|
|
@ -1,12 +1,12 @@ |
|
|
|
#define _POSIX_C_SOURCE 200809L |
|
|
|
#define _POSIX_C_SOURCE 200809L |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#include <sys/types.h> |
|
|
|
#include <stdio.h> |
|
|
|
#include <stdio.h> |
|
|
|
#include <stdlib.h> |
|
|
|
#include <stdlib.h> |
|
|
|
#include <unistd.h> |
|
|
|
|
|
|
|
#include <errno.h> |
|
|
|
|
|
|
|
#include <string.h> |
|
|
|
#include <string.h> |
|
|
|
#include <sys/types.h> |
|
|
|
#include <errno.h> |
|
|
|
#include <pwd.h> |
|
|
|
#include <pwd.h> |
|
|
|
|
|
|
|
#include <unistd.h> |
|
|
|
#include <security/pam_appl.h> |
|
|
|
#include <security/pam_appl.h> |
|
|
|
#include <security/pam_misc.h> |
|
|
|
#include <security/pam_misc.h> |
|
|
|
|
|
|
|
|
|
|
@ -18,6 +18,7 @@ static struct pam_conv conv = {misc_conv, NULL}; |
|
|
|
|
|
|
|
|
|
|
|
int main (int argc, char *argv[]) |
|
|
|
int main (int argc, char *argv[]) |
|
|
|
{ |
|
|
|
{ |
|
|
|
|
|
|
|
// FIXME: change the default program to execute SHELL
|
|
|
|
if (argc < 2) { |
|
|
|
if (argc < 2) { |
|
|
|
usage(); |
|
|
|
usage(); |
|
|
|
exit(1); |
|
|
|
exit(1); |
|
|
@ -57,6 +58,8 @@ int main (int argc, char *argv[]) |
|
|
|
} |
|
|
|
} |
|
|
|
// FIXME: check again for the validity of the login for more security
|
|
|
|
// FIXME: check again for the validity of the login for more security
|
|
|
|
// as in: https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/pam-20/index.html
|
|
|
|
// as in: https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/pam-20/index.html
|
|
|
|
|
|
|
|
// FIXME: ^C [SIGINT] will interrupt this call possibly causing a
|
|
|
|
|
|
|
|
// vulnerability
|
|
|
|
|
|
|
|
|
|
|
|
pam_end(pamh, pam_err); |
|
|
|
pam_end(pamh, pam_err); |
|
|
|
// TODO: clean up env
|
|
|
|
// TODO: clean up env
|
|
|
@ -101,6 +104,14 @@ int main (int argc, char *argv[]) |
|
|
|
|
|
|
|
|
|
|
|
static inline void usage (void) |
|
|
|
static inline void usage (void) |
|
|
|
{ |
|
|
|
{ |
|
|
|
|
|
|
|
// TODO: planned options
|
|
|
|
|
|
|
|
// -a [program]: like sudo's askpass
|
|
|
|
|
|
|
|
// -u [user]: change the default user from root to user
|
|
|
|
|
|
|
|
// -g [group]: change the primary group to [gorup]
|
|
|
|
|
|
|
|
// both -a and -g will accept numbers with #[num] like sudo
|
|
|
|
|
|
|
|
// -c [file]: manually select config file
|
|
|
|
|
|
|
|
// something about environment
|
|
|
|
|
|
|
|
// something about non interactiveness
|
|
|
|
printf("usage: us [command]\n"); |
|
|
|
printf("usage: us [command]\n"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
@ -116,9 +127,11 @@ static int perm_set (uid_t uid, gid_t gid) |
|
|
|
// $ sudo id
|
|
|
|
// $ sudo id
|
|
|
|
// and check the output
|
|
|
|
// and check the output
|
|
|
|
int err = 0; |
|
|
|
int err = 0; |
|
|
|
|
|
|
|
// FIXME: using setresuid() and setresgid() is preferred
|
|
|
|
if ((err = seteuid(uid)) == -1) |
|
|
|
if ((err = seteuid(uid)) == -1) |
|
|
|
return err; |
|
|
|
return err; |
|
|
|
else if ((err = setegid(gid)) == -1) |
|
|
|
else if ((err = setegid(gid)) == -1) |
|
|
|
return err; |
|
|
|
return err; |
|
|
|
|
|
|
|
// FIXME: to set the group list use initgroups()
|
|
|
|
return err; |
|
|
|
return err; |
|
|
|
} |
|
|
|
} |
|
|
|