1 /* su.c - switch user
2 *
3 * Copyright 2013 CE Strake <strake888@gmail.com>
4 *
5 * See http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/su.html
6 * TODO: log su attempts
7 * TODO: suid support
8 * Supports undocumented compatibility options: -m synonym for -p, - for -l
9
10 USE_SU(NEWTOY(su, "^lmpu:g:c:s:[!lmp]", TOYFLAG_BIN|TOYFLAG_ROOTONLY))
11
12 config SU
13 bool "su"
14 default y
15 help
16 usage: su [-lp] [-u UID] [-g GID,...] [-s SHELL] [-c CMD] [USER [COMMAND...]]
17
18 Switch user, prompting for password of new user when not run as root.
19
20 With one argument, switch to USER and run user's shell from /etc/passwd.
21 With no arguments, USER is root. If COMMAND line provided after USER,
22 exec() it as new USER (bypassing shell). If -u or -g specified, first
23 argument (if any) isn't USER (it's COMMAND).
24
25 first argument is USER name to switch to (which must exist).
26 Non-root users are prompted for new user's password.
27
28 -s Shell to use (default is user's shell from /etc/passwd)
29 -c Command line to pass to -s shell (ala sh -c "CMD")
30 -l Reset environment as if new login.
31 -u Switch to UID instead of USER
32 -g Switch to GID (only root allowed, can be comma separated list)
33 -p Preserve environment (except for $PATH and $IFS)
34 */
35
36 #define FOR_su
37 #include "toys.h"
38
GLOBALS(char * s;char * c;)39 GLOBALS(
40 char *s;
41 char *c;
42 )
43
44 void su_main()
45 {
46 char *name, *passhash = 0, **argu, **argv;
47 struct passwd *up;
48
49 if (*toys.optargs && !strcmp("-", *toys.optargs)) {
50 toys.optflags |= FLAG_l;
51 toys.optargs++;
52 }
53
54 if (*toys.optargs) name = *(toys.optargs++);
55 else name = "root";
56
57 loggit(LOG_NOTICE, "%s->%s", getusername(geteuid()), name);
58
59 if (getuid()) {
60 struct spwd *shp;
61
62 if (!(shp = getspnam(name))) perror_exit("no '%s'", name);
63 if (*shp->sp_pwdp != '$') goto deny;
64 if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
65 passhash = crypt(toybuf, shp->sp_pwdp);
66 memset(toybuf, 0, sizeof(toybuf));
67 if (!passhash || strcmp(passhash, shp->sp_pwdp)) goto deny;
68 }
69 closelog();
70
71 xsetuser(up = xgetpwnam(name));
72
73 if (FLAG(m)||FLAG(p)) {
74 unsetenv("IFS");
75 setenv("PATH", _PATH_DEFPATH, 1);
76 } else reset_env(up, FLAG(l));
77
78 argv = argu = xmalloc(sizeof(char *)*(toys.optc + 4));
79 *(argv++) = TT.s ? TT.s : up->pw_shell;
80 loggit(LOG_NOTICE, "run %s", *argu);
81
82 if (FLAG(l)) *(argv++) = "-l";
83 if (FLAG(c)) {
84 *(argv++) = "-c";
85 *(argv++) = TT.c;
86 }
87 while ((*(argv++) = *(toys.optargs++)));
88 xexec(argu);
89
90 deny:
91 syslog(LOG_NOTICE, "No.");
92 puts("No.");
93 toys.exitval = 1;
94 }
95