• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* su.c - switch user
2  *
3  * Copyright 2013 CE Strake <strake888@gmail.com>
4  *
5  * See http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/su.html
6  * TODO: log su attempts
7  * TODO: suid support
8  * Supports undocumented compatibility options: -m synonym for -p, - for -l
9 
10 USE_SU(NEWTOY(su, "^lmpu:g:c:s:[!lmp]", TOYFLAG_BIN|TOYFLAG_ROOTONLY))
11 
12 config SU
13   bool "su"
14   default y
15   help
16     usage: su [-lp] [-u UID] [-g GID,...] [-s SHELL] [-c CMD] [USER [COMMAND...]]
17 
18     Switch user, prompting for password of new user when not run as root.
19 
20     With one argument, switch to USER and run user's shell from /etc/passwd.
21     With no arguments, USER is root. If COMMAND line provided after USER,
22     exec() it as new USER (bypassing shell). If -u or -g specified, first
23     argument (if any) isn't USER (it's COMMAND).
24 
25     first argument is USER name to switch to (which must exist).
26     Non-root users are prompted for new user's password.
27 
28     -s	Shell to use (default is user's shell from /etc/passwd)
29     -c	Command line to pass to -s shell (ala sh -c "CMD")
30     -l	Reset environment as if new login.
31     -u	Switch to UID instead of USER
32     -g	Switch to GID (only root allowed, can be comma separated list)
33     -p	Preserve environment (except for $PATH and $IFS)
34 */
35 
36 #define FOR_su
37 #include "toys.h"
38 
GLOBALS(char * s;char * c;)39 GLOBALS(
40   char *s;
41   char *c;
42 )
43 
44 void su_main()
45 {
46   char *name, *passhash = 0, **argu, **argv;
47   struct passwd *up;
48 
49   if (*toys.optargs && !strcmp("-", *toys.optargs)) {
50     toys.optflags |= FLAG_l;
51     toys.optargs++;
52   }
53 
54   if (*toys.optargs) name = *(toys.optargs++);
55   else name = "root";
56 
57   loggit(LOG_NOTICE, "%s->%s", getusername(geteuid()), name);
58 
59   if (getuid()) {
60     struct spwd *shp;
61 
62     if (!(shp = getspnam(name))) perror_exit("no '%s'", name);
63     if (*shp->sp_pwdp != '$') goto deny;
64     if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
65     passhash = crypt(toybuf, shp->sp_pwdp);
66     memset(toybuf, 0, sizeof(toybuf));
67     if (!passhash || strcmp(passhash, shp->sp_pwdp)) goto deny;
68   }
69   closelog();
70 
71   xsetuser(up = xgetpwnam(name));
72 
73   if (FLAG(m)||FLAG(p)) {
74     unsetenv("IFS");
75     setenv("PATH", _PATH_DEFPATH, 1);
76   } else reset_env(up, FLAG(l));
77 
78   argv = argu = xmalloc(sizeof(char *)*(toys.optc + 4));
79   *(argv++) = TT.s ? TT.s : up->pw_shell;
80   loggit(LOG_NOTICE, "run %s", *argu);
81 
82   if (FLAG(l)) *(argv++) = "-l";
83   if (FLAG(c)) {
84     *(argv++) = "-c";
85     *(argv++) = TT.c;
86   }
87   while ((*(argv++) = *(toys.optargs++)));
88   xexec(argu);
89 
90 deny:
91   syslog(LOG_NOTICE, "No.");
92   puts("No.");
93   toys.exitval = 1;
94 }
95