno = errno;
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->pam_has_session)
|
|
|
|
pam_close_session(su->pamh, 0);
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->pam_has_cred)
|
|
|
|
pam_setcred(su->pamh, PAM_DELETE_CRED | PAM_SILENT);
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
pam_end(su->pamh, retcode);
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
errno = saved_errno;
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Signal handler for parent process. */
|
|
|
|
static void
|
2016-10-13 06:06:35 -05:00
|
|
|
su_catch_sig(int sig)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
caught_signal = sig;
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Export env variables declared by PAM modules. */
|
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
export_pamenv(struct su_context *su)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
char **env;
|
|
|
|
|
|
|
|
/* This is a copy but don't care to free as we exec later anyways. */
|
2016-10-13 07:22:52 -05:00
|
|
|
env = pam_getenvlist(su->pamh);
|
2016-10-13 06:06:35 -05:00
|
|
|
while (env && *env) {
|
|
|
|
if (putenv(*env) != 0)
|
|
|
|
err(EXIT_FAILURE, NULL);
|
|
|
|
env++;
|
|
|
|
}
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
create_watching_parent(struct su_context *su)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
pid_t child;
|
|
|
|
sigset_t ourset;
|
|
|
|
struct sigaction oldact[3];
|
|
|
|
int status = 0;
|
|
|
|
int retval;
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_open_session(su->pamh, 0);
|
2016-10-13 06:06:35 -05:00
|
|
|
if (is_pam_failure(retval)) {
|
2016-10-13 07:22:52 -05:00
|
|
|
cleanup_pam(su, retval);
|
2016-10-13 06:06:35 -05:00
|
|
|
errx(EXIT_FAILURE, _("cannot open session: %s"),
|
2016-10-13 07:22:52 -05:00
|
|
|
pam_strerror(su->pamh, retval));
|
2016-10-13 06:06:35 -05:00
|
|
|
} else
|
2016-10-13 07:22:52 -05:00
|
|
|
su->pam_has_session = 1;
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
memset(oldact, 0, sizeof(oldact));
|
|
|
|
|
|
|
|
child = fork();
|
|
|
|
if (child == (pid_t) - 1) {
|
2016-10-13 07:22:52 -05:00
|
|
|
cleanup_pam(su, PAM_ABORT);
|
2016-10-13 06:06:35 -05:00
|
|
|
err(EXIT_FAILURE, _("cannot create child process"));
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
/* the child proceeds to run the shell */
|
|
|
|
if (child == 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* In the parent watch the child. */
|
|
|
|
|
|
|
|
/* su without pam support does not have a helper that keeps
|
|
|
|
sitting on any directory so let's go to /. */
|
|
|
|
if (chdir("/") != 0)
|
|
|
|
warn(_("cannot change directory to %s"), "/");
|
|
|
|
|
|
|
|
sigfillset(&ourset);
|
|
|
|
if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
|
|
|
|
warn(_("cannot block signals"));
|
|
|
|
caught_signal = true;
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
2016-10-13 06:06:35 -05:00
|
|
|
if (!caught_signal) {
|
|
|
|
struct sigaction action;
|
|
|
|
action.sa_handler = su_catch_sig;
|
|
|
|
sigemptyset(&action.sa_mask);
|
|
|
|
action.sa_flags = 0;
|
|
|
|
sigemptyset(&ourset);
|
2016-10-13 07:22:52 -05:00
|
|
|
if (!su->same_session) {
|
2016-10-13 06:06:35 -05:00
|
|
|
if (sigaddset(&ourset, SIGINT)
|
|
|
|
|| sigaddset(&ourset, SIGQUIT)) {
|
|
|
|
warn(_("cannot set signal handler"));
|
|
|
|
caught_signal = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!caught_signal && (sigaddset(&ourset, SIGTERM)
|
|
|
|
|| sigaddset(&ourset, SIGALRM)
|
|
|
|
|| sigaction(SIGTERM, &action,
|
|
|
|
&oldact[0])
|
|
|
|
|| sigprocmask(SIG_UNBLOCK, &ourset,
|
|
|
|
NULL))) {
|
|
|
|
warn(_("cannot set signal handler"));
|
|
|
|
caught_signal = true;
|
|
|
|
}
|
2016-10-13 07:22:52 -05:00
|
|
|
if (!caught_signal && !su->same_session
|
2016-10-13 06:06:35 -05:00
|
|
|
&& (sigaction(SIGINT, &action, &oldact[1])
|
|
|
|
|| sigaction(SIGQUIT, &action, &oldact[2]))) {
|
|
|
|
warn(_("cannot set signal handler"));
|
|
|
|
caught_signal = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!caught_signal) {
|
|
|
|
pid_t pid;
|
|
|
|
for (;;) {
|
|
|
|
pid = waitpid(child, &status, WUNTRACED);
|
|
|
|
|
|
|
|
if (pid != (pid_t) - 1 && WIFSTOPPED(status)) {
|
|
|
|
kill(getpid(), SIGSTOP);
|
|
|
|
/* once we get here, we must have resumed */
|
|
|
|
kill(pid, SIGCONT);
|
|
|
|
} else
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (pid != (pid_t) - 1) {
|
|
|
|
if (WIFSIGNALED(status)) {
|
|
|
|
fprintf(stderr, "%s%s\n",
|
|
|
|
strsignal(WTERMSIG(status)),
|
|
|
|
WCOREDUMP(status) ? _(" (core dumped)")
|
|
|
|
: "");
|
|
|
|
status = WTERMSIG(status) + 128;
|
|
|
|
} else
|
|
|
|
status = WEXITSTATUS(status);
|
|
|
|
} else if (caught_signal)
|
|
|
|
status = caught_signal + 128;
|
|
|
|
else
|
|
|
|
status = 1;
|
|
|
|
} else
|
|
|
|
status = 1;
|
|
|
|
|
|
|
|
if (caught_signal) {
|
|
|
|
fprintf(stderr, _("\nSession terminated, killing shell..."));
|
|
|
|
kill(child, SIGTERM);
|
2017-02-01 04:58:09 -06:00
|
|
|
}
|
2013-05-17 03:50:58 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
cleanup_pam(su, PAM_SUCCESS);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
if (caught_signal) {
|
|
|
|
sleep(2);
|
|
|
|
kill(child, SIGKILL);
|
|
|
|
fprintf(stderr, _(" ...killed.\n"));
|
|
|
|
|
|
|
|
/* Let's terminate itself with the received signal.
|
|
|
|
*
|
|
|
|
* It seems that shells use WIFSIGNALED() rather than our exit status
|
|
|
|
* value to detect situations when is necessary to cleanup (reset)
|
|
|
|
* terminal settings (kzak -- Jun 2013).
|
|
|
|
*/
|
|
|
|
switch (caught_signal) {
|
|
|
|
case SIGTERM:
|
|
|
|
sigaction(SIGTERM, &oldact[0], NULL);
|
|
|
|
break;
|
|
|
|
case SIGINT:
|
|
|
|
sigaction(SIGINT, &oldact[1], NULL);
|
|
|
|
break;
|
|
|
|
case SIGQUIT:
|
|
|
|
sigaction(SIGQUIT, &oldact[2], NULL);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* just in case that signal stuff initialization failed and
|
|
|
|
* caught_signal = true */
|
|
|
|
caught_signal = SIGKILL;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
kill(getpid(), caught_signal);
|
|
|
|
}
|
|
|
|
exit(status);
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
authenticate(struct su_context *su, const struct passwd *pw)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
const struct passwd *lpw = NULL;
|
|
|
|
const char *cp, *srvname = NULL;
|
|
|
|
int retval;
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
srvname = su->runuser ?
|
|
|
|
(su->simulate_login ? PAM_SRVNAME_RUNUSER_L : PAM_SRVNAME_RUNUSER) :
|
|
|
|
(su->simulate_login ? PAM_SRVNAME_SU_L : PAM_SRVNAME_SU);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_start(srvname, pw->pw_name, &su->conv, &su->pamh);
|
2016-10-13 06:06:35 -05:00
|
|
|
if (is_pam_failure(retval))
|
|
|
|
goto done;
|
|
|
|
|
|
|
|
if (isatty(0) && (cp = ttyname(0)) != NULL) {
|
|
|
|
const char *tty;
|
|
|
|
|
|
|
|
if (strncmp(cp, "/dev/", 5) == 0)
|
|
|
|
tty = cp + 5;
|
|
|
|
else
|
|
|
|
tty = cp;
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_set_item(su->pamh, PAM_TTY, tty);
|
2016-10-13 06:06:35 -05:00
|
|
|
if (is_pam_failure(retval))
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
|
|
|
lpw = current_getpwuid();
|
|
|
|
if (lpw && lpw->pw_name) {
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_set_item(su->pamh, PAM_RUSER, (const void *)lpw->pw_name);
|
2016-10-13 06:06:35 -05:00
|
|
|
if (is_pam_failure(retval))
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->runuser) {
|
2016-10-13 06:06:35 -05:00
|
|
|
/*
|
|
|
|
* This is the only difference between runuser(1) and su(1). The command
|
|
|
|
* runuser(1) does not required authentication, because user is root.
|
|
|
|
*/
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->restricted)
|
|
|
|
errx(EXIT_FAILURE, _("may not be used by non-root users"));
|
2016-10-13 06:06:35 -05:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_authenticate(su->pamh, 0);
|
2016-10-13 06:06:35 -05:00
|
|
|
if (is_pam_failure(retval))
|
|
|
|
goto done;
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_acct_mgmt(su->pamh, 0);
|
2016-10-13 06:06:35 -05:00
|
|
|
if (retval == PAM_NEW_AUTHTOK_REQD) {
|
|
|
|
/* Password has expired. Offer option to change it. */
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_chauthtok(su->pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
|
2016-10-13 06:06:35 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
done:
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
log_syslog(su, pw, !is_pam_failure(retval));
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
if (is_pam_failure(retval)) {
|
|
|
|
const char *msg;
|
|
|
|
|
|
|
|
log_btmp(pw);
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
msg = pam_strerror(su->pamh, retval);
|
|
|
|
pam_end(su->pamh, retval);
|
2016-10-13 06:06:35 -05:00
|
|
|
sleep(getlogindefs_num("FAIL_DELAY", 1));
|
|
|
|
errx(EXIT_FAILURE, "%s", msg ? msg : _("incorrect password"));
|
|
|
|
}
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2017-04-15 15:46:38 -05:00
|
|
|
set_path(const struct passwd * const pw)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
int r;
|
|
|
|
if (pw->pw_uid)
|
|
|
|
r = logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH);
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
else if ((r = logindefs_setenv("PATH", "ENV_ROOTPATH", NULL)) != 0)
|
|
|
|
r = logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT);
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
if (r != 0)
|
|
|
|
err(EXIT_FAILURE,
|
|
|
|
_("failed to set the %s environment variable"), "PATH");
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Update `environ' for the new shell based on PW, with SHELL being
|
|
|
|
the value for the SHELL environment variable. */
|
|
|
|
|
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
modify_environment(struct su_context *su, const struct passwd *pw, const char *shell)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->simulate_login) {
|
2016-10-13 06:06:35 -05:00
|
|
|
/* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
|
|
|
|
Unset all other environment variables. */
|
|
|
|
char *term = getenv("TERM");
|
|
|
|
if (term)
|
|
|
|
term = xstrdup(term);
|
|
|
|
environ = xmalloc((6 + ! !term) * sizeof(char *));
|
|
|
|
environ[0] = NULL;
|
|
|
|
if (term) {
|
|
|
|
xsetenv("TERM", term, 1);
|
|
|
|
free(term);
|
|
|
|
}
|
|
|
|
xsetenv("HOME", pw->pw_dir, 1);
|
|
|
|
if (shell)
|
|
|
|
xsetenv("SHELL", shell, 1);
|
|
|
|
xsetenv("USER", pw->pw_name, 1);
|
|
|
|
xsetenv("LOGNAME", pw->pw_name, 1);
|
|
|
|
set_path(pw);
|
|
|
|
} else {
|
|
|
|
/* Set HOME, SHELL, and (if not becoming a superuser)
|
|
|
|
USER and LOGNAME. */
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->change_environment) {
|
2016-10-13 06:06:35 -05:00
|
|
|
xsetenv("HOME", pw->pw_dir, 1);
|
|
|
|
if (shell)
|
|
|
|
xsetenv("SHELL", shell, 1);
|
|
|
|
if (getlogindefs_bool("ALWAYS_SET_PATH", 0))
|
|
|
|
set_path(pw);
|
|
|
|
|
|
|
|
if (pw->pw_uid) {
|
|
|
|
xsetenv("USER", pw->pw_name, 1);
|
|
|
|
xsetenv("LOGNAME", pw->pw_name, 1);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
export_pamenv(su);
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Become the user and group(s) specified by PW. */
|
|
|
|
|
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
init_groups(struct su_context *su, const struct passwd *pw, gid_t * groups, size_t num_groups)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
int retval;
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
|
|
|
|
if (num_groups)
|
|
|
|
retval = setgroups(num_groups, groups);
|
|
|
|
else
|
|
|
|
retval = initgroups(pw->pw_name, pw->pw_gid);
|
|
|
|
|
|
|
|
if (retval == -1) {
|
2016-10-13 07:22:52 -05:00
|
|
|
cleanup_pam(su, PAM_ABORT);
|
2016-10-13 06:06:35 -05:00
|
|
|
err(EXIT_FAILURE, _("cannot set groups"));
|
|
|
|
}
|
|
|
|
endgrent();
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
retval = pam_setcred(su->pamh, PAM_ESTABLISH_CRED);
|
2016-10-13 06:06:35 -05:00
|
|
|
if (is_pam_failure(retval))
|
2016-10-13 07:22:52 -05:00
|
|
|
errx(EXIT_FAILURE, "%s", pam_strerror(su->pamh, retval));
|
2016-10-13 06:06:35 -05:00
|
|
|
else
|
2016-10-13 07:22:52 -05:00
|
|
|
su->pam_has_cred = 1;
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
2017-04-15 15:46:38 -05:00
|
|
|
change_identity (const struct passwd * const pw)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
if (setgid(pw->pw_gid))
|
|
|
|
err(EXIT_FAILURE, _("cannot set group id"));
|
|
|
|
if (setuid(pw->pw_uid))
|
|
|
|
err(EXIT_FAILURE, _("cannot set user id"));
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
|
|
|
|
If COMMAND is nonzero, pass it to the shell with the -c option.
|
|
|
|
Pass ADDITIONAL_ARGS to the shell as more arguments; there
|
|
|
|
are N_ADDITIONAL_ARGS extra arguments. */
|
|
|
|
|
|
|
|
static void
|
2016-10-13 07:22:52 -05:00
|
|
|
run_shell(struct su_context *su,
|
|
|
|
char const *shell, char const *command, char **additional_args,
|
|
|
|
size_t n_additional_args)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
size_t n_args =
|
2016-10-13 07:22:52 -05:00
|
|
|
1 + su->fast_startup + 2 * ! !command + n_additional_args + 1;
|
2016-10-13 06:06:35 -05:00
|
|
|
char const **args = xcalloc(n_args, sizeof *args);
|
|
|
|
size_t argno = 1;
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->simulate_login) {
|
2016-10-13 06:06:35 -05:00
|
|
|
char *arg0;
|
|
|
|
char *shell_basename;
|
|
|
|
|
|
|
|
shell_basename = basename(shell);
|
|
|
|
arg0 = xmalloc(strlen(shell_basename) + 2);
|
|
|
|
arg0[0] = '-';
|
|
|
|
strcpy(arg0 + 1, shell_basename);
|
|
|
|
args[0] = arg0;
|
|
|
|
} else
|
|
|
|
args[0] = basename(shell);
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->fast_startup)
|
2016-10-13 06:06:35 -05:00
|
|
|
args[argno++] = "-f";
|
|
|
|
if (command) {
|
|
|
|
args[argno++] = "-c";
|
|
|
|
args[argno++] = command;
|
|
|
|
}
|
|
|
|
memcpy(args + argno, additional_args, n_additional_args * sizeof *args);
|
|
|
|
args[argno + n_additional_args] = NULL;
|
|
|
|
execv(shell, (char **)args);
|
|
|
|
|
|
|
|
{
|
|
|
|
int exit_status =
|
|
|
|
(errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE);
|
|
|
|
warn(_("failed to execute %s"), shell);
|
|
|
|
exit(exit_status);
|
|
|
|
}
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Return true if SHELL is a restricted shell (one not returned by
|
|
|
|
getusershell), else false, meaning it is a standard shell. */
|
|
|
|
|
|
|
|
static bool
|
2017-04-15 15:46:38 -05:00
|
|
|
restricted_shell (const char * const shell)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
char *line;
|
|
|
|
|
|
|
|
setusershell();
|
|
|
|
while ((line = getusershell()) != NULL) {
|
|
|
|
if (*line != '#' && !strcmp(line, shell)) {
|
|
|
|
endusershell();
|
|
|
|
return false;
|
|
|
|
}
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
2016-10-13 06:06:35 -05:00
|
|
|
endusershell();
|
|
|
|
return true;
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
2016-10-13 07:40:54 -05:00
|
|
|
static void usage_common(void)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 07:40:54 -05:00
|
|
|
fputs(_(" -m, -p, --preserve-environment do not reset environment variables\n"), stdout);
|
|
|
|
fputs(_(" -g, --group <group> specify the primary group\n"), stdout);
|
|
|
|
fputs(_(" -G, --supp-group <group> specify a supplemental group\n"), stdout);
|
|
|
|
fputs(USAGE_SEPARATOR, stdout);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
2016-10-13 07:40:54 -05:00
|
|
|
fputs(_(" -, -l, --login make the shell a login shell\n"), stdout);
|
|
|
|
fputs(_(" -c, --command <command> pass a single command to the shell with -c\n"), stdout);
|
|
|
|
fputs(_(" --session-command <command> pass a single command to the shell with -c\n"
|
|
|
|
" and do not create a new session\n"), stdout);
|
|
|
|
fputs(_(" -f, --fast pass -f to the shell (for csh or tcsh)\n"), stdout);
|
|
|
|
fputs(_(" -s, --shell <shell> run <shell> if /etc/shells allows it\n"), stdout);
|
|
|
|
|
|
|
|
fputs(USAGE_SEPARATOR, stdout);
|
|
|
|
printf(USAGE_HELP_OPTIONS(33));
|
|
|
|
|
|
|
|
}
|
2016-10-13 06:06:35 -05:00
|
|
|
|
2016-10-13 07:40:54 -05:00
|
|
|
static void __attribute__ ((__noreturn__)) usage_runuser(void)
|
|
|
|
{
|
|
|
|
fputs(USAGE_HEADER, stdout);
|
|
|
|
fprintf(stdout,
|
|
|
|
_(" %1$s [options] -u <user> [[--] <command>]\n"
|
|
|
|
" %1$s [options] [-] [<user> [<argument>...]]\n"),
|
|
|
|
program_invocation_short_name);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
fputs(USAGE_SEPARATOR, stdout);
|
2016-10-13 07:40:54 -05:00
|
|
|
fputs(_("Run <command> with the effective user ID and group ID of <user>. If -u is\n"
|
|
|
|
"not given, fall back to su(1)-compatible semantics and execute standard shell.\n"
|
|
|
|
"The options -c, -f, -l, and -s are mutually exclusive with -u.\n"), stdout);
|
|
|
|
|
|
|
|
fputs(USAGE_OPTIONS, stdout);
|
|
|
|
fputs(_(" -u, --user <user> username\n"), stdout);
|
|
|
|
usage_common();
|
|
|
|
fputs(USAGE_SEPARATOR, stdout);
|
|
|
|
|
|
|
|
fprintf(stdout, USAGE_MAN_TAIL("runuser(1)"));
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void __attribute__ ((__noreturn__)) usage_su(void)
|
|
|
|
{
|
|
|
|
fputs(USAGE_HEADER, stdout);
|
|
|
|
fprintf(stdout,
|
|
|
|
_(" %s [options] [-] [<user> [<argument>...]]\n"),
|
|
|
|
program_invocation_short_name);
|
|
|
|
|
|
|
|
fputs(USAGE_SEPARATOR, stdout);
|
|
|
|
fputs(_("Change the effective user ID and group ID to that of <user>.\n"
|
|
|
|
"A mere - implies -l. If <user> is not given, root is assumed.\n"), stdout);
|
|
|
|
|
|
|
|
fputs(USAGE_OPTIONS, stdout);
|
|
|
|
usage_common();
|
|
|
|
|
|
|
|
fprintf(stdout, USAGE_MAN_TAIL("su(1)"));
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void usage(int mode)
|
|
|
|
{
|
|
|
|
if (mode == SU_MODE)
|
|
|
|
usage_su();
|
|
|
|
else
|
|
|
|
usage_runuser();
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
static void load_config(void *data)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 07:22:52 -05:00
|
|
|
struct su_context *su = (struct su_context *) data;
|
2016-10-13 06:06:35 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
logindefs_load_file(su->runuser ? _PATH_LOGINDEFS_RUNUSER : _PATH_LOGINDEFS_SU);
|
2016-10-13 06:06:35 -05:00
|
|
|
logindefs_load_file(_PATH_LOGINDEFS);
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Returns 1 if the current user is not root
|
|
|
|
*/
|
|
|
|
static int
|
|
|
|
evaluate_uid(void)
|
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
const uid_t ruid = getuid();
|
|
|
|
const uid_t euid = geteuid();
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
/* if we're really root and aren't running setuid */
|
|
|
|
return (uid_t) 0 == ruid && ruid == euid ? 0 : 1;
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
2016-02-15 06:55:37 -06:00
|
|
|
static gid_t
|
2016-10-13 06:06:35 -05:00
|
|
|
add_supp_group(const char *name, gid_t ** groups, size_t * ngroups)
|
2016-02-15 06:55:37 -06:00
|
|
|
{
|
2016-10-13 06:06:35 -05:00
|
|
|
struct group *gr;
|
2016-02-15 06:55:37 -06:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
if (*ngroups >= NGROUPS_MAX)
|
|
|
|
errx(EXIT_FAILURE,
|
|
|
|
P_
|
|
|
|
("specifying more than %d supplemental group is not possible",
|
|
|
|
"specifying more than %d supplemental groups is not possible",
|
|
|
|
NGROUPS_MAX - 1), NGROUPS_MAX - 1);
|
2016-02-15 06:55:37 -06:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
gr = getgrnam(name);
|
|
|
|
if (!gr)
|
|
|
|
errx(EXIT_FAILURE, _("group %s does not exist"), name);
|
2016-02-15 06:55:37 -06:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
*groups = xrealloc(*groups, sizeof(gid_t) * (*ngroups + 1));
|
|
|
|
(*groups)[*ngroups] = gr->gr_gid;
|
|
|
|
(*ngroups)++;
|
2016-02-15 06:55:37 -06:00
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
return gr->gr_gid;
|
2016-02-15 06:55:37 -06:00
|
|
|
}
|
|
|
|
|
2012-08-28 11:10:58 -05:00
|
|
|
int
|
2016-10-13 06:06:35 -05:00
|
|
|
su_main(int argc, char **argv, int mode)
|
2012-08-28 11:10:58 -05:00
|
|
|
{
|
2016-10-13 07:22:52 -05:00
|
|
|
struct su_context _su = {
|
|
|
|
.conv = { su_pam_conv, NULL },
|
|
|
|
.runuser = (mode == RUNUSER_MODE ? 1 : 0),
|
|
|
|
.change_environment = 1
|
|
|
|
}, *su = &_su;
|
|
|
|
|
2016-10-13 06:06:35 -05:00
|
|
|
int optc;
|
|
|
|
const char *new_user = DEFAULT_USER, *runuser_user = NULL;
|
|
|
|
char *command = NULL;
|
|
|
|
int request_same_session = 0;
|
|
|
|
char *shell = NULL;
|
|
|
|
struct passwd *pw;
|
|
|
|
struct passwd pw_copy;
|
|
|
|
|
|
|
|
gid_t *groups = NULL;
|
|
|
|
size_t ngroups = 0;
|
|
|
|
bool use_supp = false;
|
|
|
|
bool use_gid = false;
|
|
|
|
gid_t gid = 0;
|
|
|
|
|
|
|
|
static const struct option longopts[] = {
|
|
|
|
{"command", required_argument, NULL, 'c'},
|
|
|
|
{"session-command", required_argument, NULL, 'C'},
|
|
|
|
{"fast", no_argument, NULL, 'f'},
|
|
|
|
{"login", no_argument, NULL, 'l'},
|
|
|
|
{"preserve-environment", no_argument, NULL, 'p'},
|
|
|
|
{"shell", required_argument, NULL, 's'},
|
|
|
|
{"group", required_argument, NULL, 'g'},
|
|
|
|
{"supp-group", required_argument, NULL, 'G'},
|
|
|
|
{"user", required_argument, NULL, 'u'}, /* runuser only */
|
|
|
|
{"help", no_argument, 0, 'h'},
|
|
|
|
{"version", no_argument, 0, 'V'},
|
|
|
|
{NULL, 0, NULL, 0}
|
|
|
|
};
|
|
|
|
|
|
|
|
setlocale(LC_ALL, "");
|
|
|
|
bindtextdomain(PACKAGE, LOCALEDIR);
|
|
|
|
textdomain(PACKAGE);
|
|
|
|
atexit(close_stdout);
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
su->conv.appdata_ptr = (void *) su;
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
while ((optc =
|
|
|
|
getopt_long(argc, argv, "c:fg:G:lmps:u:hV", longopts,
|
|
|
|
NULL)) != -1) {
|
|
|
|
switch (optc) {
|
|
|
|
case 'c':
|
|
|
|
command = optarg;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'C':
|
|
|
|
command = optarg;
|
|
|
|
request_same_session = 1;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'f':
|
2016-10-13 07:22:52 -05:00
|
|
|
su->fast_startup = true;
|
2016-10-13 06:06:35 -05:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'g':
|
|
|
|
use_gid = true;
|
|
|
|
gid = add_supp_group(optarg, &groups, &ngroups);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'G':
|
|
|
|
use_supp = true;
|
|
|
|
add_supp_group(optarg, &groups, &ngroups);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'l':
|
2016-10-13 07:22:52 -05:00
|
|
|
su->simulate_login = true;
|
2016-10-13 06:06:35 -05:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 'm':
|
|
|
|
case 'p':
|
2016-10-13 07:22:52 -05:00
|
|
|
su->change_environment = false;
|
2016-10-13 06:06:35 -05:00
|
|
|
break;
|
|
|
|
|
|
|
|
case 's':
|
|
|
|
shell = optarg;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'u':
|
2016-10-13 07:22:52 -05:00
|
|
|
if (!su->runuser)
|
2016-10-13 07:40:54 -05:00
|
|
|
errtryhelp(EXIT_FAILURE);
|
2016-10-13 06:06:35 -05:00
|
|
|
runuser_user = optarg;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case 'h':
|
2016-10-13 07:40:54 -05:00
|
|
|
usage(mode);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
case 'V':
|
|
|
|
printf(UTIL_LINUX_VERSION);
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
|
|
|
|
default:
|
2016-10-13 07:40:54 -05:00
|
|
|
errtryhelp(EXIT_FAILURE);
|
2016-10-13 06:06:35 -05:00
|
|
|
}
|
|
|
|
}
|
2012-08-28 11:10:58 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
su->restricted = evaluate_uid();
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
if (optind < argc && !strcmp(argv[optind], "-")) {
|
2016-10-13 07:22:52 -05:00
|
|
|
su->simulate_login = true;
|
2016-10-13 06:06:35 -05:00
|
|
|
++optind;
|
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->simulate_login && !su->change_environment) {
|
2016-10-13 06:06:35 -05:00
|
|
|
warnx(_
|
|
|
|
("ignoring --preserve-environment, it's mutually exclusive with --login"));
|
2016-10-13 07:22:52 -05:00
|
|
|
su->change_environment = true;
|
2016-10-13 06:06:35 -05:00
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
switch (mode) {
|
2016-10-13 06:06:35 -05:00
|
|
|
case RUNUSER_MODE:
|
|
|
|
if (runuser_user) {
|
|
|
|
/* runuser -u <user> <command> */
|
|
|
|
new_user = runuser_user;
|
2016-10-13 07:22:52 -05:00
|
|
|
if (shell || su->fast_startup || command || su->simulate_login) {
|
2016-10-13 06:06:35 -05:00
|
|
|
errx(EXIT_FAILURE,
|
|
|
|
_
|
|
|
|
("options --{shell,fast,command,session-command,login} and "
|
|
|
|
"--user are mutually exclusive"));
|
|
|
|
}
|
|
|
|
if (optind == argc)
|
|
|
|
errx(EXIT_FAILURE,
|
|
|
|
_("no command was specified"));
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
/* fallthrough if -u <user> is not specified, then follow
|
|
|
|
* traditional su(1) behavior
|
|
|
|
*/
|
|
|
|
case SU_MODE:
|
|
|
|
if (optind < argc)
|
|
|
|
new_user = argv[optind++];
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if ((use_supp || use_gid) && su->restricted)
|
2016-10-13 06:06:35 -05:00
|
|
|
errx(EXIT_FAILURE,
|
|
|
|
_("only root can specify alternative groups"));
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
logindefs_set_loader(load_config, (void *) su);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
pw = getpwnam(new_user);
|
|
|
|
if (!(pw && pw->pw_name && pw->pw_name[0] && pw->pw_dir && pw->pw_dir[0]
|
|
|
|
&& pw->pw_passwd))
|
|
|
|
errx(EXIT_FAILURE, _("user %s does not exist"), new_user);
|
|
|
|
|
|
|
|
/* Make a copy of the password information and point pw at the local
|
|
|
|
copy instead. Otherwise, some systems (e.g. Linux) would clobber
|
|
|
|
the static data through the getlogin call from log_su.
|
|
|
|
Also, make sure pw->pw_shell is a nonempty string.
|
|
|
|
It may be NULL when NEW_USER is a username that is retrieved via NIS (YP),
|
|
|
|
but that doesn't have a default shell listed. */
|
|
|
|
pw_copy = *pw;
|
|
|
|
pw = &pw_copy;
|
|
|
|
pw->pw_name = xstrdup(pw->pw_name);
|
|
|
|
pw->pw_passwd = xstrdup(pw->pw_passwd);
|
|
|
|
pw->pw_dir = xstrdup(pw->pw_dir);
|
|
|
|
pw->pw_shell = xstrdup(pw->pw_shell && pw->pw_shell[0]
|
|
|
|
? pw->pw_shell : DEFAULT_SHELL);
|
|
|
|
endpwent();
|
|
|
|
|
|
|
|
if (use_supp && !use_gid)
|
|
|
|
pw->pw_gid = groups[0];
|
|
|
|
else if (use_gid)
|
|
|
|
pw->pw_gid = gid;
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
authenticate(su, pw);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
if (request_same_session || !command || !pw->pw_uid)
|
2016-10-13 07:22:52 -05:00
|
|
|
su->same_session = 1;
|
2016-10-13 06:06:35 -05:00
|
|
|
|
|
|
|
/* initialize shell variable only if "-u <user>" not specified */
|
|
|
|
if (runuser_user) {
|
|
|
|
shell = NULL;
|
|
|
|
} else {
|
2016-10-13 07:22:52 -05:00
|
|
|
if (!shell && !su->change_environment)
|
2016-10-13 06:06:35 -05:00
|
|
|
shell = getenv("SHELL");
|
|
|
|
if (shell && getuid() != 0 && restricted_shell(pw->pw_shell)) {
|
|
|
|
/* The user being su'd to has a nonstandard shell, and so is
|
|
|
|
probably a uucp account or has restricted access. Don't
|
|
|
|
compromise the account by allowing access with a standard
|
|
|
|
shell. */
|
|
|
|
warnx(_("using restricted shell %s"), pw->pw_shell);
|
|
|
|
shell = NULL;
|
|
|
|
}
|
|
|
|
shell = xstrdup(shell ? shell : pw->pw_shell);
|
2012-08-28 11:10:58 -05:00
|
|
|
}
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
init_groups(su, pw, groups, ngroups);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if (!su->simulate_login || command)
|
|
|
|
su->suppress_pam_info = 1; /* don't print PAM info messages */
|
2016-10-13 06:06:35 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
create_watching_parent(su);
|
2016-10-13 06:06:35 -05:00
|
|
|
/* Now we're in the child. */
|
|
|
|
|
|
|
|
change_identity(pw);
|
2016-10-13 07:22:52 -05:00
|
|
|
if (!su->same_session)
|
2016-10-13 06:06:35 -05:00
|
|
|
setsid();
|
|
|
|
|
|
|
|
/* Set environment after pam_open_session, which may put KRB5CCNAME
|
|
|
|
into the pam_env, etc. */
|
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
modify_environment(su, pw, shell);
|
2016-10-13 06:06:35 -05:00
|
|
|
|
2016-10-13 07:22:52 -05:00
|
|
|
if (su->simulate_login && chdir(pw->pw_dir) != 0)
|
2016-10-13 06:06:35 -05:00
|
|
|
warn(_("warning: cannot change directory to %s"), pw->pw_dir);
|
|
|
|
|
|
|
|
if (shell)
|
2016-10-13 07:22:52 -05:00
|
|
|
run_shell(su, shell, command, argv + optind, max(0, argc - optind));
|
|
|
|
|
|
|
|
execvp(argv[optind], &argv[optind]);
|
|
|
|
err(EXIT_FAILURE, _("failed to execute %s"), argv[optind]);
|
2016-10-13 06:06:35 -05:00
|
|
|
}
|