implemented "nolog" option

master
Alessandro Mauri 3 years ago
parent f489885e3e
commit 475aa341c5
  1. 33
      us.c

33
us.c

@ -41,6 +41,7 @@
#include <signal.h> #include <signal.h>
#include <time.h> #include <time.h>
#include <fcntl.h> #include <fcntl.h>
#include <syslog.h>
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1 #if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
#include <crypt.h> #include <crypt.h>
@ -51,6 +52,7 @@
#endif #endif
#define MAX_HASH 1024 #define MAX_HASH 1024
#define PASS_MAX 1024
#define CONF_LINE_MAX 1024 #define CONF_LINE_MAX 1024
#define GROUPS_MAX 256 #define GROUPS_MAX 256
#define STR_MAX 1024 #define STR_MAX 1024
@ -242,8 +244,18 @@ int main(int argc, char *argv[])
/* Authenticate, we will be root from now on */ /* Authenticate, we will be root from now on */
if (!(conf_flags & FLAG_NOPASS)) if (!(conf_flags & FLAG_NOPASS))
if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST)) if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST)) {
if (!(conf_flags & FLAG_NOLOG))
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
char cmd[1024] = {0};
for (int i = optind, x = 0; argv[i] && x < 1024; i++)
x += snprintf(cmd, 1024-x, "%s ", argv[i]);
openlog("us", LOG_NOWAIT, LOG_AUTH);
syslog(LOG_NOTICE, "user %s tried to run %s as %s"
"but failed", my_name, cmd, t_pw->pw_name);
closelog();
exit(EXIT_FAILURE);
}
/* Get target user's shell */ /* Get target user's shell */
if (!shellflag) if (!shellflag)
@ -333,6 +345,15 @@ int main(int argc, char *argv[])
goto fail_end; goto fail_end;
} }
if (!(conf_flags & FLAG_NOLOG)) {
char cmd[1024] = {0};
for (int i = 0, x = 0; c_argv[i] && x < 1024; i++)
x += snprintf(cmd, 1024-x, "%s ", c_argv[i]);
openlog("us", LOG_NOWAIT, LOG_AUTH);
syslog(LOG_INFO, "user %s ran %s as %s", my_name, cmd, t_pw->pw_name);
closelog();
}
/* Execute the command */ /* Execute the command */
err = execvp(c_argv[0], c_argv); err = execvp(c_argv[0], c_argv);
if (err == -1) if (err == -1)
@ -486,7 +507,7 @@ static int authenticate(uid_t uid, int ask, int persist)
int fd = STDIN_FILENO; int fd = STDIN_FILENO;
char *askpass = getenv("US_ASKPASS"); char *askpass = getenv("US_ASKPASS");
char pass[1024] = {0}; char pass[PASS_MAX] = {0};
struct termios tio_before, tio_pass; struct termios tio_before, tio_pass;
if (ask && askpass) { if (ask && askpass) {
pid_t pid, parent = getpid(); pid_t pid, parent = getpid();
@ -532,7 +553,7 @@ static int authenticate(uid_t uid, int ask, int persist)
if (tcsetattr(tty_fd, TCSANOW, &tio_pass) == -1) if (tcsetattr(tty_fd, TCSANOW, &tio_pass) == -1)
die("tcsetattr:"); die("tcsetattr:");
} }
int r = read(fd, pass, 1023); int r = read(fd, pass, PASS_MAX-1);
if (!r || r == -1) { if (!r || r == -1) {
if (errno) if (errno)
fprintf(stderr, "read: %s\n", strerror(errno)); fprintf(stderr, "read: %s\n", strerror(errno));
@ -543,7 +564,7 @@ static int authenticate(uid_t uid, int ask, int persist)
waitpid(-1, NULL, 0); waitpid(-1, NULL, 0);
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
pass[1023] = '\0'; pass[PASS_MAX-1] = '\0';
/* Remove the terminating (if there is) \n in password */ /* Remove the terminating (if there is) \n in password */
int l = strlen(pass); int l = strlen(pass);
if (pass[l-1] == '\n') if (pass[l-1] == '\n')
@ -558,8 +579,8 @@ static int authenticate(uid_t uid, int ask, int persist)
char *enc = crypt(pass, hash); char *enc = crypt(pass, hash);
/* Remove password from memory, just to be sure */ /* Remove password from memory, just to be sure */
memset(pass, 0, 1024); memset(pass, 0, PASS_MAX);
if (strncmp(hash, enc, 1024)) { if (strncmp(hash, enc, PASS_MAX)) {
printf("Authentication failure\n"); printf("Authentication failure\n");
setuid(uid); setuid(uid);
return -1; return -1;

Loading…
Cancel
Save