![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to su.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 3BSD / cmd|
Return to su.c CVS log | Up to [CSRG BSD Unix] / 3BSD / cmd |
1.1 ! root 1: #include <stdio.h> ! 2: #include <pwd.h> ! 3: ! 4: struct passwd *pwd,*getpwnam(); ! 5: char *crypt(); ! 6: char *getpass(); ! 7: ! 8: main(argc,argv) ! 9: int argc; ! 10: char **argv; ! 11: { ! 12: char *nptr; ! 13: char *password; ! 14: int badsw = 0; ! 15: char *shell = "/bin/sh"; ! 16: ! 17: if(argc > 1) ! 18: nptr = argv[1]; ! 19: else ! 20: nptr = "root"; ! 21: if((pwd=getpwnam(nptr)) == NULL) { ! 22: printf("Unknown id: %s\n",nptr); ! 23: exit(1); ! 24: } ! 25: if(pwd->pw_passwd[0] == '\0' || getuid() == 0) ! 26: goto ok; ! 27: password = getpass("Password:"); ! 28: if(badsw || (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0)) { ! 29: bad: ! 30: printf("Sorry\n"); ! 31: if(pwd->pw_uid == 0) { ! 32: FILE *console = fopen("/dev/console", "w"); ! 33: if (console != NULL) { ! 34: fprintf(console, "BADSU: %s %s\r\n", getlogin(), ttyname(2)); ! 35: fclose(console); ! 36: } ! 37: } ! 38: exit(2); ! 39: } ! 40: if(pwd->pw_uid == 0 && badroot(getgid(),getuid())) ! 41: goto bad; ! 42: ! 43: ok: ! 44: endpwent(); ! 45: if(pwd->pw_uid == 0) { ! 46: FILE *console = fopen("/dev/console", "w"); ! 47: if (console != NULL) { ! 48: fprintf(console, "SU: %s %s\r\n", getlogin(), ttyname(2)); ! 49: fclose(console); ! 50: } ! 51: } ! 52: setgid(pwd->pw_gid); ! 53: setuid(pwd->pw_uid); ! 54: if (pwd->pw_shell && *pwd->pw_shell) ! 55: shell = pwd->pw_shell; ! 56: homeis(pwd->pw_dir); ! 57: shellis(shell); ! 58: execl(shell, "su", 0); ! 59: printf("No shell\n"); ! 60: exit(3); ! 61: } ! 62: badroot(gid,uid) ! 63: { ! 64: /* ! 65: if(gid!=10 || (uid > 15 && (uid!=40 && uid!=209 && uid!=203 ! 66: && uid!=54 && uid!=245))) ! 67: return(1); ! 68: else ! 69: */ ! 70: return(0); ! 71: } ! 72: ! 73: char **environ; ! 74: ! 75: homeis(hp) ! 76: char *hp; ! 77: { ! 78: register char *cp, *dp; ! 79: register char **ep = environ; ! 80: static char homebuf[128]; ! 81: ! 82: while (dp = *ep++) { ! 83: for (cp = "HOME"; *cp == *dp && *cp; cp++, dp++) ! 84: continue; ! 85: if (*cp == 0 && (*dp == '=' || *dp == 0)) { ! 86: strcpy(homebuf, "HOME="); ! 87: strcat(homebuf, hp); ! 88: *--ep = homebuf; ! 89: return; ! 90: } ! 91: } ! 92: } ! 93: ! 94: shellis(sp) ! 95: char *sp; ! 96: { ! 97: register char *cp, *dp; ! 98: register char **ep = environ; ! 99: static char shellbuf[128]; ! 100: ! 101: while (dp = *ep++) { ! 102: for (cp = "SHELL"; *cp == *dp && *cp; cp++, dp++) ! 103: continue; ! 104: if (*cp == 0 && (*dp == '=' || *dp == 0)) { ! 105: strcpy(shellbuf, "SHELL="); ! 106: strcat(shellbuf, sp); ! 107: *--ep = shellbuf; ! 108: return; ! 109: } ! 110: } ! 111: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.