improvements and fixes
This commit is contained in:
parent
d6c13b3d39
commit
e63109a763
52
us.c
52
us.c
@ -38,6 +38,7 @@
|
||||
#include <termios.h>
|
||||
#include <stdarg.h>
|
||||
#include <ctype.h>
|
||||
#include <signal.h>
|
||||
|
||||
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
|
||||
#include <crypt.h>
|
||||
@ -48,7 +49,6 @@
|
||||
#endif
|
||||
|
||||
#define MAX_HASH 1024
|
||||
#define CONF_FILE "/etc/us.conf"
|
||||
#define CONF_LINE_MAX 1024
|
||||
#define GROUPS_MAX 256
|
||||
#define FLAG_PERSIST 0x1
|
||||
@ -81,20 +81,19 @@ static struct group* group_to_grp(const char *);
|
||||
static int get_config(struct config **, int *);
|
||||
|
||||
extern char **environ;
|
||||
char *config_file = "/etc/us.conf";
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
// TODO: modify signal handlers to ignore sigchld to not make zombies
|
||||
char *t_usr = "root", *t_grp = NULL;
|
||||
struct passwd *t_pw;
|
||||
struct group *t_gr;
|
||||
int opt, err;
|
||||
int shellflag = 0, envflag = 0;
|
||||
while ((opt = getopt(argc, argv, "A:u:g:C:se")) != -1) {
|
||||
int shellflag = 0, envflag = 0, askpass = 0;
|
||||
while ((opt = getopt(argc, argv, "Au:g:C:se")) != -1) {
|
||||
switch (opt) {
|
||||
case 'A':
|
||||
printf("-A is not yet implemented\n");
|
||||
exit(EXIT_FAILURE);
|
||||
askpass = 1;
|
||||
break;
|
||||
case 'u':
|
||||
t_usr = optarg;
|
||||
@ -103,8 +102,7 @@ int main(int argc, char *argv[])
|
||||
t_grp = optarg;
|
||||
break;
|
||||
case 'C':
|
||||
printf("-C is not yet implemented\n");
|
||||
exit(EXIT_FAILURE);
|
||||
config_file = optarg;
|
||||
break;
|
||||
case 's':
|
||||
shellflag = 1;
|
||||
@ -139,6 +137,13 @@ int main(int argc, char *argv[])
|
||||
die("user_to_passwd:");
|
||||
t_gr = group_to_grp(t_grp);
|
||||
|
||||
/* Don't have to wait for children */
|
||||
struct sigaction sa = {0};
|
||||
sa.sa_handler = SIG_DFL;
|
||||
sa.sa_flags = SA_NOCLDWAIT;
|
||||
if (sigaction(SIGCHLD, &sa, NULL) == -1)
|
||||
die("sigaction:");
|
||||
|
||||
/* From now on most actions require root */
|
||||
if (setuid(0) == -1)
|
||||
die("setuid:");
|
||||
@ -210,7 +215,7 @@ int main(int argc, char *argv[])
|
||||
|
||||
/* Authenticate, we will be root from now on */
|
||||
if (!(conf_flags & FLAG_NOPASS))
|
||||
if (authenticate(my_pw->pw_uid, 0))
|
||||
if (authenticate(my_pw->pw_uid, askpass))
|
||||
exit(EXIT_FAILURE);
|
||||
|
||||
/* Get target user's shell */
|
||||
@ -323,7 +328,7 @@ static inline void usage(void)
|
||||
// -c [file]: manually select config file
|
||||
// something about environment
|
||||
// something about non interactiveness
|
||||
printf("usage: us [-se] [-u user] [-g group] command [args]\n");
|
||||
printf("usage: us [-seA] [-u user] [-g group] [-C config] command [args]\n");
|
||||
}
|
||||
|
||||
static int perm_set(struct passwd *pw, struct group *gr)
|
||||
@ -388,7 +393,6 @@ static int authenticate(uid_t uid, char ask)
|
||||
endspent();
|
||||
ulckpwdf();
|
||||
#elif defined(__OpenBSD__)
|
||||
// TODO: openbsd has getpwuid_passwd
|
||||
struct passwd *op = getpwuid_shadow(uid);
|
||||
if (!op)
|
||||
die("getpwuid_shadow:");
|
||||
@ -407,7 +411,7 @@ static int authenticate(uid_t uid, char ask)
|
||||
char pass[1024] = {0};
|
||||
struct termios tio_before, tio_pass;
|
||||
if (ask && askpass) {
|
||||
pid_t pid;
|
||||
pid_t pid, parent = getpid();
|
||||
int pipefd[2];
|
||||
if (pipe(pipefd) == -1)
|
||||
die("pipe:");
|
||||
@ -416,23 +420,28 @@ static int authenticate(uid_t uid, char ask)
|
||||
die("fork:");
|
||||
break;
|
||||
case 0:
|
||||
/* we are still root, drop off permissions before
|
||||
* disasters happen */
|
||||
if (setuid(uid) == -1) {
|
||||
kill(parent, SIGTERM);
|
||||
die("askpass: setuid:");
|
||||
}
|
||||
if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
|
||||
// TODO: send signal to parent dup failed
|
||||
die("dup2:");
|
||||
kill(parent, SIGTERM);
|
||||
die("askpass: dup2:");
|
||||
}
|
||||
close(pipefd[0]);
|
||||
execl(askpass, "", (char *)NULL);
|
||||
die("execl:");
|
||||
execl("/bin/sh", "sh", "-c", askpass, (char *)NULL);
|
||||
kill(parent, SIGTERM);
|
||||
die("askpass: execl:");
|
||||
break;
|
||||
default:
|
||||
fd = pipefd[0];
|
||||
close(pipefd[1]);
|
||||
break;
|
||||
}
|
||||
} else if (ask) {
|
||||
die("askpass: no valid askpass specified");
|
||||
} else {
|
||||
printf("Password: ");
|
||||
printf("Password (%s): ", pw->pw_name);
|
||||
fflush(stdout);
|
||||
if (tcgetattr(tty_fd, &tio_before) == -1)
|
||||
die("tcgetattr:");
|
||||
@ -459,7 +468,7 @@ static int authenticate(uid_t uid, char ask)
|
||||
if (pass[l-1] == '\n')
|
||||
pass[--l] = '\0';
|
||||
|
||||
if (ask) {
|
||||
if (ask && askpass) {
|
||||
close(fd);
|
||||
} else {
|
||||
if (tcsetattr(tty_fd, TCSANOW, &tio_before) == -1)
|
||||
@ -467,6 +476,7 @@ static int authenticate(uid_t uid, char ask)
|
||||
}
|
||||
|
||||
char *enc = crypt(pass, hash);
|
||||
/* clean pass from memory */
|
||||
memset(pass, 0, 1024);
|
||||
if (strncmp(hash, enc, 1024)) {
|
||||
printf("Authentication failure\n");
|
||||
@ -591,7 +601,7 @@ static int get_config(struct config **conf, int *num)
|
||||
{
|
||||
if (!conf || !num)
|
||||
return -1;
|
||||
FILE *fp = fopen(CONF_FILE, "r");
|
||||
FILE *fp = fopen(config_file, "r");
|
||||
if (!fp)
|
||||
die("fopen:");
|
||||
struct stat st;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user