xref: /aosp_15_r20/external/toybox/toys/lsb/su.c (revision cf5a6c84e2b8763fc1a7db14496fd4742913b199) 
1 /* su.c - switch user
2  *
3  * Copyright 2013 CE Strake <[email protected]>
4  *
5  * See http://refspecs.linuxfoundation.org/LSB_4.1.0/LSB-Core-generic/LSB-Core-generic/su.html
6  * TODO: log su attempts
7  * TODO: suid support
8  * Supports undocumented compatibility options: -m synonym for -p, - for -l
9 
10 USE_SU(NEWTOY(su, "^lmpu:g:c:s:[!lmp]", TOYFLAG_BIN|TOYFLAG_ROOTONLY))
11 
12 config SU
13   bool "su"
14   default y
15   help
16     usage: su [-lp] [-u UID] [-g GID,...] [-s SHELL] [-c CMD] [USER [COMMAND...]]
17 
18     Switch user, prompting for password of new user when not run as root.
19 
20     With one argument, switch to USER and run user's shell from /etc/passwd.
21     With no arguments, USER is root. If COMMAND line provided after USER,
22     exec() it as new USER (bypassing shell). If -u or -g specified, first
23     argument (if any) isn't USER (it's COMMAND).
24 
25     first argument is USER name to switch to (which must exist).
26     Non-root users are prompted for new user's password.
27 
28     -s	Shell to use (default is user's shell from /etc/passwd)
29     -c	Command line to pass to -s shell (ala sh -c "CMD")
30     -l	Reset environment as if new login.
31     -u	Switch to UID instead of USER
32     -g	Switch to GID (only root allowed, can be comma separated list)
33     -p	Preserve environment (except for $PATH and $IFS)
34 */
35 
36 #define FOR_su
37 #include "toys.h"
38 
39 GLOBALS(
40   char *s, *c;
41 )
42 
su_main()43 void su_main()
44 {
45   char *name, **shadow, *passhash = 0, **argu, **argv;
46   struct passwd *up;
47 
48   if (*toys.optargs && !strcmp("-", *toys.optargs)) {
49     toys.optflags |= FLAG_l;
50     toys.optargs++;
51   }
52 
53   if (*toys.optargs) name = *(toys.optargs++);
54   else name = "root";
55 
56   loggit(LOG_NOTICE, "%s->%s", getusername(geteuid()), name);
57 
58   if (getuid()) {
59     if (!(shadow = get_userline("/etc/shadow", name)))
60       perror_exit("no '%s'", name);
61     if (*shadow[1] != '$') goto deny;
62     if (read_password(toybuf, sizeof(toybuf), "Password: ")) goto deny;
63     passhash = crypt(toybuf, shadow[1]);
64     if (!passhash || strcmp(passhash, shadow[1])) name = 0;
65     memset(toybuf, 0, sizeof(toybuf));
66     memset(shadow[1], 0, strlen(shadow[1]));
67     if (passhash) memset(passhash, 0, strlen(passhash));
68     if (!name) goto deny;
69   }
70   xsetuser(up = xgetpwnam(name));
71 
72   if (FLAG(m)||FLAG(p)) {
73     unsetenv("IFS");
74     setenv("PATH", _PATH_DEFPATH, 1);
75   } else reset_env(up, FLAG(l));
76 
77   argv = argu = xmalloc(sizeof(char *)*(toys.optc + 4));
78   *argv++ = TT.s ? : up->pw_shell;
79   loggit(LOG_NOTICE, "run %s", *argu);
80 
81   if (FLAG(l)) *(argv++) = "-l";
82   if (FLAG(c)) {
83     *argv++ = "-c";
84     *argv++ = TT.c;
85   }
86   while ((*argv++ = *toys.optargs++));
87   xexec(argu);
88 
89 deny:
90   syslog(LOG_NOTICE, "No.");
91   puts("No.");
92   toys.exitval = 1;
93 }
94