| blob | 70828b8fd8603a4f9c950a28fb164b98d80ac08d |
1 /* su for GNU. Run a shell with substitute user and group IDs.
2 Copyright (C) 1992-2006 Free Software Foundation, Inc.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
7 any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
18 /* Run a shell with the real and effective UID and GID and groups
19 of USER, default `root'.
21 The shell run is taken from USER's password entry, /bin/sh if
22 none is specified there. If the account has a password, su
23 prompts for a password unless run by a user with real UID 0.
25 Does not change the current directory.
26 Sets `HOME' and `SHELL' from the password entry for USER, and if
27 USER is not root, sets `USER' and `LOGNAME' to USER.
28 The subshell is not a login shell.
30 If one or more ARGs are given, they are passed as additional
31 arguments to the subshell.
33 Does not handle /bin/sh or other shells specially
34 (setting argv[0] to "-su", passing -c only to certain shells, etc.).
35 I don't see the point in doing that, and it's ugly.
37 This program intentionally does not support a "wheel group" that
38 restricts who can su to UID 0 accounts. RMS considers that to
39 be fascist.
41 Compile-time options:
42 -DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
43 -DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
45 -DSYSLOG_NON_ROOT Log all su's, not just those to root (UID 0).
46 Never logs attempted su's to nonexistent accounts.
48 Written by David MacKenzie <djm@gnu.ai.mit.edu>. */
50 #include <config.h>
51 #include <stdio.h>
52 #include <getopt.h>
53 #include <sys/types.h>
54 #include <pwd.h>
55 #include <grp.h>
57 /* Hide any system prototype for getusershell.
58 This is necessary because some Cray systems have a conflicting
59 prototype (returning `int') in <unistd.h>. */
60 #define getusershell _getusershell_sys_proto_
65 #undef getusershell
67 #if HAVE_SYSLOG_H && HAVE_SYSLOG
68 # include <syslog.h>
69 #else
70 # undef SYSLOG_SUCCESS
71 # undef SYSLOG_FAILURE
72 # undef SYSLOG_NON_ROOT
73 #endif
75 #if HAVE_SYS_PARAM_H
76 # include <sys/param.h>
77 #endif
79 #ifndef HAVE_ENDGRENT
80 # define endgrent() ((void) 0)
81 #endif
83 #ifndef HAVE_ENDPWENT
84 # define endpwent() ((void) 0)
85 #endif
87 #if HAVE_SHADOW_H
88 # include <shadow.h>
89 #endif
93 /* The official name of this program (e.g., no `g' prefix). */
98 #if HAVE_PATHS_H
99 # include <paths.h>
100 #endif
102 /* The default PATH for simulated logins to non-superuser accounts. */
103 #ifdef _PATH_DEFPATH
104 # define DEFAULT_LOGIN_PATH _PATH_DEFPATH
105 #else
107 #endif
109 /* The default PATH for simulated logins to superuser accounts. */
110 #ifdef _PATH_DEFPATH_ROOT
111 # define DEFAULT_ROOT_LOGIN_PATH _PATH_DEFPATH_ROOT
112 #else
114 #endif
116 /* The shell to run if none is given in the user's passwd entry. */
119 /* The user to become if none is specified. */
130 ATTRIBUTE_NORETURN;
132 /* The name this program was run with. */
135 /* If true, pass the `-f' option to the subshell. */
138 /* If true, simulate a login instead of just starting a shell. */
141 /* If true, change some environment vars to indicate the user su'd to. */
145 {
154 };
156 /* Add NAME=VAL to the environment, checking for out of memory errors. */
158 static void
160 {
169 }
171 #if defined SYSLOG_SUCCESS || defined SYSLOG_FAILURE
172 /* Log the fact that someone has run su to the user given by PW;
173 if SUCCESSFUL is true, they gave the correct password, etc. */
175 static void
177 {
180 # ifndef SYSLOG_NON_ROOT
183 # endif
185 /* The utmp entry (via getlogin) is probably the best way to identify
186 the user, especially if someone su's from a su-shell. */
189 {
190 /* getlogin can fail -- usually due to lack of utmp entry.
191 Resort to getpwuid. */
194 }
198 /* 4.2BSD openlog doesn't have the third parameter. */
200 # ifdef LOG_AUTH
201 , LOG_AUTH
202 # endif
203 );
205 # ifdef SYSLOG_NON_ROOT
207 # else
209 # endif
211 # ifdef SYSLOG_NON_ROOT
212 new_user,
213 # endif
216 }
217 #endif
219 /* Ask the user for a password.
220 Return true if the user gives the correct password for entry PW,
221 false if not. Return true without asking for a password if run by UID 0
222 or if PW has an empty password. */
224 static bool
226 {
228 #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
229 /* Shadow passwd stuff for SVR3 and maybe other systems. */
235 else
236 #endif
244 {
247 }
251 }
253 /* Update `environ' for the new shell based on PW, with SHELL being
254 the value for the SHELL environment variable. */
256 static void
258 {
260 {
261 /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
262 Unset all other environment variables. */
275 ? DEFAULT_LOGIN_PATH
277 }
278 else
279 {
280 /* Set HOME, SHELL, and if not becoming a super-user,
281 USER and LOGNAME. */
283 {
287 {
290 }
291 }
292 }
293 }
295 /* Become the user and group(s) specified by PW. */
297 static void
299 {
300 #ifdef HAVE_INITGROUPS
305 #endif
310 }
312 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
313 If COMMAND is nonzero, pass it to the shell with the -c option.
314 Pass ADDITIONAL_ARGS to the shell as more arguments; there
315 are N_ADDITIONAL_ARGS extra arguments. */
317 static void
320 {
326 {
335 }
336 else
341 {
344 }
349 {
353 }
354 }
356 /* Return true if SHELL is a restricted shell (one not returned by
357 getusershell), else false, meaning it is a standard shell. */
359 static bool
361 {
366 {
368 {
371 }
372 }
375 }
377 void
379 {
382 program_name);
383 else
384 {
403 }
405 }
407 int
409 {
431 {
433 {
455 case_GETOPT_HELP_CHAR;
461 }
462 }
465 {
468 }
477 /* Make a copy of the password information and point pw at the local
478 copy instead. Otherwise, some systems (e.g. Linux) would clobber
479 the static data through the getlogin call from log_su.
480 Also, make sure pw->pw_shell is a nonempty string.
481 It may be NULL when NEW_USER is a username that is retrieved via NIS (YP),
482 but that doesn't have a default shell listed. */
494 {
495 #ifdef SYSLOG_FAILURE
497 #endif
499 }
500 #ifdef SYSLOG_SUCCESS
501 else
502 {
504 }
505 #endif
510 {
511 /* The user being su'd to has a nonstandard shell, and so is
512 probably a uucp account or has restricted access. Don't
513 compromise the account by allowing access with a standard
514 shell. */
517 }
526 }