1*cf5a6c84SAndroid Build Coastguard Worker /* su.c - switch user
2*cf5a6c84SAndroid Build Coastguard Worker *
3*cf5a6c84SAndroid Build Coastguard Worker * Copyright 2013 CE Strake <[email protected]>
4*cf5a6c84SAndroid Build Coastguard Worker *
5*cf5a6c84SAndroid Build Coastguard Worker * See http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/su.html
6*cf5a6c84SAndroid Build Coastguard Worker * TODO: log su attempts
7*cf5a6c84SAndroid Build Coastguard Worker * TODO: suid support
8*cf5a6c84SAndroid Build Coastguard Worker * Supports undocumented compatibility options: -m synonym for -p, - for -l
9*cf5a6c84SAndroid Build Coastguard Worker
10*cf5a6c84SAndroid Build Coastguard Worker USE_SU(NEWTOY(su, "^lmpu:g:c:s:[!lmp]", TOYFLAG_BIN|TOYFLAG_ROOTONLY))
11*cf5a6c84SAndroid Build Coastguard Worker
12*cf5a6c84SAndroid Build Coastguard Worker config SU
13*cf5a6c84SAndroid Build Coastguard Worker bool "su"
14*cf5a6c84SAndroid Build Coastguard Worker default y
15*cf5a6c84SAndroid Build Coastguard Worker help
16*cf5a6c84SAndroid Build Coastguard Worker usage: su [-lp] [-u UID] [-g GID,...] [-s SHELL] [-c CMD] [USER [COMMAND...]]
17*cf5a6c84SAndroid Build Coastguard Worker
18*cf5a6c84SAndroid Build Coastguard Worker Switch user, prompting for password of new user when not run as root.
19*cf5a6c84SAndroid Build Coastguard Worker
20*cf5a6c84SAndroid Build Coastguard Worker With one argument, switch to USER and run user's shell from /etc/passwd.
21*cf5a6c84SAndroid Build Coastguard Worker With no arguments, USER is root. If COMMAND line provided after USER,
22*cf5a6c84SAndroid Build Coastguard Worker exec() it as new USER (bypassing shell). If -u or -g specified, first
23*cf5a6c84SAndroid Build Coastguard Worker argument (if any) isn't USER (it's COMMAND).
24*cf5a6c84SAndroid Build Coastguard Worker
25*cf5a6c84SAndroid Build Coastguard Worker first argument is USER name to switch to (which must exist).
26*cf5a6c84SAndroid Build Coastguard Worker Non-root users are prompted for new user's password.
27*cf5a6c84SAndroid Build Coastguard Worker
28*cf5a6c84SAndroid Build Coastguard Worker -s Shell to use (default is user's shell from /etc/passwd)
29*cf5a6c84SAndroid Build Coastguard Worker -c Command line to pass to -s shell (ala sh -c "CMD")
30*cf5a6c84SAndroid Build Coastguard Worker -l Reset environment as if new login.
31*cf5a6c84SAndroid Build Coastguard Worker -u Switch to UID instead of USER
32*cf5a6c84SAndroid Build Coastguard Worker -g Switch to GID (only root allowed, can be comma separated list)
33*cf5a6c84SAndroid Build Coastguard Worker -p Preserve environment (except for $PATH and $IFS)
34*cf5a6c84SAndroid Build Coastguard Worker */
35*cf5a6c84SAndroid Build Coastguard Worker
36*cf5a6c84SAndroid Build Coastguard Worker #define FOR_su
37*cf5a6c84SAndroid Build Coastguard Worker #include "toys.h"
38*cf5a6c84SAndroid Build Coastguard Worker
39*cf5a6c84SAndroid Build Coastguard Worker GLOBALS(
40*cf5a6c84SAndroid Build Coastguard Worker char *s, *c;
41*cf5a6c84SAndroid Build Coastguard Worker )
42*cf5a6c84SAndroid Build Coastguard Worker
su_main()43*cf5a6c84SAndroid Build Coastguard Worker void su_main()
44*cf5a6c84SAndroid Build Coastguard Worker {
45*cf5a6c84SAndroid Build Coastguard Worker char *name, **shadow, *passhash = 0, **argu, **argv;
46*cf5a6c84SAndroid Build Coastguard Worker struct passwd *up;
47*cf5a6c84SAndroid Build Coastguard Worker
48*cf5a6c84SAndroid Build Coastguard Worker if (*toys.optargs && !strcmp("-", *toys.optargs)) {
49*cf5a6c84SAndroid Build Coastguard Worker toys.optflags |= FLAG_l;
50*cf5a6c84SAndroid Build Coastguard Worker toys.optargs++;
51*cf5a6c84SAndroid Build Coastguard Worker }
52*cf5a6c84SAndroid Build Coastguard Worker
53*cf5a6c84SAndroid Build Coastguard Worker if (*toys.optargs) name = *(toys.optargs++);
54*cf5a6c84SAndroid Build Coastguard Worker else name = "root";
55*cf5a6c84SAndroid Build Coastguard Worker
56*cf5a6c84SAndroid Build Coastguard Worker loggit(LOG_NOTICE, "%s->%s", getusername(geteuid()), name);
57*cf5a6c84SAndroid Build Coastguard Worker
58*cf5a6c84SAndroid Build Coastguard Worker if (getuid()) {
59*cf5a6c84SAndroid Build Coastguard Worker if (!(shadow = get_userline("/etc/shadow", name)))
60*cf5a6c84SAndroid Build Coastguard Worker perror_exit("no '%s'", name);
61*cf5a6c84SAndroid Build Coastguard Worker if (*shadow[1] != '$') goto deny;
62*cf5a6c84SAndroid Build Coastguard Worker if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
63*cf5a6c84SAndroid Build Coastguard Worker passhash = crypt(toybuf, shadow[1]);
64*cf5a6c84SAndroid Build Coastguard Worker if (!passhash || strcmp(passhash, shadow[1])) name = 0;
65*cf5a6c84SAndroid Build Coastguard Worker memset(toybuf, 0, sizeof(toybuf));
66*cf5a6c84SAndroid Build Coastguard Worker memset(shadow[1], 0, strlen(shadow[1]));
67*cf5a6c84SAndroid Build Coastguard Worker if (passhash) memset(passhash, 0, strlen(passhash));
68*cf5a6c84SAndroid Build Coastguard Worker if (!name) goto deny;
69*cf5a6c84SAndroid Build Coastguard Worker }
70*cf5a6c84SAndroid Build Coastguard Worker xsetuser(up = xgetpwnam(name));
71*cf5a6c84SAndroid Build Coastguard Worker
72*cf5a6c84SAndroid Build Coastguard Worker if (FLAG(m)||FLAG(p)) {
73*cf5a6c84SAndroid Build Coastguard Worker unsetenv("IFS");
74*cf5a6c84SAndroid Build Coastguard Worker setenv("PATH", _PATH_DEFPATH, 1);
75*cf5a6c84SAndroid Build Coastguard Worker } else reset_env(up, FLAG(l));
76*cf5a6c84SAndroid Build Coastguard Worker
77*cf5a6c84SAndroid Build Coastguard Worker argv = argu = xmalloc(sizeof(char *)*(toys.optc + 4));
78*cf5a6c84SAndroid Build Coastguard Worker *argv++ = TT.s ? : up->pw_shell;
79*cf5a6c84SAndroid Build Coastguard Worker loggit(LOG_NOTICE, "run %s", *argu);
80*cf5a6c84SAndroid Build Coastguard Worker
81*cf5a6c84SAndroid Build Coastguard Worker if (FLAG(l)) *(argv++) = "-l";
82*cf5a6c84SAndroid Build Coastguard Worker if (FLAG(c)) {
83*cf5a6c84SAndroid Build Coastguard Worker *argv++ = "-c";
84*cf5a6c84SAndroid Build Coastguard Worker *argv++ = TT.c;
85*cf5a6c84SAndroid Build Coastguard Worker }
86*cf5a6c84SAndroid Build Coastguard Worker while ((*argv++ = *toys.optargs++));
87*cf5a6c84SAndroid Build Coastguard Worker xexec(argu);
88*cf5a6c84SAndroid Build Coastguard Worker
89*cf5a6c84SAndroid Build Coastguard Worker deny:
90*cf5a6c84SAndroid Build Coastguard Worker syslog(LOG_NOTICE, "No.");
91*cf5a6c84SAndroid Build Coastguard Worker puts("No.");
92*cf5a6c84SAndroid Build Coastguard Worker toys.exitval = 1;
93*cf5a6c84SAndroid Build Coastguard Worker }
94