logo

skeud

Simple and portable utilities to deal with user accounts (su, login)git clone https://anongit.hacktivis.me/git/skeud.git/

su.c (4970B)

    

  1. // SPDX-FileCopyrightText: 2022-2023 Haelwenn (lanodan) Monnier <contact+skeud@hacktivis.me>
  2. // SPDX-License-Identifier: MPL-2.0
  4. #define _POSIX_C_SOURCE 200809L
  5. // for explicit_bzero, initgroups
  6. #define _DEFAULT_SOURCE
  8. #ifdef __linux__
  9. // I love linux extensions (no)
  10. #include <shadow.h> /* getspnam */
  11. #endif
  13. #include "common.h" // skeud_getpass, skeud_crypt_check
  15. #include <assert.h>  // assert
  16. #include <errno.h>   // errno
  17. #include <grp.h>     // initgroups
  18. #include <pwd.h>     // getpwnam
  19. #include <stdbool.h> // bool
  20. #include <stdio.h>   // fprintf, perror
  21. #include <stdlib.h>  // abort, setenv
  22. #include <string.h>  // strcmp, explicit_bzero
  23. #include <unistd.h>  // getuid, getopt, opt*, chdir, setuid, setgid
  25. extern char **environ;
  26. char *envclear[] = {NULL};
  28. int
  29. main(int argc, char *argv[])
  30. {
  31. 	bool opt_l           = false;
  32. 	bool opt_p           = false;
  33. 	int c                = EOF;
  34. 	const char *username = "root";
  35. 	struct passwd *pwent = NULL;
  36. 	char *shell          = NULL;
  37. 	char *opt_cmd        = NULL;
  39. 	if(geteuid() != 0)
  40. 	{
  41. 		fprintf(stderr, "su: error: Not effectively super-user. Missing setuid?\n");
  42. 		return 1;
  43. 	}
  45. 	/* flawfinder: ignore CWE-120, CWE-20 */
  46. 	while((c = getopt(argc, argv, ":c:ls:p")) != EOF)
  47. 	{
  48. 		switch(c)
  49. 		{
  50. 		case 'c': // opt_cmd
  51. 			opt_cmd = optarg;
  52. 			break;
  53. 		case 'l': // login-mode
  54. 			opt_l = true;
  55. 			break;
  56. 		case 's': // shell
  57. 			if(getuid() != 0)
  58. 			{
  59. 				fprintf(stderr, "su: error: Only the super-user can override the target shell\n");
  60. 				return 1;
  61. 			}
  63. 			shell = optarg;
  64. 			break;
  65. 		case 'p': // preserve environment
  66. 			if(getuid() != 0)
  67. 			{
  68. 				fprintf(stderr, "su: error: Only the super-user can preserve the environment\n");
  69. 				return 1;
  70. 			}
  72. 			opt_p = true;
  73. 			break;
  74. 		case ':':
  75. 			fprintf(stderr, "su: error: Option -%c requires an operand\n", optopt);
  76. 			return 1;
  77. 		case '?':
  78. 			fprintf(stderr, "su: error: Unrecognized option: '-%c'\n", optopt);
  79. 			return 1;
  80. 		default:
  81. 			fprintf(stderr, "su: error: Unknown getopt state, aborting\n");
  82. 			abort();
  83. 		}
  84. 	}
  86. 	argc -= optind;
  87. 	argv += optind;
  89. 	if(argv[0] && strcmp(argv[0], "-") == 0)
  90. 	{
  91. 		opt_l = true;
  93. 		argc -= 1;
  94. 		argv += 1;
  95. 	}
  97. 	if(argc > 1)
  98. 	{
  99. 		fprintf(stderr, "su: error: Got %d arguments, expected <= 1\n", argc);
  100. 		return 1;
  101. 	}
  103. 	if(argc == 1)
  104. 	{
  105. 		username = argv[0];
  106. 	}
  108. 	errno = 0;
  109. 	pwent = getpwnam(username);
  111. 	if(pwent == NULL)
  112. 	{
  113. 		if(errno != 0)
  114. 		{
  115. 			perror("su: error: getpwnam");
  116. 		}
  117. 		else
  118. 		{
  119. 			fprintf(stderr, "su: error: getpwnam: No entry found for user %s\n", username);
  120. 		}
  122. 		return 1;
  123. 	}
  125. 	if(shell == NULL)
  126. 	{
  127. 		if(pwent->pw_shell)
  128. 		{
  129. 			shell = pwent->pw_shell;
  130. 		}
  131. 		else
  132. 		{
  133. 			fprintf(stderr, "su: error: No shell entry for user %s\n", username);
  135. 			return 1;
  136. 		}
  137. 	}
  139. 	fprintf(stderr, "su: info: Authenticating as %s\n", username);
  141. 	if(getuid() != 0)
  142. 	{
  143. 		char *pw_hash = NULL;
  144. 		if(pwent->pw_passwd)
  145. 		{
  146. 			pw_hash = pwent->pw_passwd;
  147. 		}
  149. #ifdef __linux__
  150. 		// Always fetched to avoid potentially leaking passwd contents
  151. 		errno              = 0;
  152. 		struct spwd *swent = getspnam(username);
  153. 		if(errno != 0)
  154. 		{
  155. 			perror("su: warning: getspnam");
  156. 		}
  157. 		else
  158. 		{
  159. 			if(pw_hash && pw_hash[0] == 'x' && pw_hash[1] == 0)
  160. 			{
  161. 				pw_hash = swent->sp_pwdp;
  162. 			}
  164. 			explicit_bzero(swent, sizeof(swent));
  165. 			swent = NULL;
  166. 		}
  167. #endif /* __linux__ */
  169. 		char *password = NULL;
  170. 		ssize_t got    = skeud_getpass(&password);
  171. 		if(got < 0)
  172. 		{
  173. 			free(password);
  174. 			return 1;
  175. 		}
  177. 		bool valid_p = skeud_crypt_check(pw_hash, password);
  178. 		explicit_bzero(password, got);
  179. 		free(password);
  180. 		if(pw_hash) explicit_bzero(pw_hash, sizeof(pw_hash));
  182. 		if(!valid_p)
  183. 		{
  184. 			sleep(2);
  185. 			fprintf(stderr, "su: error: Invalid username or password\n");
  186. 			return 1;
  187. 		}
  188. 	}
  190. 	if(!opt_p)
  191. 	{
  192. 		char *term = getenv("TERM");
  193. 		environ    = envclear;
  194. 		if(term)
  195. 		{
  196. 			setenv("TERM", term, 1);
  197. 		}
  198. 	}
  200. 	if(setgid(pwent->pw_gid) < 0)
  201. 	{
  202. 		perror("su: error: setgid");
  203. 		return 1;
  204. 	}
  205. 	if(initgroups(username, pwent->pw_gid) < 0)
  206. 	{
  207. 		perror("su: error: initgroups");
  208. 		return 1;
  209. 	}
  210. 	if(setuid(pwent->pw_uid) < 0)
  211. 	{
  212. 		perror("su: error: setuid");
  213. 		return 1;
  214. 	}
  216. 	const char *home = pwent->pw_dir ? pwent->pw_dir : "/";
  217. 	setenv("HOME", home, 1);
  218. 	if(opt_l)
  219. 	{
  220. 		if(chdir(pwent->pw_dir) != 0) perror("su: chdir");
  221. 	}
  223. 	explicit_bzero(pwent, sizeof(pwent));
  224. 	pwent = NULL;
  226. 	setenv("USER", username, 1);
  227. 	setenv("LOGNAME", username, 1);
  228. 	setenv("SHELL", shell, 1);
  229. 	setenv("IFS", " \t\n", 1);
  231. 	int cmd_argc                    = 1;
  232. 	const char *cmd_argv[2 + 1 + 2] = {shell, NULL};
  234. 	if(opt_l)
  235. 	{
  236. 		cmd_argv[cmd_argc++] = "-l";
  237. 	}
  239. 	if(opt_cmd != NULL)
  240. 	{
  241. 		cmd_argv[cmd_argc++] = "-c";
  242. 		cmd_argv[cmd_argc++] = opt_cmd;
  243. 	}
  245. 	/* Just to be sure it's null-terminated */
  246. 	cmd_argv[cmd_argc + 1] = NULL;
  248. 	errno = 0;
  249. 	/* flawfinder: ignore CWE-78 */
  250. 	int ret = execvp(shell, (char **)cmd_argv);
  251. 	if(ret < 0)
  252. 	{
  253. 		if(errno == ENOENT)
  254. 		{
  255. 			perror("su: execve");
  256. 			return 127;
  257. 		}
  258. 		else
  259. 		{
  260. 			perror("su: execve");
  261. 			return 126;
  262. 		}
  263. 	}
  264. }