@ -32,8 +32,10 @@
# include <security/pam_misc.h>
# include <security/pam_misc.h>
static void usage ( void ) ;
static void usage ( void ) ;
static int perm_set ( const char * , const char * ) ;
static int perm_set ( struct passwd * , struct group * ) ;
static int authenticate ( const char * ) ;
static int authenticate ( const char * ) ;
static struct passwd * user_to_passwd ( const char * ) ;
static struct group * group_to_grp ( const char * ) ;
// FIXME: misc_conv is a separate library, should stick to plain PAM or make
// FIXME: misc_conv is a separate library, should stick to plain PAM or make
// our own pam module
// our own pam module
@ -43,9 +45,12 @@ int main (int argc, char *argv[])
{
{
// TODO: Add arguments
// TODO: Add arguments
// FIXME: change the default program to execute SHELL
// FIXME: change the default program to execute SHELL
char * t_usr = NULL , * t_grp = NULL ;
char * t_usr = " root " , * t_grp = NULL ;
struct passwd * t_pw ;
struct group * t_gr ;
int opt ;
int opt ;
while ( ( opt = getopt ( argc , argv , " A:u:g:C: " ) ) ! = - 1 ) {
int shellflag = 0 ;
while ( ( opt = getopt ( argc , argv , " A:u:g:C:s " ) ) ! = - 1 ) {
switch ( opt ) {
switch ( opt ) {
case ' A ' :
case ' A ' :
printf ( " -A is not yet implemented \n " ) ;
printf ( " -A is not yet implemented \n " ) ;
@ -61,6 +66,9 @@ int main (int argc, char *argv[])
printf ( " -C is not yet implemented \n " ) ;
printf ( " -C is not yet implemented \n " ) ;
exit ( EXIT_FAILURE ) ;
exit ( EXIT_FAILURE ) ;
break ;
break ;
case ' s ' :
shellflag = 1 ;
break ;
case ' ? ' :
case ' ? ' :
usage ( ) ;
usage ( ) ;
exit ( EINVAL ) ;
exit ( EINVAL ) ;
@ -68,64 +76,51 @@ int main (int argc, char *argv[])
}
}
}
}
/*
/* Get user info */
int c_argc = argc - optind + 2 ;
const char * uname ;
char * * c_argv = malloc ( ( c_argc + 1 ) * sizeof ( char * ) ) ;
char * shell ;
if ( ! c_argv ) {
uid_t ruid = getuid ( ) ;
fprintf ( stderr , " malloc: %s \n " , strerror ( errno ) ) ;
struct passwd * my_pw = getpwuid ( ruid ) ;
goto fail_end ;
if ( ! my_pw ) {
}
c_argv [ 0 ] = shell ;
c_argv [ 1 ] = " -c " ;
for ( int i = 2 ; optind < argc ; i + + , optind + + ) {
c_argv [ i ] = strdup ( argv [ optind ] ) ;
if ( ! c_argv [ i ] ) {
fprintf ( stderr , " getpwid: %s \n " , strerror ( errno ) ) ;
fprintf ( stderr , " getpwid: %s \n " , strerror ( errno ) ) ;
exit ( errno ) ;
return errno ;
}
}
uname = my_pw - > pw_name ;
t_pw = user_to_passwd ( t_usr ) ;
if ( ! t_pw ) {
fprintf ( stderr , " user_to_passwd: %s \n " , strerror ( errno ) ) ;
return errno ;
}
}
c_argc [ c_argv ] = NULL ;
t_gr = group_to_grp ( t_grp ) ;
*/
/* Get target user's shell */
if ( ! shellflag )
shell = t_pw - > pw_shell ;
else
shell = getenv ( " SHELL " ) ;
if ( ! shell )
shell = " /bin/sh " ;
/* Set argc and argv */
/* Set argc and argv */
// TODO: get the right shell for the user (it is in the passwd struct)
char * command = NULL ;
char * shell = " /bin/sh " ;
char * command , * * c_argv ;
int size , popind = optind ;
int size , popind = optind ;
int c_argc = 3 ; // /bin/sh -c command
if ( argc - optind ) {
c_argv = malloc ( ( c_argc + 1 ) * sizeof ( char * ) ) ;
if ( ! c_argv ) {
fprintf ( stderr , " malloc: %s \n " , strerror ( errno ) ) ;
exit ( errno ) ;
}
for ( size = 0 ; optind < argc ; optind + + )
for ( size = 0 ; optind < argc ; optind + + )
size + = strlen ( argv [ optind ] ) + 1 ;
size + = strlen ( argv [ optind ] ) + 1 ;
command = malloc ( sizeof ( char ) * size ) ;
command = malloc ( sizeof ( char ) * size + 1 ) ;
if ( ! command ) {
if ( ! command ) {
fprintf ( stderr , " malloc: %s \n " , strerror ( errno ) ) ;
fprintf ( stderr , " malloc: %s \n " , strerror ( errno ) ) ;
exit ( errno ) ;
exit ( errno ) ;
}
}
memset ( command , 0 , size + 1 ) ;
for ( optind = popind ; optind < argc ; optind + + ) {
for ( optind = popind ; optind < argc ; optind + + ) {
strcat ( command , argv [ optind ] ) ;
strcat ( command , argv [ optind ] ) ;
strcat ( command , " " ) ;
strcat ( command , " " ) ;
}
}
}
c_argv [ 0 ] = shell ;
// FIXME: this should be optional if size is zero: we want just a shell
c_argv [ 1 ] = " -c " ;
c_argv [ 2 ] = command ;
c_argv [ c_argc ] = NULL ;
/* Authenticate */
/* Authenticate */
uid_t ruid = getuid ( ) ;
struct passwd * pw = getpwuid ( ruid ) ;
if ( ! pw ) {
fprintf ( stderr , " getpwid: %s \n " , strerror ( errno ) ) ;
return errno ;
}
const char * uname = pw - > pw_name ;
if ( authenticate ( uname ) ! = PAM_SUCCESS )
if ( authenticate ( uname ) ! = PAM_SUCCESS )
exit ( EXIT_FAILURE ) ;
exit ( EXIT_FAILURE ) ;
@ -133,21 +128,24 @@ int main (int argc, char *argv[])
errno = 0 ;
errno = 0 ;
/* Set permissions */
/* Set permissions */
if ( perm_set ( t_usr , t_grp ) = = - 1 ) { // 0 = root
if ( perm_set ( t_pw , t_gr ) = = - 1 ) {
fprintf ( stderr , " perm_set: %s \n " , strerror ( errno ) ) ;
fprintf ( stderr , " perm_set: %s \n " , strerror ( errno ) ) ;
goto fail_end ;
goto fail_end ;
}
}
/* Execute the command */
/* Execute the command */
if ( execv ( * c_argv , c_argv ) = = - 1 ) // execvp searches in path
int err ;
fprintf ( stderr , " execv: %s \n " , strerror ( errno ) ) ;
if ( command )
err = execl ( shell , shell , " -c " , command , ( char * ) NULL ) ;
else
err = execl ( shell , shell , ( char * ) NULL ) ;
if ( err = = - 1 )
fprintf ( stderr , " execl: %s \n " , strerror ( errno ) ) ;
/* Cleanup and return */
/* Cleanup and return */
fail_end :
fail_end :
/* Free up the copied argv */
/* Free up the copied argv */
for ( int i = 0 ; i < c_argc ; i + + )
free ( command ) ;
free ( c_argv [ i ] ) ;
free ( c_argv ) ;
return errno ;
return errno ;
}
}
@ -161,60 +159,24 @@ static inline void usage (void)
// -c [file]: manually select config file
// -c [file]: manually select config file
// something about environment
// something about environment
// something about non interactiveness
// something about non interactiveness
printf ( " usage: us [-u user] [-g group] command [args] \n " ) ;
printf ( " usage: us [-s] [- u user] [-g group] command [args] \n " ) ;
}
}
static int perm_set ( const char * user , const char * group )
static int perm_set ( struct passwd * pw , struct group * gr )
{
{
if ( ! user )
user = " root " ;
struct passwd * pw ;
struct group * gr ;
uid_t uid ;
gid_t gid ;
long uid_l , gid_l ;
errno = 0 ;
if ( user [ 0 ] ! = ' # ' ) {
pw = getpwnam ( user ) ;
} else {
uid_l = strtol ( & user [ 1 ] , NULL , 10 ) ;
if ( uid_l < 0 | | errno ) {
errno = errno ? errno : EINVAL ;
return - 1 ;
}
pw = getpwuid ( ( uid_t ) uid_l ) ;
}
if ( ! pw ) {
if ( ! pw ) {
if ( ! errno )
errno = EINVAL ;
errno = EINVAL ;
return - 1 ;
return - 1 ;
}
}
uid_t uid ;
gid_t gid ;
uid = pw - > pw_uid ;
uid = pw - > pw_uid ;
gid = pw - > pw_gid ;
gid = pw - > pw_gid ;
if ( group ) {
if ( gr )
if ( group [ 0 ] ! = ' # ' ) {
gr = getgrnam ( group ) ;
} else {
gid_l = strtol ( & group [ 1 ] , NULL , 10 ) ;
if ( gid_l < 0 | | errno ) {
errno = errno ? errno : EINVAL ;
return - 1 ;
}
gr = getgrgid ( ( gid_t ) gid_l ) ;
}
if ( ! gr ) {
if ( ! errno )
errno = EINVAL ;
return - 1 ;
}
gid = gr - > gr_gid ;
gid = gr - > gr_gid ;
}
/* Set permissions, setting group perms first because in the case of
/* Set permissions, setting group perms first because in the case of
* dropping from higher permissions setting the uid first results in
* dropping from higher permissions setting the uid first results in
@ -272,3 +234,62 @@ static int authenticate (const char *uname)
return pam_end ( pamh , pam_err ) ;
return pam_end ( pamh , pam_err ) ;
}
}
static struct passwd * user_to_passwd ( const char * user )
{
if ( ! user ) {
errno = EINVAL ;
return NULL ;
}
struct passwd * pw ;
long uid_l ;
errno = 0 ;
if ( user [ 0 ] ! = ' # ' ) {
pw = getpwnam ( user ) ;
} else {
uid_l = strtol ( & user [ 1 ] , NULL , 10 ) ;
if ( uid_l < 0 | | errno ) {
errno = errno ? errno : EINVAL ;
return NULL ;
}
pw = getpwuid ( ( uid_t ) uid_l ) ;
}
if ( ! pw ) {
if ( ! errno )
errno = EINVAL ;
return NULL ;
}
return pw ;
}
static struct group * group_to_grp ( const char * group )
{
if ( ! group ) {
errno = EINVAL ;
return NULL ;
}
struct group * gr ;
long gid_l ;
errno = 0 ;
if ( group [ 0 ] ! = ' # ' ) {
gr = getgrnam ( group ) ;
} else {
gid_l = strtol ( & group [ 1 ] , NULL , 10 ) ;
if ( gid_l < 0 | | errno ) {
errno = errno ? errno : EINVAL ;
return NULL ;
}
gr = getgrgid ( ( gid_t ) gid_l ) ;
}
if ( ! gr ) {
if ( ! errno )
errno = EINVAL ;
return NULL ;
}
return gr ;
}