diff --git a/us.c b/us.c index 2c7aac1..2f55992 100644 --- a/us.c +++ b/us.c @@ -41,6 +41,7 @@ #include #include #include +#include #if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1 #include @@ -51,6 +52,7 @@ #endif #define MAX_HASH 1024 +#define PASS_MAX 1024 #define CONF_LINE_MAX 1024 #define GROUPS_MAX 256 #define STR_MAX 1024 @@ -242,8 +244,18 @@ int main(int argc, char *argv[]) /* Authenticate, we will be root from now on */ if (!(conf_flags & FLAG_NOPASS)) - if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST)) + if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST)) { + if (!(conf_flags & FLAG_NOLOG)) + exit(EXIT_FAILURE); + char cmd[1024] = {0}; + for (int i = optind, x = 0; argv[i] && x < 1024; i++) + x += snprintf(cmd, 1024-x, "%s ", argv[i]); + openlog("us", LOG_NOWAIT, LOG_AUTH); + syslog(LOG_NOTICE, "user %s tried to run %s as %s" + "but failed", my_name, cmd, t_pw->pw_name); + closelog(); exit(EXIT_FAILURE); + } /* Get target user's shell */ if (!shellflag) @@ -333,6 +345,15 @@ int main(int argc, char *argv[]) goto fail_end; } + if (!(conf_flags & FLAG_NOLOG)) { + char cmd[1024] = {0}; + for (int i = 0, x = 0; c_argv[i] && x < 1024; i++) + x += snprintf(cmd, 1024-x, "%s ", c_argv[i]); + openlog("us", LOG_NOWAIT, LOG_AUTH); + syslog(LOG_INFO, "user %s ran %s as %s", my_name, cmd, t_pw->pw_name); + closelog(); + } + /* Execute the command */ err = execvp(c_argv[0], c_argv); if (err == -1) @@ -486,7 +507,7 @@ static int authenticate(uid_t uid, int ask, int persist) int fd = STDIN_FILENO; char *askpass = getenv("US_ASKPASS"); - char pass[1024] = {0}; + char pass[PASS_MAX] = {0}; struct termios tio_before, tio_pass; if (ask && askpass) { pid_t pid, parent = getpid(); @@ -532,7 +553,7 @@ static int authenticate(uid_t uid, int ask, int persist) if (tcsetattr(tty_fd, TCSANOW, &tio_pass) == -1) die("tcsetattr:"); } - int r = read(fd, pass, 1023); + int r = read(fd, pass, PASS_MAX-1); if (!r || r == -1) { if (errno) fprintf(stderr, "read: %s\n", strerror(errno)); @@ -543,7 +564,7 @@ static int authenticate(uid_t uid, int ask, int persist) waitpid(-1, NULL, 0); exit(EXIT_FAILURE); } - pass[1023] = '\0'; + pass[PASS_MAX-1] = '\0'; /* Remove the terminating (if there is) \n in password */ int l = strlen(pass); if (pass[l-1] == '\n') @@ -558,8 +579,8 @@ static int authenticate(uid_t uid, int ask, int persist) char *enc = crypt(pass, hash); /* Remove password from memory, just to be sure */ - memset(pass, 0, 1024); - if (strncmp(hash, enc, 1024)) { + memset(pass, 0, PASS_MAX); + if (strncmp(hash, enc, PASS_MAX)) { printf("Authentication failure\n"); setuid(uid); return -1;