| blob | ca58dca9e6cbf2a866eecf34bc9f168bd4eec51d |
1 /* opiesu.c: main body of code for the su(1m) program
3 %%% portions-copyright-cmetz-96
4 Portions of this software are Copyright 1996-1999 by Craig Metz, All Rights
5 Reserved. The Inner Net License Version 2 applies to these portions of
6 the software.
7 You should have received a copy of the license with this software. If
8 you didn't get a copy, you may request one from <license@inner.net>.
10 Portions of this software are Copyright 1995 by Randall Atkinson and Dan
11 McDonald, All Rights Reserved. All Rights under this copyright are assigned
12 to the U.S. Naval Research Laboratory (NRL). The NRL Copyright Notice and
13 License Agreement applies to this software.
15 History:
17 Modified by cmetz for OPIE 2.4. Check euid on startup. Use
18 opiestrncpy().
19 Modified by cmetz for OPIE 2.32. Set up TERM and PATH correctly.
20 Modified by cmetz for OPIE 2.31. Fix sulog(). Replaced Getlogin() with
21 currentuser. Fixed fencepost error in month printed by sulog().
22 Modified by cmetz for OPIE 2.3. Limit the length of TERM on full login.
23 Use HAVE_SULOG instead of DOSULOG.
24 Modified by cmetz for OPIE 2.2. Don't try to clear non-blocking I/O.
25 Use opiereadpass(). Minor speedup. Removed termios manipulation
26 -- that's opiereadpass()'s job. Change opiereadpass() calls
27 to add echo arg. Removed useless strings (I don't think that
28 removing the ucb copyright one is a problem -- please let me
29 know if I'm wrong). Use FUNCTION declaration et al. Ifdef
30 around some headers. Make everything static. Removed
31 closelog() prototype. Use the same catchexit() trickery as
32 opielogin.
33 Modified at NRL for OPIE 2.2. Changed opiestrip_crlf to
34 opiestripcrlf.
35 Modified at NRL for OPIE 2.1. Added struct group declaration.
36 Added Solaris(+others?) sulog capability. Symbol changes
37 for autoconf. Removed des_crypt.h. File renamed to
38 opiesu.c. Symbol+misc changes for autoconf. Added bletch
39 for setpriority.
40 Modified at NRL for OPIE 2.02. Added SU_STAR_CHECK (turning a bug
41 into a feature ;). Fixed Solaris shadow password problem
42 introduced in OPIE 2.01 (the shadow password structure is
43 spwd, not spasswd).
44 Modified at NRL for OPIE 2.01. Changed password lookup handling
45 to use a static structure to avoid problems with drain-
46 bamaged shadow password packages. Always log failures.
47 Make sure to close syslog by function to avoid problems
48 with drain bamaged syslog implementations. Log a few
49 interesting errors.
50 Modified at NRL for OPIE 2.0.
51 Modified at Bellcore for the S/Key Version 1 software distribution.
52 Originally from BSD.
53 */
55 /*
56 * Copyright (c) 1980 Regents of the University of California.
57 * All rights reserved. The Berkeley software License Agreement
58 * specifies the terms and conditions for redistribution.
59 */
63 #include <stdio.h>
64 #if HAVE_PWD_H
65 #include <pwd.h>
67 #include <grp.h>
68 #include <syslog.h>
69 #include <sys/types.h>
70 #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
71 #if TIME_WITH_SYS_TIME
72 # include <sys/time.h>
73 # include <time.h>
75 #if HAVE_SYS_TIME_H
76 #include <sys/time.h>
78 #include <time.h>
81 #include <sys/resource.h>
83 #if TM_IN_SYS_TIME
84 #include <sys/time.h>
86 #include <time.h>
89 #if HAVE_STDLIB_H
90 #include <stdlib.h>
92 #if HAVE_UNISTD_H
93 #include <unistd.h>
95 #if HAVE_STRING_H
96 #include <string.h>
98 #include <errno.h>
111 #if 0
122 #if HAVE_SHADOW_H
123 #include <shadow.h>
126 #if HAVE_CRYPT_H
127 #include <crypt.h>
130 static VOIDRET catchexit FUNCTION_NOARGS
131 {
136 }
138 /* We allow the malloc()s to potentially leak data out because we can
139 only call this routine about four times in the lifetime of this process
140 and the kernel will free all heap memory when we exit or exec. */
142 {
144 #if HAVE_SHADOW
168 #if HAVE_SHADOW
183 #if SU_STAR_CHECK
189 lookupuserbad:
192 }
195 {
199 /* this assumes an environment variable "ename" already exists */
207 }
208 }
209 }
211 #if HAVE_SULOG
213 {
222 else
234 }
240 }
244 {
259 {
266 };
271 };
272 };
276 again:
278 #if 0
279 fastlogin++;
281 #if INSECURE_OVERRIDE
289 }
291 console++;
294 }
296 fulllogin++;
297 argc--;
298 argv++;
300 }
303 argc--;
304 argv++;
305 }
308 {
316 #if HAVE_SULOG
320 }
332 };
336 #if HAVE_SULOG
341 }
344 syslog(LOG_CRIT, "'%s' failed for %s on %s: not running with superuser priveleges", argvbuf, currentuser, ttyname(2));
345 #if HAVE_SULOG
350 };
352 /* Implement the BSD "wheel group" su restriction. */
353 #if DOWHEEL
354 /* Only allow those in group zero to su to root? */
363 }
364 userok:
365 ;
366 #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
369 }
371 };
380 };
381 /* Get user's secret password */
382 fprintf(stderr, "Reminder - Only use this method from the console; NEVER from remote. If you\n");
383 fprintf(stderr, "are using telnet, xterm, or a dial-in, type ^C now or exit with no password.\n");
387 #if INSECURE_OVERRIDE
389 fprintf(stderr, "Warning: Continuing could disclose your secret pass phrase to an attacker!\n");
390 else
393 };
394 #if NEW_PROMPTS
400 /* Attempt an OTP challenge */
403 #if NEW_PROMPTS
411 };
412 #if !NEW_PROMPTS
418 #if !NEW_PROMPTS
420 /* Null line entered; turn echoing back on and read again */
424 }
428 /* Try regular password check, if allowed */
435 /* OPIE authentication succeeded */
438 else
442 };
443 };
444 error:
449 #if HAVE_SULOG
454 ok:
456 #if HAVE_SULOG
463 }
467 }
471 }
478 }
480 }
486 #if HAVE_SETPRIORITY && HAVE_SYS_RESOURCE_H
490 #if 0
500 }
504 }
508 #if DEBUG
514 }