12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394 |
- /* su.c - switch user
- *
- * Copyright 2013 CE Strake <strake888@gmail.com>
- *
- * See http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/su.html
- * TODO: log su attempts
- * TODO: suid support
- * Supports undocumented compatibility options: -m synonym for -p, - for -l
- USE_SU(NEWTOY(su, "^lmpu:g:c:s:[!lmp]", TOYFLAG_BIN|TOYFLAG_ROOTONLY))
- config SU
- bool "su"
- default y
- depends on TOYBOX_SHADOW
- help
- usage: su [-lp] [-u UID] [-g GID,...] [-s SHELL] [-c CMD] [USER [COMMAND...]]
- Switch user, prompting for password of new user when not run as root.
- With one argument, switch to USER and run user's shell from /etc/passwd.
- With no arguments, USER is root. If COMMAND line provided after USER,
- exec() it as new USER (bypassing shell). If -u or -g specified, first
- argument (if any) isn't USER (it's COMMAND).
- first argument is USER name to switch to (which must exist).
- Non-root users are prompted for new user's password.
- -s Shell to use (default is user's shell from /etc/passwd)
- -c Command line to pass to -s shell (ala sh -c "CMD")
- -l Reset environment as if new login.
- -u Switch to UID instead of USER
- -g Switch to GID (only root allowed, can be comma separated list)
- -p Preserve environment (except for $PATH and $IFS)
- */
- #define FOR_su
- #include "toys.h"
- GLOBALS(
- char *s;
- char *c;
- )
- void su_main()
- {
- char *name, *passhash = 0, **argu, **argv;
- struct passwd *up;
- struct spwd *shp;
- if (*toys.optargs && !strcmp("-", *toys.optargs)) {
- toys.optflags |= FLAG_l;
- toys.optargs++;
- }
- if (*toys.optargs) name = *(toys.optargs++);
- else name = "root";
- loggit(LOG_NOTICE, "%s->%s", getusername(geteuid()), name);
- if (!(shp = getspnam(name))) perror_exit("no '%s'", name);
- if (getuid()) {
- if (*shp->sp_pwdp != '$') goto deny;
- if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
- passhash = crypt(toybuf, shp->sp_pwdp);
- memset(toybuf, 0, sizeof(toybuf));
- if (!passhash || strcmp(passhash, shp->sp_pwdp)) goto deny;
- }
- closelog();
- xsetuser(up = xgetpwnam(name));
- if (FLAG(m)||FLAG(p)) {
- unsetenv("IFS");
- setenv("PATH", _PATH_DEFPATH, 1);
- } else reset_env(up, FLAG(l));
- argv = argu = xmalloc(sizeof(char *)*(toys.optc + 4));
- *(argv++) = TT.s ? TT.s : up->pw_shell;
- loggit(LOG_NOTICE, "run %s", *argu);
- if (FLAG(l)) *(argv++) = "-l";
- if (FLAG(c)) {
- *(argv++) = "-c";
- *(argv++) = TT.c;
- }
- while ((*(argv++) = *(toys.optargs++)));
- xexec(argu);
- deny:
- syslog(LOG_NOTICE, "No.");
- puts("No.");
- toys.exitval = 1;
- }
|