home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Fresh Fish 8
/
FreshFishVol8-CD2.bin
/
bbs
/
gnu
/
sh-utils-1.12-src.lha
/
sh-utils-1.12
/
src
/
su.c
< prev
next >
Wrap
C/C++ Source or Header
|
1994-11-12
|
15KB
|
592 lines
/* su for GNU. Run a shell with substitute user and group IDs.
Copyright (C) 92, 93, 1994 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
/* Run a shell with the real and effective UID and GID and groups
of USER, default `root'.
The shell run is taken from USER's password entry, /bin/sh if
none is specified there. If the account has a password, su
prompts for a password unless run by a user with real UID 0.
Does not change the current directory.
Sets `HOME' and `SHELL' from the password entry for USER, and if
USER is not root, sets `USER' and `LOGNAME' to USER.
The subshell is not a login shell.
If one or more ARGs are given, they are passed as additional
arguments to the subshell.
Does not handle /bin/sh or other shells specially
(setting argv[0] to "-su", passing -c only to certain shells, etc.).
I don't see the point in doing that, and it's ugly.
This program intentionally does not support a "wheel group" that
restricts who can su to UID 0 accounts. RMS considers that to
be fascist.
Options:
-, -l, --login Make the subshell a login shell.
Unset all environment variables except
TERM, HOME and SHELL (set as above), and USER
and LOGNAME (set unconditionally as above), and
set PATH to a default value.
Change to USER's home directory.
Prepend "-" to the shell's name.
-c, --commmand=COMMAND
Pass COMMAND to the subshell with a -c option
instead of starting an interactive shell.
-f, --fast Pass the -f option to the subshell.
-m, -p, --preserve-environment
Do not change HOME, USER, LOGNAME, SHELL.
Run $SHELL instead of USER's shell from /etc/passwd
unless not the superuser and USER's shell is
restricted.
Overridden by --login and --shell.
-s, --shell=shell Run SHELL instead of USER's shell from /etc/passwd
unless not the superuser and USER's shell is
restricted.
Compile-time options:
-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
-DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
-DSYSLOG_NON_ROOT Log all su's, not just those to root (UID 0).
Never logs attempted su's to nonexistent accounts.
Written by David MacKenzie <djm@gnu.ai.mit.edu>. */
#include <config.h>
#include <stdio.h>
#include <getopt.h>
#include <sys/types.h>
#include <pwd.h>
#include <grp.h>
#include "system.h"
#if defined(HAVE_SYSLOG_H) && defined(HAVE_SYSLOG)
#include <syslog.h>
static void log_su ();
#else /* !HAVE_SYSLOG_H */
#ifdef SYSLOG_SUCCESS
#undef SYSLOG_SUCCESS
#endif
#ifdef SYSLOG_FAILURE
#undef SYSLOG_FAILURE
#endif
#ifdef SYSLOG_NON_ROOT
#undef SYSLOG_NON_ROOT
#endif
#endif /* !HAVE_SYSLOG_H */
#ifdef _POSIX_VERSION
#include <limits.h>
#ifdef NGROUPS_MAX
#undef NGROUPS_MAX
#endif
#define NGROUPS_MAX sysconf (_SC_NGROUPS_MAX)
#else /* not _POSIX_VERSION */
struct passwd *getpwuid ();
struct group *getgrgid ();
uid_t getuid ();
#include <sys/param.h>
#if !defined(NGROUPS_MAX) && defined(NGROUPS)
#define NGROUPS_MAX NGROUPS
#endif
#endif /* not _POSIX_VERSION */
#ifndef HAVE_ENDGRENT
#define endgrent()
#endif
#ifndef HAVE_ENDPWENT
#define endpwent()
#endif
#ifdef HAVE_SHADOW_H
#include <shadow.h>
#endif
#include "version.h"
/* The default PATH for simulated logins to non-superuser accounts. */
#define DEFAULT_LOGIN_PATH ":/bin"
/* The default PATH for simulated logins to superuser accounts. */
#define DEFAULT_ROOT_LOGIN_PATH "/gnu"
/* The shell to run if none is given in the user's passwd entry. */
#define DEFAULT_SHELL "/bin/sh"
/* The user to become if none is specified. */
#define DEFAULT_USER "root"
char *crypt ();
char *getpass ();
char *getusershell ();
void endusershell ();
void setusershell ();
char *basename ();
char *xmalloc ();
char *xrealloc ();
char *xstrdup ();
void error ();
static char *concat ();
static int correct_password ();
static int elements ();
static int restricted_shell ();
static void change_identity ();
static void modify_environment ();
static void run_shell ();
static void usage ();
static void xputenv ();
extern char **environ;
/* The name this program was run with. */
char *program_name;
/* If non-zero, display usage information and exit. */
static int show_help;
/* If non-zero, print the version on standard output and exit. */
static int show_version;
/* If nonzero, pass the `-f' option to the subshell. */
static int fast_startup;
/* If nonzero, simulate a login instead of just starting a shell. */
static int simulate_login;
/* If nonzero, change some environment vars to indicate the user su'd to. */
static int change_environment;
static struct option const longopts[] =
{
{"command", required_argument, 0, 'c'},
{"fast", no_argument, &fast_startup, 1},
{"help", no_argument, &show_help, 1},
{"login", no_argument, &simulate_login, 1},
{"preserve-environment", no_argument, &change_environment, 0},
{"shell", required_argument, 0, 's'},
{"version", no_argument, &show_version, 1},
{0, 0, 0, 0}
};
main (argc, argv)
int argc;
char **argv;
{
int optc;
const char *new_user = DEFAULT_USER;
char *command = 0;
char **additional_args = 0;
char *shell = 0;
struct passwd *pw;
struct passwd pw_copy;
program_name = argv[0];
fast_startup = 0;
simulate_login = 0;
change_environment = 1;
while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, (int *) 0))
!= EOF)
{
switch (optc)
{
case 0:
break;
case 'c':
command = optarg;
break;
case 'f':
fast_startup = 1;
break;
case 'l':
simulate_login = 1;
break;
case 'm':
case 'p':
change_environment = 0;
break;
case 's':
shell = optarg;
break;
default:
usage (1);
}
}
if (show_version)
{
printf ("su - %s\n", version_string);
exit (0);
}
if (show_help)
usage (0);
if (optind < argc && !strcmp (argv[optind], "-"))
{
simulate_login = 1;
++optind;
}
if (optind < argc)
new_user = argv[optind++];
if (optind < argc)
additional_args = argv + optind;
pw = getpwnam (new_user);
if (pw == 0)
error (1, 0, "user %s does not exist", new_user);
endpwent ();
/* Make a copy of the password information and point pw at the local
copy instead. Otherwise, some systems (e.g. Linux) would clobber
the static data through the getlogin call from log_su. */
pw_copy = *pw;
pw = &pw_copy;
pw->pw_name = xstrdup (pw->pw_name);
pw->pw_dir = xstrdup (pw->pw_dir);
pw->pw_shell = xstrdup (pw->pw_shell);
if (!correct_password (pw))
{
#ifdef SYSLOG_FAILURE
log_su (pw, 0);
#endif
error (1, 0, "incorrect password");
}
#ifdef SYSLOG_SUCCESS
else
{
log_su (pw, 1);
}
#endif
if (pw->pw_shell == 0 || pw->pw_shell[0] == 0)
pw->pw_shell = (char *) DEFAULT_SHELL;
if (shell == 0 && change_environment == 0)
shell = getenv ("SHELL");
if (shell != 0 && getuid () && restricted_shell (pw->pw_shell))
{
/* The user being su'd to has a nonstandard shell, and so is
probably a uucp account or has restricted access. Don't
compromise the account by allowing access with a standard
shell. */
error (0, 0, "using restricted shell %s", pw->pw_shell);
shell = 0;
}
if (shell == 0)
{
shell = xstrdup (pw->pw_shell);
}
modify_environment (pw, shell);
change_identity (pw);
if (simulate_login && chdir (pw->pw_dir))
error (0, errno, "warning: cannot change directory to %s", pw->pw_dir
