1252995Sdteskeif [ ! "$_MUSTBEROOT_SUBR" ]; then _MUSTBEROOT_SUBR=1 2252995Sdteske# 3252995Sdteske# Copyright (c) 2006-2013 Devin Teske 4252995Sdteske# All rights reserved. 5252995Sdteske# 6252995Sdteske# Redistribution and use in source and binary forms, with or without 7252995Sdteske# modification, are permitted provided that the following conditions 8252995Sdteske# are met: 9252995Sdteske# 1. Redistributions of source code must retain the above copyright 10252995Sdteske# notice, this list of conditions and the following disclaimer. 11252995Sdteske# 2. Redistributions in binary form must reproduce the above copyright 12252995Sdteske# notice, this list of conditions and the following disclaimer in the 13252995Sdteske# documentation and/or other materials provided with the distribution. 14252995Sdteske# 15252995Sdteske# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16252995Sdteske# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17252995Sdteske# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18252995Sdteske# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19252995Sdteske# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20252995Sdteske# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21252995Sdteske# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22252995Sdteske# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23252995Sdteske# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24252995Sdteske# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25252995Sdteske# SUCH DAMAGE. 26252995Sdteske# 27252995Sdteske# $FreeBSD$ 28252995Sdteske# 29252995Sdteske############################################################ INCLUDES 30252995Sdteske 31252995SdteskeBSDCFG_SHARE="/usr/share/bsdconfig" 32252995Sdteske. $BSDCFG_SHARE/common.subr || exit 1 33252995Sdteskef_dprintf "%s: loading includes..." mustberoot.subr 34252995Sdteskef_include $BSDCFG_SHARE/dialog.subr 35263791Sdteskef_include $BSDCFG_SHARE/strings.subr 36252995Sdteske 37252995SdteskeBSDCFG_LIBE="/usr/libexec/bsdconfig" 38252995Sdteskef_include_lang $BSDCFG_LIBE/include/messages.subr 39252995Sdteske 40252995Sdteske############################################################ CONFIGURATION 41252995Sdteske# NOTE: These are not able to be overridden/inherited for security purposes. 42252995Sdteske 43252995Sdteske# 44252995Sdteske# Number of tries a user gets to enter his/her password before we log the 45252995Sdteske# sudo(8) failure and exit. 46252995Sdteske# 47252995SdteskePASSWD_TRIES=3 48252995Sdteske 49252995Sdteske# 50252995Sdteske# While in SECURE mode, should authentication as `root' be allowed? Set to 51252995Sdteske# non-NULL to enable authentication as `root', otherwise disabled. 52252995Sdteske# 53252995Sdteske# WARNING: 54252995Sdteske# Unless using a custom sudo(8) configuration, user `root' should not be 55252995Sdteske# allowed because no password is required to become `root' when already `root' 56252995Sdteske# and therefore, any value entered as password will work. 57252995Sdteske# 58252995SdteskeSECURE_ALLOW_ROOT= 59252995Sdteske 60252995Sdteske# 61252995Sdteske# While in SECURE mode, should we divulge (through error message) when the 62252995Sdteske# requested authentication user does not exist? Set to non-NULL to enable, 63252995Sdteske# otherwise a non-existent user is treated like an invalid password. 64252995Sdteske# 65252995SdteskeSECURE_DIVULGE_UNKNOWN_USER= 66252995Sdteske 67252995Sdteske############################################################ FUNCTIONS 68252995Sdteske 69252995Sdteske# f_become_root_via_sudo 70252995Sdteske# 71252995Sdteske# If not running as root, prompt for sudo(8) credentials to become root. 72252995Sdteske# Re-execution of the current program via sudo is automatically handled. 73252995Sdteske# 74252995Sdteske# The following environment variables effect functionality: 75252995Sdteske# 76252995Sdteske# USE_XDIALOG Either NULL or Non-NULL. If given a value will indicate 77252995Sdteske# that Xdialog(1) should be used instead of dialog(1). 78252995Sdteske# 79252995Sdteskef_become_root_via_sudo() 80252995Sdteske{ 81263791Sdteske local funcname=f_become_root_via_sudo 82252995Sdteske local prompt hline height width rows msg 83252995Sdteske 84252995Sdteske [ "$( id -u )" = "0" ] && return $SUCCESS 85252995Sdteske 86252995Sdteske f_have sudo || f_die 1 "$msg_must_be_root_to_execute" "$pgm" 87252995Sdteske 88252995Sdteske # 89252995Sdteske # Ask the user if it's OK to become root via sudo(8) and give them 90252995Sdteske # the option to save this preference (by touch(1)ing a file in the 91252995Sdteske # user's $HOME directory). 92252995Sdteske # 93252995Sdteske local checkpath="${HOME%/}/.bsdconfig_uses_sudo" 94252995Sdteske if [ ! -e "$checkpath" ]; then 95263791Sdteske f_sprintf prompt "$msg_you_are_not_root_but" bsdconfig 96263791Sdteske f_sprintf msg "$msg_always_try_sudo_when_run_as" "$USER" 97252995Sdteske local menu_list=" 98252995Sdteske 'X' '$msg_cancel_exit' 99252995Sdteske '1' '$msg' 100252995Sdteske '2' '$msg_try_sudo_only_this_once' 101252995Sdteske " # END-QUOTE 102252995Sdteske hline="$hline_arrows_tab_enter" 103252995Sdteske 104252995Sdteske eval f_dialog_menu_size height width rows \ 105252995Sdteske \"\$DIALOG_TITLE\" \ 106252995Sdteske \"\$DIALOG_BACKTITLE\" \ 107252995Sdteske \"\$prompt\" \ 108252995Sdteske \"\$hline\" \ 109252995Sdteske $menu_list 110252995Sdteske 111252995Sdteske local mtag 112252995Sdteske mtag=$( eval $DIALOG \ 113252995Sdteske --title \"\$DIALOG_TITLE\" \ 114252995Sdteske --backtitle \"\$DIALOG_BACKTITLE\" \ 115252995Sdteske --hline \"\$hline\" \ 116252995Sdteske --ok-label \"\$msg_ok\" \ 117252995Sdteske --cancel-label \"\$msg_cancel\" \ 118252995Sdteske --menu \"\$prompt\" \ 119252995Sdteske $height $width $rows \ 120252995Sdteske $menu_list \ 121252995Sdteske 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 122252995Sdteske ) || f_die 123252995Sdteske f_dialog_data_sanitize mtag 124252995Sdteske 125252995Sdteske case "$mtag" in 126252995Sdteske X) # Cancel/Exit 127252995Sdteske f_die ;; 128252995Sdteske 1) # Always try sudo(8) when run as $user 129263791Sdteske f_eval_catch $funcname touch \ 130263791Sdteske 'touch "%s"' "$checkpath" && 131252995Sdteske f_show_msg "$msg_created_path" "$checkpath" 132252995Sdteske esac 133252995Sdteske else 134252995Sdteske # 135252995Sdteske # This user has created the path signing-off on sudo(8)-use 136252995Sdteske # but let's still give them a short/quick/unobtrusive reminder 137252995Sdteske # 138252995Sdteske f_dialog_info "$msg_becoming_root_via_sudo" 139252995Sdteske [ "$USE_XDIALOG" ] || sleep 0.6 140252995Sdteske fi 141252995Sdteske 142252995Sdteske # 143252995Sdteske # Check sudo(8) access before prompting for password. 144252995Sdteske # 145252995Sdteske :| sudo -S -v 2> /dev/null 146252995Sdteske if [ $? -ne $SUCCESS ]; then 147252995Sdteske # 148252995Sdteske # sudo(8) access denied. Prompt for their password. 149252995Sdteske # 150252995Sdteske prompt="$msg_please_enter_password" 151252995Sdteske hline="$hline_alnum_punc_tab_enter" 152252995Sdteske f_dialog_inputbox_size height width \ 153252995Sdteske "$DIALOG_TITLE" \ 154252995Sdteske "$DIALOG_BACKTITLE" \ 155252995Sdteske "$prompt" \ 156252995Sdteske "$hline" 157252995Sdteske 158252995Sdteske # 159252995Sdteske # Continue prompting until they either Cancel, succeed 160252995Sdteske # or exceed the number of allowed failures. 161252995Sdteske # 162252995Sdteske local password nfailures=0 retval 163252995Sdteske while [ $nfailures -lt $PASSWD_TRIES ]; do 164252995Sdteske if [ "$USE_XDIALOG" ]; then 165252995Sdteske password=$( $DIALOG \ 166252995Sdteske --title "$DIALOG_TITLE" \ 167252995Sdteske --backtitle "$DIALOG_BACKTITLE" \ 168252995Sdteske --hline "$hline" \ 169252995Sdteske --ok-label "$msg_ok" \ 170252995Sdteske --cancel-label "$msg_cancel" \ 171252995Sdteske --password --inputbox "$prompt" \ 172252995Sdteske $height $width \ 173252995Sdteske 2>&1 > /dev/null 174252995Sdteske ) 175252995Sdteske retval=$? 176252995Sdteske 177252995Sdteske # Catch X11-related errors 178263791Sdteske if [ $retval -eq $DIALOG_ESC ]; then 179252995Sdteske f_die $retval "$password" 180263791Sdteske elif [ $retval -ne $DIALOG_OK ]; then 181252995Sdteske # User cancelled 182252995Sdteske exit $retval 183252995Sdteske fi 184252995Sdteske else 185252995Sdteske password=$( $DIALOG \ 186252995Sdteske --title "$DIALOG_TITLE" \ 187252995Sdteske --backtitle "$DIALOG_BACKTITLE" \ 188252995Sdteske --hline "$hline" \ 189252995Sdteske --ok-label "$msg_ok" \ 190252995Sdteske --cancel-label "$msg_cancel" \ 191252995Sdteske --insecure \ 192252995Sdteske --passwordbox "$prompt" \ 193252995Sdteske $height $width \ 194252995Sdteske 2>&1 >&$DIALOG_TERMINAL_PASSTHRU_FD 195252995Sdteske ) || exit $? 196252995Sdteske fi 197252995Sdteske debug= f_dialog_line_sanitize password 198252995Sdteske 199252995Sdteske # 200252995Sdteske # Validate sudo(8) credentials 201252995Sdteske # 202252995Sdteske sudo -S -v 2> /dev/null <<-EOF 203252995Sdteske $password 204252995Sdteske EOF 205252995Sdteske retval=$? 206252995Sdteske unset password # scrub memory 207252995Sdteske if [ $retval -eq $SUCCESS ]; then 208252995Sdteske # Access granted... 209252995Sdteske break 210252995Sdteske else 211252995Sdteske # Access denied... 212252995Sdteske nfailures=$(( $nfailures + 1 )) 213252995Sdteske 214252995Sdteske # introduce a short delay 215252995Sdteske if [ $nfailures -lt $PASSWD_TRIES ]; then 216252995Sdteske f_dialog_info "$msg_sorry_try_again" 217252995Sdteske sleep 1 218252995Sdteske fi 219252995Sdteske fi 220252995Sdteske done 221252995Sdteske 222252995Sdteske # 223252995Sdteske # If user exhausted number of allowed password tries, log 224252995Sdteske # the security event and exit immediately. 225252995Sdteske # 226252995Sdteske if [ $nfailures -ge $PASSWD_TRIES ]; then 227263791Sdteske f_sprintf msg "$msg_nfailed_attempts" "$nfailures" 228252995Sdteske logger -p auth.notice -t sudo " " \ 229252995Sdteske "$USER : $msg" \ 230252995Sdteske "; TTY=$(tty)" \ 231252995Sdteske "; PWD=$PWD" \ 232252995Sdteske "; USER=root" \ 233252995Sdteske "; COMMAND=$0" 234252995Sdteske f_die 1 "sudo: $msg" 235252995Sdteske fi 236252995Sdteske fi 237252995Sdteske 238252995Sdteske # Use xauth(1) to grant root the ability to use this X11/SSH session 239252995Sdteske if [ "$USE_XDIALOG" -a "$SSH_CONNECTION" -a "$DISPLAY" ]; then 240252995Sdteske f_have xauth || f_die 1 \ 241252995Sdteske "$msg_no_such_file_or_directory" "$pgm" "xauth" 242252995Sdteske local HOSTNAME displaynum 243252995Sdteske HOSTNAME=$(hostname) 244252995Sdteske displaynum="${DISPLAY#*:}" 245252995Sdteske xauth -f ~/.Xauthority extract - $HOSTNAME/unix:$displaynum \ 246252995Sdteske $HOSTNAME:$displaynum | sudo sh -c 'xauth -ivf \ 247252995Sdteske ~root/.Xauthority merge - > /dev/null 2>&1' 248252995Sdteske fi 249252995Sdteske 250252995Sdteske # Re-execute ourselves with sudo(8) 251252995Sdteske f_dprintf "%s: Becoming root via sudo(8)..." mustberoot.subr 252252995Sdteske if [ $ARGC -gt 0 ]; then 253252995Sdteske exec sudo "$0" $ARGV 254252995Sdteske else 255252995Sdteske exec sudo "$0" 256252995Sdteske fi 257252995Sdteske exit $? # Never reached unless error 258252995Sdteske} 259252995Sdteske 260252995Sdteske# f_authenticate_some_user 261252995Sdteske# 262252995Sdteske# Only used if running as root and requires X11 (see USE_XDIALOG below). 263252995Sdteske# Prompts the user to enter a username and password to be authenticated via 264252995Sdteske# sudo(8) to proceed. 265252995Sdteske# 266252995Sdteske# The following environment variables effect functionality: 267252995Sdteske# 268252995Sdteske# USE_XDIALOG Either NULL or Non-NULL. If given a value will indicate 269252995Sdteske# that Xdialog(1) should be used instead of dialog(1). 270252995Sdteske# 271252995Sdteskef_authenticate_some_user() 272252995Sdteske{ 273252995Sdteske local msg hline height width 274252995Sdteske 275252995Sdteske f_have sudo || f_die 1 "$msg_must_be_root_to_execute" "$pgm" 276252995Sdteske 277252995Sdteske # 278252995Sdteske # Secure-mode has been requested. 279252995Sdteske # 280252995Sdteske 281252995Sdteske [ "$USE_XDIALOG" ] || f_die 1 "$msg_secure_mode_requires_x11" 282252995Sdteske [ "$(id -u)" = "0" ] || f_die 1 "$msg_secure_mode_requires_root" 283252995Sdteske 284252995Sdteske # 285252995Sdteske # Prompt for sudo(8) credentials. 286252995Sdteske # 287252995Sdteske 288252995Sdteske msg="$msg_please_enter_username_password" 289252995Sdteske hline="$hline_alnum_punc_tab_enter" 290252995Sdteske f_xdialog_2inputsbox_size height width \ 291252995Sdteske "$DIALOG_TITLE" \ 292252995Sdteske "$DIALOG_BACKTITLE" \ 293252995Sdteske "$msg" \ 294252995Sdteske "$field_username" "" \ 295252995Sdteske "$field_password" "" 296252995Sdteske height=$(( $height + 2 )) # Add height for --password 297252995Sdteske 298252995Sdteske # 299252995Sdteske # Continue prompting until they either Cancel, succeed or exceed the 300252995Sdteske # number of allowed failures. 301252995Sdteske # 302252995Sdteske local user_pass nfailures=0 retval 303252995Sdteske while [ $nfailures -lt $PASSWD_TRIES ]; do 304252995Sdteske user_pass=$( $DIALOG \ 305252995Sdteske --title "$DIALOG_TITLE" \ 306252995Sdteske --backtitle "$DIALOG_BACKTITLE" \ 307252995Sdteske --hline "$hline" \ 308252995Sdteske --ok-label "$msg_ok" \ 309252995Sdteske --cancel-label "$msg_cancel" \ 310252995Sdteske --password --2inputsbox "$msg" \ 311252995Sdteske $height $width \ 312252995Sdteske "$field_username" "" \ 313252995Sdteske "$field_password" "" \ 314252995Sdteske 2>&1 > /dev/null ) 315252995Sdteske retval=$? 316252995Sdteske 317252995Sdteske # Catch X11-related errors 318263791Sdteske [ $retval -eq $DIALOG_ESC ] && f_die $retval "$user_pass" 319252995Sdteske 320252995Sdteske # Exit if the user cancelled. 321263791Sdteske [ $retval -eq $DIALOG_OK ] || exit $retval 322252995Sdteske 323252995Sdteske # 324252995Sdteske # Make sure the user exists and is non-root 325252995Sdteske # 326252995Sdteske local user password 327252995Sdteske user="${user_pass%%/*}" 328252995Sdteske password="${user_pass#*/}" 329252995Sdteske unset user_pass # scrub memory 330252995Sdteske if [ ! "$user" ]; then 331252995Sdteske nfailures=$(( $nfailures + 1 )) 332252995Sdteske f_show_msg "$msg_no_username" 333252995Sdteske continue 334252995Sdteske fi 335252995Sdteske if [ ! "$SECURE_ALLOW_ROOT" ]; then 336252995Sdteske case "$user" in 337252995Sdteske root|toor) 338252995Sdteske nfailures=$(( $nfailures + 1 )) 339252995Sdteske f_show_msg "$msg_user_disallowed" "$user" 340252995Sdteske continue 341252995Sdteske esac 342252995Sdteske fi 343252995Sdteske if ! f_quietly id "$user"; then 344252995Sdteske nfailures=$(( $nfailures + 1 )) 345252995Sdteske if [ "$SECURE_DIVULGE_UNKNOWN_USER" ]; then 346252995Sdteske f_show_msg "$msg_unknown_user" "$user" 347252995Sdteske elif [ $nfailures -lt $PASSWD_TRIES ]; then 348252995Sdteske f_dialog_info "$msg_sorry_try_again" 349252995Sdteske sleep 1 350252995Sdteske fi 351252995Sdteske continue 352252995Sdteske fi 353252995Sdteske 354252995Sdteske # 355252995Sdteske # Validate sudo(8) credentials for given user 356252995Sdteske # 357252995Sdteske su -m "$user" <<-EOF 358252995Sdteske sh <<EOS 359252995Sdteske sudo -k 360252995Sdteske sudo -S -v 2> /dev/null <<EOP 361252995Sdteske $password 362252995Sdteske EOP 363252995Sdteske EOS 364252995Sdteske EOF 365252995Sdteske retval=$? 366252995Sdteske unset user 367252995Sdteske unset password # scrub memory 368252995Sdteske 369252995Sdteske if [ $retval -eq $SUCCESS ]; then 370252995Sdteske # Access granted... 371252995Sdteske break 372252995Sdteske else 373252995Sdteske # Access denied... 374252995Sdteske nfailures=$(( $nfailures + 1 )) 375252995Sdteske 376252995Sdteske # introduce a short delay 377252995Sdteske if [ $nfailures -lt $PASSWD_TRIES ]; then 378252995Sdteske f_dialog_info "$msg_sorry_try_again" 379252995Sdteske sleep 1 380252995Sdteske fi 381252995Sdteske fi 382252995Sdteske done 383252995Sdteske 384252995Sdteske # 385252995Sdteske # If user exhausted number of allowed password tries, log 386252995Sdteske # the security event and exit immediately. 387252995Sdteske # 388252995Sdteske if [ $nfailures -ge $PASSWD_TRIES ]; then 389263791Sdteske f_sprintf msg "$msg_nfailed_attempts" "$nfailures" 390252995Sdteske logger -p auth.notice -t sudo " " \ 391252995Sdteske "${SUDO_USER:-$USER} : $msg" \ 392252995Sdteske "; TTY=$(tty)" \ 393252995Sdteske "; PWD=$PWD" \ 394252995Sdteske "; USER=root" \ 395252995Sdteske "; COMMAND=$0" 396252995Sdteske f_die 1 "sudo: $message" 397252995Sdteske fi 398252995Sdteske} 399252995Sdteske 400252995Sdteske# f_mustberoot_init 401252995Sdteske# 402252995Sdteske# If not already root, make the switch to root by re-executing ourselves via 403252995Sdteske# sudo(8) using user-supplied credentials. 404252995Sdteske# 405252995Sdteske# The following environment variables effect functionality: 406252995Sdteske# 407252995Sdteske# SECURE Either NULL or Non-NULL. If given a value will indicate 408252995Sdteske# that (while running as root) sudo(8) authentication is 409252995Sdteske# required to proceed. 410252995Sdteske# 411252995Sdteskef_mustberoot_init() 412252995Sdteske{ 413252995Sdteske if [ "$(id -u)" != "0" -a ! "$SECURE" ]; then 414252995Sdteske f_become_root_via_sudo 415252995Sdteske elif [ "$SECURE" ]; then 416252995Sdteske f_authenticate_some_user 417252995Sdteske fi 418252995Sdteske} 419252995Sdteske 420252995Sdteske############################################################ MAIN 421252995Sdteske 422252995Sdteskef_dprintf "%s: Successfully loaded." mustberoot.subr 423252995Sdteske 424252995Sdteskefi # ! $_MUSTBEROOT_SUBR 425