![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to su.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [CSRG BSD Unix] / 43BSD / bin|
Return to su.c CVS log | Up to [CSRG BSD Unix] / 43BSD / bin |
1.1 root 1: /*
2: * Copyright (c) 1980 Regents of the University of California.
3: * All rights reserved. The Berkeley software License Agreement
4: * specifies the terms and conditions for redistribution.
5: */
6:
7: #ifndef lint
8: char copyright[] =
9: "@(#) Copyright (c) 1980 Regents of the University of California.\n\
10: All rights reserved.\n";
11: #endif not lint
12:
13: #ifndef lint
14: static char sccsid[] = "@(#)su.c 5.4 (Berkeley) 1/13/86";
15: #endif not lint
16:
17: #include <stdio.h>
18: #include <pwd.h>
19: #include <grp.h>
20: #include <syslog.h>
21: #include <sys/types.h>
22: #include <sys/time.h>
23: #include <sys/resource.h>
24:
25: char userbuf[16] = "USER=";
26: char homebuf[128] = "HOME=";
27: char shellbuf[128] = "SHELL=";
28: char pathbuf[128] = "PATH=:/usr/ucb:/bin:/usr/bin";
29: char *cleanenv[] = { userbuf, homebuf, shellbuf, pathbuf, 0, 0 };
30: char *user = "root";
31: char *shell = "/bin/sh";
32: int fulllogin;
33: int fastlogin;
34:
35: extern char **environ;
36: struct passwd *pwd;
37: char *crypt();
38: char *getpass();
39: char *getenv();
40: char *getlogin();
41:
42: main(argc,argv)
43: int argc;
44: char *argv[];
45: {
46: char *password;
47: char buf[1000];
48: FILE *fp;
49: register char *p;
50:
51: openlog("su", LOG_ODELAY, LOG_AUTH);
52:
53: again:
54: if (argc > 1 && strcmp(argv[1], "-f") == 0) {
55: fastlogin++;
56: argc--, argv++;
57: goto again;
58: }
59: if (argc > 1 && strcmp(argv[1], "-") == 0) {
60: fulllogin++;
61: argc--, argv++;
62: goto again;
63: }
64: if (argc > 1 && argv[1][0] != '-') {
65: user = argv[1];
66: argc--, argv++;
67: }
68: if ((pwd = getpwuid(getuid())) == NULL) {
69: fprintf(stderr, "Who are you?\n");
70: exit(1);
71: }
72: strcpy(buf, pwd->pw_name);
73: if ((pwd = getpwnam(user)) == NULL) {
74: fprintf(stderr, "Unknown login: %s\n", user);
75: exit(1);
76: }
77: /*
78: * Only allow those in group zero to su to root.
79: */
80: if (pwd->pw_uid == 0) {
81: struct group *gr;
82: int i;
83:
84: if ((gr = getgrgid(0)) != NULL) {
85: for (i = 0; gr->gr_mem[i] != NULL; i++)
86: if (strcmp(buf, gr->gr_mem[i]) == 0)
87: goto userok;
88: fprintf(stderr, "You do not have permission to su %s\n",
89: user);
90: exit(1);
91: }
92: userok:
93: setpriority(PRIO_PROCESS, 0, -2);
94: }
95:
96: #define Getlogin() (((p = getlogin()) && *p) ? p : buf)
97: if (pwd->pw_passwd[0] == '\0' || getuid() == 0)
98: goto ok;
99: password = getpass("Password:");
100: if (strcmp(pwd->pw_passwd, crypt(password, pwd->pw_passwd)) != 0) {
101: fprintf(stderr, "Sorry\n");
102: if (pwd->pw_uid == 0) {
103: syslog(LOG_CRIT, "BAD SU %s on %s",
104: Getlogin(), ttyname(2));
105: }
106: exit(2);
107: }
108: ok:
109: endpwent();
110: if (pwd->pw_uid == 0) {
111: syslog(LOG_NOTICE, "%s on %s", Getlogin(), ttyname(2));
112: closelog();
113: }
114: if (setgid(pwd->pw_gid) < 0) {
115: perror("su: setgid");
116: exit(3);
117: }
118: if (initgroups(user, pwd->pw_gid)) {
119: fprintf(stderr, "su: initgroups failed\n");
120: exit(4);
121: }
122: if (setuid(pwd->pw_uid) < 0) {
123: perror("su: setuid");
124: exit(5);
125: }
126: if (pwd->pw_shell && *pwd->pw_shell)
127: shell = pwd->pw_shell;
128: if (fulllogin) {
129: cleanenv[4] = getenv("TERM");
130: environ = cleanenv;
131: }
132: if (strcmp(user, "root"))
133: setenv("USER", pwd->pw_name, userbuf);
134: setenv("SHELL", shell, shellbuf);
135: setenv("HOME", pwd->pw_dir, homebuf);
136: setpriority(PRIO_PROCESS, 0, 0);
137: if (fastlogin) {
138: *argv-- = "-f";
139: *argv = "su";
140: } else if (fulllogin) {
141: if (chdir(pwd->pw_dir) < 0) {
142: fprintf(stderr, "No directory\n");
143: exit(6);
144: }
145: *argv = "-su";
146: } else
147: *argv = "su";
148: execv(shell, argv);
149: fprintf(stderr, "No shell\n");
150: exit(7);
151: }
152:
153: setenv(ename, eval, buf)
154: char *ename, *eval, *buf;
155: {
156: register char *cp, *dp;
157: register char **ep = environ;
158:
159: /*
160: * this assumes an environment variable "ename" already exists
161: */
162: while (dp = *ep++) {
163: for (cp = ename; *cp == *dp && *cp; cp++, dp++)
164: continue;
165: if (*cp == 0 && (*dp == '=' || *dp == 0)) {
166: strcat(buf, eval);
167: *--ep = buf;
168: return;
169: }
170: }
171: }
172:
173: char *
174: getenv(ename)
175: char *ename;
176: {
177: register char *cp, *dp;
178: register char **ep = environ;
179:
180: while (dp = *ep++) {
181: for (cp = ename; *cp == *dp && *cp; cp++, dp++)
182: continue;
183: if (*cp == 0 && (*dp == '=' || *dp == 0))
184: return (*--ep);
185: }
186: return ((char *)0);
187: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.