1
/*
2
 * Copyright (c) 1999 - 2008 Kungliga Tekniska Högskolan
3
 * (Royal Institute of Technology, Stockholm, Sweden).
4
 * All rights reserved.
5
 *
6
 * Redistribution and use in source and binary forms, with or without
7
 * modification, are permitted provided that the following conditions
8
 * are met:
9
 *
10
 * 1. Redistributions of source code must retain the above copyright
11
 *    notice, this list of conditions and the following disclaimer.
12
 *
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 *
17
 * 3. Neither the name of KTH nor the names of its contributors may be
18
 *    used to endorse or promote products derived from this software without
19
 *    specific prior written permission.
20
 *
21
 * THIS SOFTWARE IS PROVIDED BY KTH AND ITS CONTRIBUTORS ``AS IS'' AND ANY
22
 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
24
 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL KTH OR ITS CONTRIBUTORS BE
25
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
26
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
27
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
28
 * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
29
 * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30
 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
31
 * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
32

33
#include <config.h>
34

35
RCSID("$Id$");
36

37
#include <stdio.h>
38
#include <stdlib.h>
39
#include <string.h>
40

41
#include <syslog.h>
42

43
#ifdef HAVE_PATHS_H
44
#include <paths.h>
45
#endif
46

47
#ifdef HAVE_SHADOW_H
48
#include <shadow.h>
49
#endif
50

51
#include <pwd.h>
52
#ifdef HAVE_CRYPT_H
53
#include <crypt.h>
54
#endif
55

56
#include "crypto-headers.h"
57
#ifdef KRB5
58
#include <krb5.h>
59
#endif
60
#include <kafs.h>
61
#include <err.h>
62
#include <roken.h>
63
#include <getarg.h>
64

65
#include "supaths.h"
66

67
#if !HAVE_DECL_ENVIRON
68
extern char **environ;
69
#endif
70

71
int kerberos_flag = 1;
72
int csh_f_flag;
73
int full_login;
74
int env_flag;
75
char *kerberos_instance = "root";
76
int help_flag;
77
int version_flag;
78
char *cmd;
79
char tkfile[256];
80

81
struct getargs args[] = {
82
    { "kerberos", 'K', arg_negative_flag, &kerberos_flag,
83
      "don't use kerberos" },
84
    { NULL,	  'f', arg_flag,	  &csh_f_flag,
85
      "don't read .cshrc" },
86
    { "full",	  'l', arg_flag,          &full_login,
87
      "simulate full login" },
88
    { NULL,	  'm', arg_flag,          &env_flag,
89
      "leave environment unmodified" },
90
    { "instance", 'i', arg_string,        &kerberos_instance,
91
      "root instance to use" },
92
    { "command",  'c', arg_string,        &cmd,
93
      "command to execute" },
94
    { "help", 	  'h', arg_flag,          &help_flag },
95
    { "version",  0,   arg_flag,          &version_flag },
96
};
97

98

99
static void
100
usage (int ret)
101
{
102
    arg_printusage (args,
103
		    sizeof(args)/sizeof(*args),
104
		    NULL,
105
		    "[login [shell arguments]]");
106
    exit (ret);
107
}
108

109
static void
110
free_info(struct passwd *p)
111
{
112
    free (p->pw_name);
113
    free (p->pw_passwd);
114
    free (p->pw_dir);
115
    free (p->pw_shell);
116
    free (p);
117
}
118

119
static struct passwd*
120
dup_info(const struct passwd *pwd)
121
{
122
    struct passwd *info;
123

124
    info = malloc(sizeof(*info));
125
    if(info == NULL)
126
	return NULL;
127
    info->pw_name = strdup(pwd->pw_name);
128
    info->pw_passwd = strdup(pwd->pw_passwd);
129
    info->pw_uid = pwd->pw_uid;
130
    info->pw_gid = pwd->pw_gid;
131
    info->pw_dir = strdup(pwd->pw_dir);
132
    info->pw_shell = strdup(pwd->pw_shell);
133
    if(info->pw_name == NULL || info->pw_passwd == NULL ||
134
       info->pw_dir == NULL || info->pw_shell == NULL) {
135
	free_info (info);
136
	return NULL;
137
    }
138
    return info;
139
}
140

141
#ifdef KRB5
142
static krb5_context context;
143
static krb5_ccache ccache;
144

145
static int
146
krb5_verify(const struct passwd *login_info,
147
	    const struct passwd *su_info,
148
	    const char *kerberos_instance)
149
{
150
    krb5_error_code ret;
151
    krb5_principal p;
152
    krb5_realm *realms, *r;
153
    char *login_name = NULL;
154
    int user_ok = 0;
155

156
#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
157
    login_name = getlogin();
158
#endif
159
    ret = krb5_init_context (&context);
160
    if (ret) {
161
#if 0
162
	warnx("krb5_init_context failed: %d", ret);
163
#endif
164
	return 1;
165
    }
166

167
    ret = krb5_get_default_realms(context, &realms);
168
    if (ret)
169
	return 1;
170

171
    /* Check all local realms */
172
    for (r = realms; *r != NULL && !user_ok; r++) {
173

174
	if (login_name == NULL || strcmp (login_name, "root") == 0)
175
	    login_name = login_info->pw_name;
176
	if (strcmp (su_info->pw_name, "root") == 0)
177
	    ret = krb5_make_principal(context, &p, *r,
178
				      login_name,
179
				      kerberos_instance,
180
				      NULL);
181
	else
182
	    ret = krb5_make_principal(context, &p, *r,
183
				      su_info->pw_name,
184
				      NULL);
185
	if (ret) {
186
	    krb5_free_host_realm(context, realms);
187
	    return 1;
188
	}
189

190
	/* if we are su-ing too root, check with krb5_kuserok */
191
	if (su_info->pw_uid == 0 && !krb5_kuserok(context, p, su_info->pw_name))
192
	    continue;
193

194
	ret = krb5_cc_new_unique(context, krb5_cc_type_memory, NULL, &ccache);
195
	if(ret) {
196
	    krb5_free_host_realm(context, realms);
197
	    krb5_free_principal (context, p);
198
	    return 1;
199
	}
200
  	ret = krb5_verify_user(context, p, ccache, NULL, TRUE, NULL);
201
	krb5_free_principal (context, p);
202
	switch (ret) {
203
	case 0:
204
	    user_ok = 1;
205
	    break;
206
	case KRB5_LIBOS_PWDINTR :
207
	    krb5_cc_destroy(context, ccache);
208
	    break;
209
	case KRB5KRB_AP_ERR_BAD_INTEGRITY:
210
	case KRB5KRB_AP_ERR_MODIFIED:
211
	    krb5_cc_destroy(context, ccache);
212
	    krb5_warnx(context, "Password incorrect");
213
	    break;
214
	default :
215
	    krb5_cc_destroy(context, ccache);
216
	    krb5_warn(context, ret, "krb5_verify_user");
217
	    break;
218
	}
219
    }
220
    krb5_free_host_realm(context, realms);
221
    if (!user_ok)
222
	return 1;
223
    return 0;
224
}
225

226
static int
227
krb5_start_session(void)
228
{
229
    krb5_ccache ccache2;
230
    char *cc_name;
231
    int ret;
232

233
    ret = krb5_cc_new_unique(context, krb5_cc_type_file, NULL, &ccache2);
234
    if (ret) {
235
	krb5_cc_destroy(context, ccache);
236
	return 1;
237
    }
238

239
    ret = krb5_cc_copy_cache(context, ccache, ccache2);
240
    if (ret) {
241
	krb5_cc_destroy(context, ccache);
242
	krb5_cc_destroy(context, ccache2);
243
	return 1;
244
    }
245

246
    ret = asprintf(&cc_name, "%s:%s", krb5_cc_get_type(context, ccache2),
247
		   krb5_cc_get_name(context, ccache2));
248
    if (ret == -1) {
249
	krb5_cc_destroy(context, ccache);
250
	krb5_cc_destroy(context, ccache2);
251
	errx(1, "malloc - out of memory");
252
    }
253
    esetenv("KRB5CCNAME", cc_name, 1);
254

255
    /* convert creds? */
256
    if(k_hasafs()) {
257
	if (k_setpag() == 0)
258
	    krb5_afslog(context, ccache2, NULL, NULL);
259
    }
260

261
    krb5_cc_close(context, ccache2);
262
    krb5_cc_destroy(context, ccache);
263
    return 0;
264
}
265
#endif
266

267

268
#define GROUP_MEMBER		0
269
#define GROUP_MISSING		1
270
#define GROUP_EMPTY		2
271
#define GROUP_NOT_MEMBER	3
272

273
static int
274
group_member_p(const char *group, const char *user)
275
{
276
    struct group *g;
277
    int i;
278
    g = getgrnam(group);
279
    if(g == NULL)
280
	return GROUP_MISSING;
281
    if(g->gr_mem[0] == NULL)
282
	return GROUP_EMPTY;
283
    for(i = 0; g->gr_mem[i] != NULL; i++)
284
	if(strcmp(user, g->gr_mem[i]) == 0)
285
	    return GROUP_MEMBER;
286
    return GROUP_NOT_MEMBER;
287
}
288

289
static int
290
verify_unix(struct passwd *login, struct passwd *su)
291
{
292
    char prompt[128];
293
    char pw_buf[1024];
294
    char *pw;
295
    int r;
296
    if(su->pw_passwd != NULL && *su->pw_passwd != '\0') {
297
	snprintf(prompt, sizeof(prompt), "%s's password: ", su->pw_name);
298
	r = UI_UTIL_read_pw_string(pw_buf, sizeof(pw_buf), prompt, 0);
299
	if(r != 0)
300
	    exit(0);
301
	pw = crypt(pw_buf, su->pw_passwd);
302
	memset(pw_buf, 0, sizeof(pw_buf));
303
	if(strcmp(pw, su->pw_passwd) != 0) {
304
	    syslog (LOG_ERR | LOG_AUTH, "%s to %s: incorrect password",
305
		    login->pw_name, su->pw_name);
306
	    return 1;
307
	}
308
    }
309
    /* if su:ing to root, check membership of group wheel or root; if
310
       that group doesn't exist, or is empty, allow anyone to su
311
       root */
312
    if(su->pw_uid == 0) {
313
#ifndef ROOT_GROUP
314
#define ROOT_GROUP "wheel"
315
#endif
316
	int gs = group_member_p(ROOT_GROUP, login->pw_name);
317
	if(gs == GROUP_NOT_MEMBER) {
318
	    syslog (LOG_ERR | LOG_AUTH, "%s to %s: not in group %s",
319
		    login->pw_name, su->pw_name, ROOT_GROUP);
320
	    return 1;
321
	}
322
	return 0;
323
    }
324
    return 0;
325
}
326

327
int
328
main(int argc, char **argv)
329
{
330
    int i, optind = 0;
331
    char *su_user;
332
    struct passwd *su_info;
333
    struct passwd *login_info;
334

335
    struct passwd *pwd;
336

337
    char *shell;
338

339
    int ok = 0;
340

341
    setprogname (argv[0]);
342

343
    if(getarg(args, sizeof(args) / sizeof(args[0]), argc, argv, &optind))
344
	usage(1);
345

346
    for (i=0; i < optind; i++)
347
      if (strcmp(argv[i], "-") == 0) {
348
	 full_login = 1;
349
	 break;
350
      }
351

352
    if(help_flag)
353
	usage(0);
354
    if(version_flag) {
355
	print_version(NULL);
356
	exit(0);
357
    }
358
    if(optind >= argc)
359
	su_user = "root";
360
    else
361
	su_user = argv[optind++];
362

363
    if (!issuid() && getuid() != 0)
364
	warnx("Not setuid and you are not root, expect this to fail");
365

366
    pwd = k_getpwnam(su_user);
367
    if(pwd == NULL)
368
	errx (1, "unknown login %s", su_user);
369
    if (pwd->pw_uid == 0 && strcmp ("root", su_user) != 0) {
370
	syslog (LOG_ALERT, "NIS attack, user %s has uid 0", su_user);
371
	errx (1, "unknown login %s", su_user);
372
    }
373
    su_info = dup_info(pwd);
374
    if (su_info == NULL)
375
	errx (1, "malloc: out of memory");
376

377
	pwd = getpwuid(getuid());
378
    if(pwd == NULL)
379
	errx(1, "who are you?");
380
    login_info = dup_info(pwd);
381
    if (login_info == NULL)
382
	errx (1, "malloc: out of memory");
383
    if(env_flag)
384
	shell = login_info->pw_shell;
385
    else
386
	shell = su_info->pw_shell;
387
    if(shell == NULL || *shell == '\0')
388
	shell = _PATH_BSHELL;
389

390

391
#ifdef KRB5
392
    if(kerberos_flag && ok == 0 &&
393
       krb5_verify(login_info, su_info, kerberos_instance) == 0)
394
	ok = 5;
395
#endif
396

397
    if(ok == 0 && login_info->pw_uid && verify_unix(login_info, su_info) != 0) {
398
	printf("Sorry!\n");
399
	exit(1);
400
    }
401

402
#ifdef HAVE_GETSPNAM
403
   {  struct spwd *sp;
404
      long    today;
405

406
    sp = getspnam(su_info->pw_name);
407
    if (sp != NULL) {
408
	today = time(0)/(24L * 60 * 60);
409
	if (sp->sp_expire > 0) {
410
	    if (today >= sp->sp_expire) {
411
		if (login_info->pw_uid)
412
		    errx(1,"Your account has expired.");
413
		else
414
		    printf("Your account has expired.");
415
            }
416
            else if (sp->sp_expire - today < 14)
417
                printf("Your account will expire in %d days.\n",
418
		       (int)(sp->sp_expire - today));
419
	}
420
	if (sp->sp_max > 0) {
421
	    if (today >= sp->sp_lstchg + sp->sp_max) {
422
		if (login_info->pw_uid)
423
		    errx(1,"Your password has expired. Choose a new one.");
424
		else
425
		    printf("Your password has expired. Choose a new one.");
426
	    }
427
	    else if (today >= sp->sp_lstchg + sp->sp_max - sp->sp_warn)
428
		printf("Your account will expire in %d days.\n",
429
		       (int)(sp->sp_lstchg + sp->sp_max -today));
430
	}
431
    }
432
    }
433
#endif
434
    {
435
	char *tty = ttyname (STDERR_FILENO);
436
	syslog (LOG_NOTICE | LOG_AUTH, tty ? "%s to %s on %s" : "%s to %s",
437
		login_info->pw_name, su_info->pw_name, tty);
438
    }
439

440

441
    if(!env_flag) {
442
	if(full_login) {
443
	    char *t = getenv ("TERM");
444
	    char **newenv = NULL;
445
	    int i, j;
446

447
	    i = read_environment(_PATH_ETC_ENVIRONMENT, &newenv);
448

449
	    environ = malloc ((10 + i) * sizeof (char *));
450
	    if (environ == NULL)
451
		err (1, "malloc");
452
	    environ[0] = NULL;
453

454
	    for (j = 0; j < i; j++) {
455
		char *p = strchr(newenv[j], '=');
456
		if (p == NULL)
457
		    errx(1, "enviroment '%s' missing '='", newenv[j]);
458
		*p++ = 0;
459
		esetenv (newenv[j], p, 1);
460
	    }
461
	    free(newenv);
462

463
	    esetenv ("PATH", _PATH_DEFPATH, 1);
464
	    if (t)
465
		esetenv ("TERM", t, 1);
466
	    if (chdir (su_info->pw_dir) < 0)
467
		errx (1, "no directory");
468
	}
469
	if (full_login || su_info->pw_uid)
470
	    esetenv ("USER", su_info->pw_name, 1);
471
	esetenv("HOME", su_info->pw_dir, 1);
472
	esetenv("SHELL", shell, 1);
473
    }
474

475
    {
476
	int i;
477
	char **args;
478
	char *p;
479

480
	p = strrchr(shell, '/');
481
	if(p)
482
	    p++;
483
	else
484
	    p = shell;
485

486
	if (strcmp(p, "csh") != 0)
487
	    csh_f_flag = 0;
488

489
        args = malloc(((cmd ? 2 : 0) + 1 + argc - optind + 1 + csh_f_flag) * sizeof(*args));
490
	if (args == NULL)
491
	    err (1, "malloc");
492
	i = 0;
493
	if(full_login) {
494
	    if (asprintf(&args[i++], "-%s", p) == -1)
495
		errx (1, "malloc");
496
	} else
497
	    args[i++] = p;
498
	if (cmd) {
499
	   args[i++] = "-c";
500
	   args[i++] = cmd;
501
	}
502

503
	if (csh_f_flag)
504
	    args[i++] = "-f";
505

506
	for (argv += optind; *argv; ++argv)
507
	   args[i++] = *argv;
508
	args[i] = NULL;
509

510
	if(setgid(su_info->pw_gid) < 0)
511
	    err(1, "setgid");
512
	if (initgroups (su_info->pw_name, su_info->pw_gid) < 0)
513
	    err (1, "initgroups");
514
	if(setuid(su_info->pw_uid) < 0
515
	   || (su_info->pw_uid != 0 && setuid(0) == 0))
516
	    err(1, "setuid");
517

518
#ifdef KRB5
519
        if (ok == 5)
520
           krb5_start_session();
521
#endif
522
	execve(shell, args, environ);
523
    }
524

525
    exit(1);
526
}
527

528