4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2012 Milan Jurik. All rights reserved.
24 */
25 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
26 /* All Rights Reserved */
27
28 /* Copyright (c) 1987, 1988 Microsoft Corporation */
29 /* All Rights Reserved */
30
31 /*
32 * su [-] [name [arg ...]] change userid, `-' changes environment.
33 * If SULOG is defined, all attempts to su to another user are
34 * logged there.
35 * If CONSOLE is defined, all successful attempts to su to uid 0
36 * are also logged there.
37 *
38 * If su cannot create, open, or write entries into SULOG,
39 * (or on the CONSOLE, if defined), the entry will not
40 * be logged -- thus losing a record of the su's attempted
41 * during this period.
42 */
43
266 ttyn = "/dev/???";
267 if ((username = cuserid(NULL)) == NULL)
268 username = "(null)";
269
270 /*
271 * if Sulog defined, create SULOG, if it does not exist, with
272 * mode read/write user. Change owner and group to root
273 */
274 if (Sulog != NULL) {
275 (void) close(open(Sulog, O_WRONLY | O_APPEND | O_CREAT,
276 (S_IRUSR|S_IWUSR)));
277 (void) chown(Sulog, (uid_t)ROOT, (gid_t)ROOT);
278 }
279
280 #ifdef DYNAMIC_SU
281 if (pam_start(embedded ? EMBEDDED_NAME : "su", nptr,
282 embedded ? &emb_pam_conv : &pam_conv, &pamh) != PAM_SUCCESS)
283 exit(1);
284 if (pam_set_item(pamh, PAM_TTY, ttyn) != PAM_SUCCESS)
285 exit(1);
286 #endif /* DYNAMIC_SU */
287
288 openlog("su", LOG_CONS, LOG_AUTH);
289
290 #ifdef DYNAMIC_SU
291
292 /*
293 * Use the same value of sleeptime and password required that
294 * login(1) uses.
295 * This is obtained by reading the file /etc/default/login
296 * using the def*() functions
297 */
298 if (defopen(DEFAULT_LOGIN) == 0) {
299 if ((ptr = defread("SLEEPTIME=")) != NULL) {
300 sleeptime = atoi(ptr);
301 if (sleeptime < 0 || sleeptime > 5)
302 sleeptime = SLEEPTIME;
303 }
304
305 if ((ptr = defread("PASSREQ=")) != NULL &&
|
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright (c) 1988, 2010, Oracle and/or its affiliates. All rights reserved.
23 * Copyright 2012 Milan Jurik. All rights reserved.
24 * Copyright 2014 Nexenta Systems, Inc.
25 */
26 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
27 /* All Rights Reserved */
28
29 /* Copyright (c) 1987, 1988 Microsoft Corporation */
30 /* All Rights Reserved */
31
32 /*
33 * su [-] [name [arg ...]] change userid, `-' changes environment.
34 * If SULOG is defined, all attempts to su to another user are
35 * logged there.
36 * If CONSOLE is defined, all successful attempts to su to uid 0
37 * are also logged there.
38 *
39 * If su cannot create, open, or write entries into SULOG,
40 * (or on the CONSOLE, if defined), the entry will not
41 * be logged -- thus losing a record of the su's attempted
42 * during this period.
43 */
44
267 ttyn = "/dev/???";
268 if ((username = cuserid(NULL)) == NULL)
269 username = "(null)";
270
271 /*
272 * if Sulog defined, create SULOG, if it does not exist, with
273 * mode read/write user. Change owner and group to root
274 */
275 if (Sulog != NULL) {
276 (void) close(open(Sulog, O_WRONLY | O_APPEND | O_CREAT,
277 (S_IRUSR|S_IWUSR)));
278 (void) chown(Sulog, (uid_t)ROOT, (gid_t)ROOT);
279 }
280
281 #ifdef DYNAMIC_SU
282 if (pam_start(embedded ? EMBEDDED_NAME : "su", nptr,
283 embedded ? &emb_pam_conv : &pam_conv, &pamh) != PAM_SUCCESS)
284 exit(1);
285 if (pam_set_item(pamh, PAM_TTY, ttyn) != PAM_SUCCESS)
286 exit(1);
287 if (getpwuid_r(getuid(), &pwd, pwdbuf, sizeof (pwdbuf)) == NULL ||
288 pam_set_item(pamh, PAM_AUSER, pwd.pw_name) != PAM_SUCCESS)
289 exit(1);
290 #endif /* DYNAMIC_SU */
291
292 openlog("su", LOG_CONS, LOG_AUTH);
293
294 #ifdef DYNAMIC_SU
295
296 /*
297 * Use the same value of sleeptime and password required that
298 * login(1) uses.
299 * This is obtained by reading the file /etc/default/login
300 * using the def*() functions
301 */
302 if (defopen(DEFAULT_LOGIN) == 0) {
303 if ((ptr = defread("SLEEPTIME=")) != NULL) {
304 sleeptime = atoi(ptr);
305 if (sleeptime < 0 || sleeptime > 5)
306 sleeptime = SLEEPTIME;
307 }
308
309 if ((ptr = defread("PASSREQ=")) != NULL &&
|