logo

skeud

Simple and portable utilities to deal with user accounts (su, login)

su.c (4768B)

    

  1. // SPDX-FileCopyrightText: 2022-2023 Haelwenn (lanodan) Monnier <contact+skeud@hacktivis.me>
  2. // SPDX-License-Identifier: MPL-2.0
  4. #define _POSIX_C_SOURCE 200809L
  5. // for explicit_bzero, initgroups
  6. #define _DEFAULT_SOURCE
  8. #ifdef __linux__
  9. // I love linux extensions (no)
  10. #include <shadow.h> /* getspnam */
  11. #endif
  13. #include "common.h" // skeud_getpass, skeud_crypt_check
  15. #include <assert.h>  // assert
  16. #include <errno.h>   // errno
  17. #include <grp.h>     // initgroups
  18. #include <pwd.h>     // getpwnam
  19. #include <stdbool.h> // bool
  20. #include <stdio.h>   // fprintf, perror
  21. #include <stdlib.h>  // abort, setenv
  22. #include <string.h>  // strcmp, explicit_bzero
  23. #include <unistd.h>  // getuid, getopt, opt*, chdir, setuid, setgid
  25. extern char **environ;
  26. char *envclear[] = {NULL};
  28. int
  29. main(int argc, char *argv[])
  30. {
  31. 	bool opt_l           = false;
  32. 	bool opt_p           = false;
  33. 	int c                = EOF;
  34. 	char *username       = "root";
  35. 	struct passwd *pwent = NULL;
  36. 	char *shell          = NULL;
  37. 	char *opt_cmd        = NULL;
  39. 	if(geteuid() != 0)
  40. 	{
  41. 		fprintf(stderr, "su: Not effectively super-user. Missing setuid?\n");
  42. 		return 1;
  43. 	}
  45. 	/* flawfinder: ignore CWE-120, CWE-20 */
  46. 	while((c = getopt(argc, argv, ":c:ls:p")) != EOF)
  47. 	{
  48. 		switch(c)
  49. 		{
  50. 		case 'c': // opt_cmd
  51. 			opt_cmd = optarg;
  52. 			break;
  53. 		case 'l': // login-mode
  54. 			opt_l = true;
  55. 			break;
  56. 		case 's': // shell
  57. 			if(getuid() != 0)
  58. 			{
  59. 				fprintf(stderr, "su: Only the super-user can override the target shell\n");
  60. 				return 1;
  61. 			}
  63. 			shell = optarg;
  64. 			break;
  65. 		case 'p': // preserve environment
  66. 			if(getuid() != 0)
  67. 			{
  68. 				fprintf(stderr, "su: Only the super-user can preserve the environment\n");
  69. 				return 1;
  70. 			}
  72. 			opt_p = true;
  73. 			break;
  74. 		case ':':
  75. 			fprintf(stderr, "su: Option -%c requires an operand\n", optopt);
  76. 			return 1;
  77. 		case '?':
  78. 			fprintf(stderr, "su: Unrecognized option: '-%c'\n", optopt);
  79. 			return 1;
  80. 		default:
  81. 			fprintf(stderr, "su: Unknown getopt state, aborting\n");
  82. 			abort();
  83. 		}
  84. 	}
  86. 	argc -= optind;
  87. 	argv += optind;
  89. 	if(argv[0] && strcmp(argv[0], "-") == 0)
  90. 	{
  91. 		opt_l = true;
  93. 		argc -= 1;
  94. 		argv += 1;
  95. 	}
  97. 	if(argc > 1)
  98. 	{
  99. 		fprintf(stderr, "su: Too many arguments given.\n");
  100. 		return 1;
  101. 	}
  103. 	if(argc == 1)
  104. 	{
  105. 		username = argv[0];
  106. 	}
  108. 	errno = 0;
  109. 	pwent = getpwnam(username);
  111. 	if(pwent == NULL)
  112. 	{
  113. 		if(errno != 0)
  114. 		{
  115. 			perror("su: getpwnam");
  116. 		}
  117. 		else
  118. 		{
  119. 			fprintf(stderr, "su: getpwnam: No entry found for user %s\n", username);
  120. 		}
  122. 		return 1;
  123. 	}
  125. 	if(shell == NULL)
  126. 	{
  127. 		if(pwent->pw_shell)
  128. 		{
  129. 			shell = pwent->pw_shell;
  130. 		}
  131. 		else
  132. 		{
  133. 			fprintf(stderr, "su: No shell entry for user %s\n", username);
  134. 		}
  135. 	}
  137. 	fprintf(stderr, "su: Authenticating as %s\n", username);
  139. 	if(getuid() != 0)
  140. 	{
  141. 		char *pw_hash = NULL;
  142. 		if(pwent->pw_passwd)
  143. 		{
  144. 			pw_hash = pwent->pw_passwd;
  145. 		}
  147. #ifdef __linux__
  148. 		// Always fetched to avoid potentially leaking passwd contents
  149. 		errno              = 0;
  150. 		struct spwd *swent = getspnam(username);
  151. 		if(errno != 0)
  152. 		{
  153. 			perror("su: getspnam");
  154. 		}
  155. 		else
  156. 		{
  157. 			if(pw_hash && pw_hash[0] == 'x' && pw_hash[1] == 0)
  158. 			{
  159. 				pw_hash = swent->sp_pwdp;
  160. 			}
  162. 			explicit_bzero(swent, sizeof(swent));
  163. 			swent = NULL;
  164. 		}
  165. #endif /* __linux__ */
  167. 		char *password = NULL;
  168. 		ssize_t got    = skeud_getpass(&password);
  169. 		if(got < 0)
  170. 		{
  171. 			free(password);
  172. 			return 1;
  173. 		}
  175. 		bool valid_p = skeud_crypt_check(pw_hash, password);
  176. 		explicit_bzero(password, got);
  177. 		free(password);
  178. 		if(pw_hash) explicit_bzero(pw_hash, sizeof(pw_hash));
  180. 		if(!valid_p)
  181. 		{
  182. 			sleep(2);
  183. 			fprintf(stderr, "su: Invalid username or password\n");
  184. 			return 1;
  185. 		}
  186. 	}
  188. 	if(!opt_p)
  189. 	{
  190. 		char *term = getenv("TERM");
  191. 		environ    = envclear;
  192. 		if(term)
  193. 		{
  194. 			setenv("TERM", term, 1);
  195. 		}
  196. 	}
  198. 	if(setgid(pwent->pw_gid) < 0)
  199. 	{
  200. 		perror("su: setgid");
  201. 	}
  202. 	if(initgroups(username, pwent->pw_gid) < 0)
  203. 	{
  204. 		perror("su: initgroups");
  205. 	}
  206. 	if(setuid(pwent->pw_uid) < 0)
  207. 	{
  208. 		perror("su: setuid");
  209. 	}
  211. 	char *home = pwent->pw_dir ? pwent->pw_dir : "/";
  212. 	setenv("HOME", home, 1);
  213. 	if(opt_l)
  214. 	{
  215. 		if(chdir(pwent->pw_dir) != 0) perror("su: chdir");
  216. 	}
  218. 	explicit_bzero(pwent, sizeof(pwent));
  219. 	pwent = NULL;
  221. 	setenv("USER", username, 1);
  222. 	setenv("LOGNAME", username, 1);
  223. 	setenv("SHELL", shell, 1);
  224. 	setenv("IFS", " \t\n", 1);
  226. 	int cmd_argc              = 1;
  227. 	char *cmd_argv[2 + 1 + 2] = {shell, NULL};
  229. 	if(opt_l)
  230. 	{
  231. 		cmd_argv[cmd_argc++] = "-l";
  232. 	}
  234. 	if(opt_cmd != NULL)
  235. 	{
  236. 		cmd_argv[cmd_argc++] = "-c";
  237. 		cmd_argv[cmd_argc++] = opt_cmd;
  238. 	}
  240. 	/* Just to be sure it's null-terminated */
  241. 	cmd_argv[cmd_argc + 1] = NULL;
  243. 	errno = 0;
  244. 	/* flawfinder: ignore CWE-78 */
  245. 	int ret = execvp(shell, cmd_argv);
  246. 	if(ret < 0)
  247. 	{
  248. 		if(errno == ENOENT)
  249. 		{
  250. 			perror("su: execve");
  251. 			return 127;
  252. 		}
  253. 		else
  254. 		{
  255. 			perror("su: execve");
  256. 			return 126;
  257. 		}
  258. 	}
  259. }