logo

skeud

Simple and portable utilities to deal with user accounts (su, login)git clone https://anongit.hacktivis.me/git/skeud.git/

su.c (4985B)

    

  1. // SPDX-FileCopyrightText: 2022-2023 Haelwenn (lanodan) Monnier <contact+skeud@hacktivis.me>
  2. // SPDX-License-Identifier: MPL-2.0
  4. #define _POSIX_C_SOURCE 202405L
  5. // for explicit_bzero, initgroups
  6. #define _DEFAULT_SOURCE
  8. #ifdef __linux__
  9. // I love linux extensions (no)
  10. #include <shadow.h> /* getspnam */
  11. #endif
  13. #include "common.h" // skeud_getpass, skeud_crypt_check
  15. #include <assert.h>  // assert
  16. #include <errno.h>   // errno
  17. #include <grp.h>     // initgroups
  18. #include <pwd.h>     // getpwnam
  19. #include <stdbool.h> // bool
  20. #include <stdio.h>   // fprintf, perror
  21. #include <stdlib.h>  // abort, setenv
  22. #include <string.h>  // strcmp, explicit_bzero
  23. #include <unistd.h>  // getuid, getopt, opt*, chdir, setuid, setgid
  25. extern char **environ;
  26. char *envclear[]  = {NULL};
  27. const char *argv0 = "su";
  29. int
  30. main(int argc, char *argv[])
  31. {
  32. 	bool opt_l           = false;
  33. 	bool opt_p           = false;
  34. 	const char *username = "root";
  35. 	struct passwd *pwent = NULL;
  36. 	char *shell          = NULL;
  37. 	char *opt_cmd        = NULL;
  39. 	if(geteuid() != 0)
  40. 	{
  41. 		fputs("su: error: Not effectively super-user. Missing setuid?\n", stderr);
  42. 		return 1;
  43. 	}
  45. 	int c = EOF;
  46. 	/* flawfinder: ignore CWE-120, CWE-20 */
  47. 	while((c = getopt(argc, argv, ":c:ls:p")) != EOF)
  48. 	{
  49. 		switch(c)
  50. 		{
  51. 		case 'c': // opt_cmd
  52. 			opt_cmd = optarg;
  53. 			break;
  54. 		case 'l': // login-mode
  55. 			opt_l = true;
  56. 			break;
  57. 		case 's': // shell
  58. 			if(getuid() != 0)
  59. 			{
  60. 				fputs("su: error: Only the super-user can override the target shell\n", stderr);
  61. 				return 1;
  62. 			}
  64. 			shell = optarg;
  65. 			break;
  66. 		case 'p': // preserve environment
  67. 			if(getuid() != 0)
  68. 			{
  69. 				fputs("su: error: Only the super-user can preserve the environment\n", stderr);
  70. 				return 1;
  71. 			}
  73. 			opt_p = true;
  74. 			break;
  75. 		case ':':
  76. 			fprintf(stderr, "su: error: Option -%c requires an operand\n", optopt);
  77. 			return 1;
  78. 		case '?':
  79. 			fprintf(stderr, "su: error: Unrecognized option: '-%c'\n", optopt);
  80. 			return 1;
  81. 		default:
  82. 			fputs("su: error: Unknown getopt state, aborting\n", stderr);
  83. 			abort();
  84. 		}
  85. 	}
  87. 	argc -= optind;
  88. 	argv += optind;
  90. 	if(argv[0] && strcmp(argv[0], "-") == 0)
  91. 	{
  92. 		opt_l = true;
  94. 		argc -= 1;
  95. 		argv += 1;
  96. 	}
  98. 	if(argc > 1)
  99. 	{
  100. 		fprintf(stderr, "su: error: Got %d arguments, expected <= 1\n", argc);
  101. 		return 1;
  102. 	}
  104. 	if(argc == 1)
  105. 	{
  106. 		username = argv[0];
  107. 	}
  109. 	errno = 0;
  110. 	pwent = getpwnam(username);
  112. 	if(pwent == NULL)
  113. 	{
  114. 		if(errno != 0)
  115. 		{
  116. 			perror("su: error: Failed getting passwd entry");
  117. 		}
  118. 		else
  119. 		{
  120. 			fprintf(stderr, "su: error: getpwnam: No entry found for user %s\n", username);
  121. 		}
  123. 		return 1;
  124. 	}
  126. 	if(shell == NULL)
  127. 	{
  128. 		if(pwent->pw_shell)
  129. 		{
  130. 			shell = pwent->pw_shell;
  131. 		}
  132. 		else
  133. 		{
  134. 			fprintf(stderr, "su: error: No shell entry for user %s\n", username);
  136. 			return 1;
  137. 		}
  138. 	}
  140. 	fprintf(stderr, "su: info: Authenticating as %s\n", username);
  142. 	if(getuid() != 0)
  143. 	{
  144. 		char *pw_hash = NULL;
  145. 		if(pwent->pw_passwd)
  146. 		{
  147. 			pw_hash = pwent->pw_passwd;
  148. 		}
  150. #ifdef __linux__
  151. 		// Always fetched to avoid potentially leaking passwd contents
  152. 		errno              = 0;
  153. 		struct spwd *swent = getspnam(username);
  154. 		if(errno != 0)
  155. 		{
  156. 			perror("su: warning: getspnam");
  157. 		}
  158. 		else
  159. 		{
  160. 			if(pw_hash && pw_hash[0] == 'x' && pw_hash[1] == 0)
  161. 			{
  162. 				pw_hash = swent->sp_pwdp;
  163. 			}
  165. 			explicit_bzero(swent, sizeof(swent));
  166. 			swent = NULL;
  167. 		}
  168. #endif /* __linux__ */
  170. 		char *password = NULL;
  171. 		ssize_t got    = skeud_getpass(&password);
  172. 		if(got < 0)
  173. 		{
  174. 			free(password);
  175. 			return 1;
  176. 		}
  178. 		bool valid_p = skeud_crypt_check(pw_hash, password);
  179. 		explicit_bzero(password, got);
  180. 		free(password);
  181. 		if(pw_hash) explicit_bzero(pw_hash, sizeof(pw_hash));
  183. 		if(!valid_p)
  184. 		{
  185. 			sleep(2);
  186. 			fprintf(stderr, "su: error: Invalid username or password\n");
  187. 			return 1;
  188. 		}
  189. 	}
  191. 	if(!opt_p)
  192. 	{
  193. 		char *term = getenv("TERM");
  194. 		environ    = envclear;
  195. 		if(term)
  196. 		{
  197. 			setenv("TERM", term, 1);
  198. 		}
  199. 	}
  201. 	if(setgid(pwent->pw_gid) < 0)
  202. 	{
  203. 		perror("su: error: setgid");
  204. 		return 1;
  205. 	}
  206. 	if(initgroups(username, pwent->pw_gid) < 0)
  207. 	{
  208. 		perror("su: error: initgroups");
  209. 		return 1;
  210. 	}
  211. 	if(setuid(pwent->pw_uid) < 0)
  212. 	{
  213. 		perror("su: error: setuid");
  214. 		return 1;
  215. 	}
  217. 	const char *home = pwent->pw_dir ? pwent->pw_dir : "/";
  218. 	setenv("HOME", home, 1);
  220. 	if(opt_l)
  221. 	{
  222. 		if(chdir(home) != 0) perror("su: chdir");
  223. 	}
  225. 	explicit_bzero(pwent, sizeof(pwent));
  226. 	pwent = NULL;
  228. 	setenv("USER", username, 1);
  229. 	setenv("LOGNAME", username, 1);
  230. 	setenv("SHELL", shell, 1);
  231. 	setenv("IFS", " \t\n", 1);
  233. 	int cmd_argc                    = 1;
  234. 	const char *cmd_argv[2 + 1 + 2] = {shell, NULL};
  236. 	if(opt_l)
  237. 	{
  238. 		cmd_argv[cmd_argc++] = "-l";
  239. 	}
  241. 	if(opt_cmd != NULL)
  242. 	{
  243. 		cmd_argv[cmd_argc++] = "-c";
  244. 		cmd_argv[cmd_argc++] = opt_cmd;
  245. 	}
  247. 	/* Just to be sure it's null-terminated */
  248. 	cmd_argv[cmd_argc + 1] = NULL;
  250. 	errno = 0;
  251. 	/* flawfinder: ignore CWE-78 */
  252. 	int ret = execvp(shell, (char **)cmd_argv);
  253. 	if(ret < 0)
  254. 	{
  255. 		if(errno == ENOENT)
  256. 		{
  257. 			perror("su: execve");
  258. 			return 127;
  259. 		}
  260. 		else
  261. 		{
  262. 			perror("su: execve");
  263. 			return 126;
  264. 		}
  265. 	}
  266. }