Home | History | Annotate | Download | only in lsb 
      1 /* su.c - switch user
      2  *
      3  * Copyright 2013 CE Strake <strake888 (at) gmail.com>
      4  *
      5  * See http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/su.html
      6  * TODO: log su attempts
      7  * TODO: suid support
      8  * Supports undocumented compatibility options: -m synonym for -p, - for -l
      9 
     10 USE_SU(NEWTOY(su, "^lmpu:g:c:s:[!lmp]", TOYFLAG_BIN|TOYFLAG_ROOTONLY))
     11 
     12 config SU
     13   bool "su"
     14   default y
     15   depends on TOYBOX_SHADOW
     16   help
     17     usage: su [-lp] [-u UID] [-g GID,...] [-s SHELL] [-c CMD] [USER [COMMAND...]]
     18 
     19     Switch user, prompting for password of new user when not run as root.
     20 
     21     With one argument, switch to USER and run user's shell from /etc/passwd.
     22     With no arguments, USER is root. If COMMAND line provided after USER,
     23     exec() it as new USER (bypasing shell). If -u or -g specified, first
     24     argument (if any) isn't USER (it's COMMAND).
     25 
     26     first argument is USER name to switch to (which must exist).
     27     Non-root users are prompted for new user's password.
     28 
     29     -s	Shell to use (default is user's shell from /etc/passwd)
     30     -c	Command line to pass to -s shell (ala sh -c "CMD")
     31     -l	Reset environment as if new login.
     32     -u	Switch to UID instead of USER
     33     -g	Switch to GID (only root allowed, can be comma separated list)
     34     -p	Preserve environment (except for $PATH and $IFS)
     35 */
     36 
     37 #define FOR_su
     38 #include "toys.h"
     39 
     40 GLOBALS(
     41   char *s;
     42   char *c;
     43 )
     44 
     45 void su_main()
     46 {
     47   char *name, *passhash = 0, **argu, **argv;
     48   struct passwd *up;
     49   struct spwd *shp;
     50 
     51   if (*toys.optargs && !strcmp("-", *toys.optargs)) {
     52     toys.optflags |= FLAG_l;
     53     toys.optargs++;
     54   }
     55 
     56   if (*toys.optargs) name = *(toys.optargs++);
     57   else name = "root";
     58 
     59   loggit(LOG_NOTICE, "%s->%s", getusername(getuid()), name);
     60 
     61   if (!(shp = getspnam(name))) perror_exit("no '%s'", name);
     62   if (getuid()) {
     63     if (*shp->sp_pwdp != '$') goto deny;
     64     if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
     65     passhash = crypt(toybuf, shp->sp_pwdp);
     66     memset(toybuf, 0, sizeof(toybuf));
     67     if (!passhash || strcmp(passhash, shp->sp_pwdp)) goto deny;
     68   }
     69   closelog();
     70 
     71   xsetuser(up = xgetpwnam(name));
     72 
     73   if (FLAG(m)||FLAG(p)) {
     74     unsetenv("IFS");
     75     setenv("PATH", _PATH_DEFPATH, 1);
     76   } else reset_env(up, FLAG(l));
     77 
     78   argv = argu = xmalloc(sizeof(char *)*(toys.optc + 4));
     79   *(argv++) = TT.s ? TT.s : up->pw_shell;
     80   loggit(LOG_NOTICE, "run %s", *argu);
     81 
     82   if (FLAG(l)) *(argv++) = "-l";
     83   if (FLAG(c)) {
     84     *(argv++) = "-c";
     85     *(argv++) = TT.c;
     86   }
     87   while ((*(argv++) = *(toys.optargs++)));
     88   xexec(argu);
     89 
     90 deny:
     91   syslog(LOG_NOTICE, "No.");
     92   puts("No.");
     93   toys.exitval = 1;
     94 }
     95