1 /* su.c - switch user
2  *
3  * Copyright 2013 CE Strake <strake888@gmail.com>
4  *
5  * See http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/su.html
6  * TODO: log su attempts
7 
8 USE_SU(NEWTOY(su, "lmpc:s:", TOYFLAG_BIN|TOYFLAG_ROOTONLY))
9 
10 config SU
11   bool "su"
12   default y
13   depends on TOYBOX_SHADOW
14   help
15     usage: su [-lmp] [-c CMD] [-s SHELL] [USER [ARGS...]]
16 
17     Switch to user (or root) and run shell (with optional command line).
18 
19     -s	shell to use
20     -c	command to pass to shell with -c
21     -l	login shell
22     -(m|p)	preserve environment
23 */
24 
25 #define FOR_su
26 #include "toys.h"
27 
GLOBALS(char * s;char * c;)28 GLOBALS(
29   char *s;
30   char *c;
31 )
32 
33 static char *snapshot_env(char *name)
34 {
35   char *s = getenv(name);
36 
37   if (s) return xmprintf("%s=%s", name, s);
38 
39   return 0;
40 }
41 
su_main()42 void su_main()
43 {
44   char *name, *passhash = 0, **argu, **argv;
45   struct passwd *up;
46   struct spwd *shp;
47 
48   if (*toys.optargs && !strcmp("-", *toys.optargs)) {
49     toys.optflags |= FLAG_l;
50     toys.optargs++;
51   }
52 
53   if (*toys.optargs) name = *(toys.optargs++);
54   else name = "root";
55 
56   if (!(shp = getspnam(name))) perror_exit("no '%s'", name);
57   if (getuid()) {
58     if (*shp->sp_pwdp != '$') goto deny;
59     if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
60     passhash = crypt(toybuf, shp->sp_pwdp);
61     memset(toybuf, 0, sizeof(toybuf));
62     if (!passhash || strcmp(passhash, shp->sp_pwdp)) goto deny;
63   }
64 
65   up = xgetpwnam(name);
66   xsetuser(up);
67 
68   argv = argu = xmalloc(sizeof(char *)*(toys.optc + 4));
69   *(argv++) = TT.s ? TT.s : up->pw_shell;
70 
71   if (toys.optflags & FLAG_l) {
72     int i;
73     char *stuff[] = {snapshot_env("TERM"), snapshot_env("DISPLAY"),
74       snapshot_env("COLORTERM"), snapshot_env("XAUTHORITY")};
75 
76     clearenv();
77     for (i=0; i < ARRAY_LEN(stuff); i++) if (stuff[i]) putenv(stuff[i]);
78     *(argv++) = "-l";
79     xchdir(up->pw_dir);
80   } else unsetenv("IFS");
81   setenv("PATH", "/sbin:/bin:/usr/sbin:/usr/bin", 1);
82   if (!(toys.optflags & (FLAG_m|FLAG_p))) {
83     setenv("HOME", up->pw_dir, 1);
84     setenv("SHELL", up->pw_shell, 1);
85     setenv("USER", up->pw_name, 1);
86     setenv("LOGNAME", up->pw_name, 1);
87   } else unsetenv("IFS");
88 
89   if (toys.optflags & FLAG_c) {
90     *(argv++) = "-c";
91     *(argv++) = TT.c;
92   }
93   while ((*(argv++) = *(toys.optargs++)));
94   xexec(argu);
95   perror_exit("can't exec %s", *argu);
96 
97 deny:
98   puts("No.");
99   toys.exitval = 1;
100 }
101