us/us.c

/*
    us - User Switcher
    Copyright (C) 2021  Alessandro Mauri

    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License version 3.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <https://www.gnu.org/licenses/>.

    e-mail: alemauri001@tuta.io
*/

#define _POSIX_C_SOURCE 200809L
#define _DEFAULT_SOURCE

#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <pwd.h>
#include <unistd.h>
#include <limits.h>
#include <grp.h>
#include <security/pam_appl.h>
#include <security/pam_misc.h>

static void usage (void);
static int perm_set (const char *, const char *);

// FIXME: misc_conv is a separate library, should stick to plain PAM
static struct pam_conv conv = {misc_conv, NULL};

int main (int argc, char *argv[])
{
	// FIXME: change the default program to execute SHELL
	if (argc < 2) {
		usage();
		exit(1);
	}

	uid_t ruid = getuid();
//	gid_t rgid = getgid();
	struct passwd *pw = getpwuid(ruid);
	if (!pw) {
		fprintf(stderr, "getpwid: %s\n", strerror(errno));
		exit(errno);
	}
	const char *uname = pw->pw_name;

	pam_handle_t *pamh;
	int pam_err, count = 0;

	// TODO: Add arguments

	// TODO: add PAM authentication
	pam_err = pam_start("User Switcher", uname, &conv, &pamh);
	if (pam_err != PAM_SUCCESS) {
		fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err));
		exit(pam_err);
	}

	do {
		pam_err = pam_authenticate(pamh, 0);
		if (pam_err != PAM_SUCCESS)
			printf("Auth failed: %s\n", pam_strerror(pamh, pam_err));
		count++;
	} while (pam_err != PAM_SUCCESS && count < 4);
	if (pam_err != PAM_SUCCESS) {
		fprintf(stderr, "better luck next time\n");
		pam_end(pamh, pam_err);
		exit(pam_err);
	}
	// FIXME: check again for the validity of the login for more security
	// as in: https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/pam-20/index.html
	// FIXME: ^C [SIGINT] will interrupt this call possibly causing a
	// vulnerability

	pam_end(pamh, pam_err);
	// TODO: clean up env

	// Copy argv and argc
	int c_argc = argc - 1;
	char **c_argv = malloc((c_argc + 1) * sizeof(char *));
	if (!c_argv) {
		fprintf(stderr, "malloc: %s\n", strerror(errno));
		goto fail_end;
	}
	for (int i = 0; i < c_argc; i++)
		c_argv[i] = strdup(argv[i+1]);
	c_argc[c_argv] = NULL;

	errno = 0;
	/* Set permissions */
	if (perm_set(NULL, NULL) == -1) { // 0 = root
		fprintf(stderr, "perm_set: %s\n", strerror(errno));
		goto fail_end;
	}

	/* Execute the command */
	if (execvp(*c_argv, c_argv) == -1) // execvp searches in path
		fprintf(stderr, "execv: %s\n", strerror(errno));


	/* We may no longer have permission to reset the permissions
	// If exec fails reset the permissions
	if (perm_set(pw->pw_name, NULL) == -1) { // 0 = root
		fprintf(stderr, "perm_set: %s\n", strerror(errno));
		goto fail_end;
	} */

	/* Cleanup and return */
	fail_end:

	/* Free up the copied argv */
	for (int i = 0; i < c_argc; i++)
		free(c_argv[i]);
	free(c_argv);
	return errno;
}

static inline void usage (void)
{
	// TODO: planned options
	// -a [program]: like sudo's askpass
	// -u [user]: change the default user from root to user
	// -g [group]: change the primary group to [gorup]
	// 	both -a and -g will accept numbers with #[num] like sudo
	// -c [file]: manually select config file
	// something about environment
	// something about non interactiveness
	printf("usage: us [command]\n");
}

static int perm_set (const char	*user, const char *group)
{
	if (!user)
		user = "root";

	struct passwd *pw;
	struct group *gr;
	uid_t uid;
	gid_t gid;
	long uid_l, gid_l;

	errno = 0;
	if (user[0] != '#') {
		pw = getpwnam(user);
	} else {
		uid_l = strtol(&user[1], NULL, 10);
		if (uid_l < 0 || errno) {
			errno = errno ? errno : EINVAL;
			return -1;
		}
		pw = getpwuid((uid_t)uid_l);
	}

	if (!pw) {
		if (!errno)
			errno = EINVAL;
		return -1;
	}

	uid = pw->pw_uid;
	gid = pw->pw_gid;

	if (group) {
		if (group[0] != '#') {
			gr = getgrnam(group);
		} else {
			gid_l = strtol(&group[1], NULL, 10);
			if (gid_l < 0 || errno) {
				errno = errno ? errno : EINVAL;
				return -1;
			}
			gr = getgrgid((gid_t)gid_l);
		}

		if (!gr) {
			if (!errno)
				errno = EINVAL;
			return -1;
		}
		gid = gr->gr_gid;
	}

	/* Set permissions, setting group perms first because in the case of
	 * dropping from higher permissions setting the uid first results in
	 * an error */
	int err;
	/* Non POSIX but implemented in most systems anyways */
	err = initgroups(pw->pw_name, pw->pw_gid);
	if (err == -1) {
		printf("initgroups failed\n");
		return -1;
	}

	// FIXME: ideally when failing reset the permissions
	if (setregid(gid, gid) == -1) {
		printf("setregid failed\n");
		return -1;
	}
	
	if (setreuid(uid, uid) == -1) {
		printf("setreuid failed\n");
		return -1;
	}

	return 0;
}