improvements and fixes

master
Alessandro Mauri 3 years ago
parent d6c13b3d39
commit e63109a763
  1. 52
      us.c

52
us.c

@ -38,6 +38,7 @@
#include <termios.h> #include <termios.h>
#include <stdarg.h> #include <stdarg.h>
#include <ctype.h> #include <ctype.h>
#include <signal.h>
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1 #if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
#include <crypt.h> #include <crypt.h>
@ -48,7 +49,6 @@
#endif #endif
#define MAX_HASH 1024 #define MAX_HASH 1024
#define CONF_FILE "/etc/us.conf"
#define CONF_LINE_MAX 1024 #define CONF_LINE_MAX 1024
#define GROUPS_MAX 256 #define GROUPS_MAX 256
#define FLAG_PERSIST 0x1 #define FLAG_PERSIST 0x1
@ -81,20 +81,19 @@ static struct group* group_to_grp(const char *);
static int get_config(struct config **, int *); static int get_config(struct config **, int *);
extern char **environ; extern char **environ;
char *config_file = "/etc/us.conf";
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
// TODO: modify signal handlers to ignore sigchld to not make zombies
char *t_usr = "root", *t_grp = NULL; char *t_usr = "root", *t_grp = NULL;
struct passwd *t_pw; struct passwd *t_pw;
struct group *t_gr; struct group *t_gr;
int opt, err; int opt, err;
int shellflag = 0, envflag = 0; int shellflag = 0, envflag = 0, askpass = 0;
while ((opt = getopt(argc, argv, "A:u:g:C:se")) != -1) { while ((opt = getopt(argc, argv, "Au:g:C:se")) != -1) {
switch (opt) { switch (opt) {
case 'A': case 'A':
printf("-A is not yet implemented\n"); askpass = 1;
exit(EXIT_FAILURE);
break; break;
case 'u': case 'u':
t_usr = optarg; t_usr = optarg;
@ -103,8 +102,7 @@ int main(int argc, char *argv[])
t_grp = optarg; t_grp = optarg;
break; break;
case 'C': case 'C':
printf("-C is not yet implemented\n"); config_file = optarg;
exit(EXIT_FAILURE);
break; break;
case 's': case 's':
shellflag = 1; shellflag = 1;
@ -139,6 +137,13 @@ int main(int argc, char *argv[])
die("user_to_passwd:"); die("user_to_passwd:");
t_gr = group_to_grp(t_grp); t_gr = group_to_grp(t_grp);
/* Don't have to wait for children */
struct sigaction sa = {0};
sa.sa_handler = SIG_DFL;
sa.sa_flags = SA_NOCLDWAIT;
if (sigaction(SIGCHLD, &sa, NULL) == -1)
die("sigaction:");
/* From now on most actions require root */ /* From now on most actions require root */
if (setuid(0) == -1) if (setuid(0) == -1)
die("setuid:"); die("setuid:");
@ -210,7 +215,7 @@ int main(int argc, char *argv[])
/* Authenticate, we will be root from now on */ /* Authenticate, we will be root from now on */
if (!(conf_flags & FLAG_NOPASS)) if (!(conf_flags & FLAG_NOPASS))
if (authenticate(my_pw->pw_uid, 0)) if (authenticate(my_pw->pw_uid, askpass))
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
/* Get target user's shell */ /* Get target user's shell */
@ -323,7 +328,7 @@ static inline void usage(void)
// -c [file]: manually select config file // -c [file]: manually select config file
// something about environment // something about environment
// something about non interactiveness // something about non interactiveness
printf("usage: us [-se] [-u user] [-g group] command [args]\n"); printf("usage: us [-seA] [-u user] [-g group] [-C config] command [args]\n");
} }
static int perm_set(struct passwd *pw, struct group *gr) static int perm_set(struct passwd *pw, struct group *gr)
@ -388,7 +393,6 @@ static int authenticate(uid_t uid, char ask)
endspent(); endspent();
ulckpwdf(); ulckpwdf();
#elif defined(__OpenBSD__) #elif defined(__OpenBSD__)
// TODO: openbsd has getpwuid_passwd
struct passwd *op = getpwuid_shadow(uid); struct passwd *op = getpwuid_shadow(uid);
if (!op) if (!op)
die("getpwuid_shadow:"); die("getpwuid_shadow:");
@ -407,7 +411,7 @@ static int authenticate(uid_t uid, char ask)
char pass[1024] = {0}; char pass[1024] = {0};
struct termios tio_before, tio_pass; struct termios tio_before, tio_pass;
if (ask && askpass) { if (ask && askpass) {
pid_t pid; pid_t pid, parent = getpid();
int pipefd[2]; int pipefd[2];
if (pipe(pipefd) == -1) if (pipe(pipefd) == -1)
die("pipe:"); die("pipe:");
@ -416,23 +420,28 @@ static int authenticate(uid_t uid, char ask)
die("fork:"); die("fork:");
break; break;
case 0: case 0:
/* we are still root, drop off permissions before
* disasters happen */
if (setuid(uid) == -1) {
kill(parent, SIGTERM);
die("askpass: setuid:");
}
if (dup2(pipefd[1], STDOUT_FILENO) == -1) { if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
// TODO: send signal to parent dup failed kill(parent, SIGTERM);
die("dup2:"); die("askpass: dup2:");
} }
close(pipefd[0]); close(pipefd[0]);
execl(askpass, "", (char *)NULL); execl("/bin/sh", "sh", "-c", askpass, (char *)NULL);
die("execl:"); kill(parent, SIGTERM);
die("askpass: execl:");
break; break;
default: default:
fd = pipefd[0]; fd = pipefd[0];
close(pipefd[1]); close(pipefd[1]);
break; break;
} }
} else if (ask) {
die("askpass: no valid askpass specified");
} else { } else {
printf("Password: "); printf("Password (%s): ", pw->pw_name);
fflush(stdout); fflush(stdout);
if (tcgetattr(tty_fd, &tio_before) == -1) if (tcgetattr(tty_fd, &tio_before) == -1)
die("tcgetattr:"); die("tcgetattr:");
@ -459,7 +468,7 @@ static int authenticate(uid_t uid, char ask)
if (pass[l-1] == '\n') if (pass[l-1] == '\n')
pass[--l] = '\0'; pass[--l] = '\0';
if (ask) { if (ask && askpass) {
close(fd); close(fd);
} else { } else {
if (tcsetattr(tty_fd, TCSANOW, &tio_before) == -1) if (tcsetattr(tty_fd, TCSANOW, &tio_before) == -1)
@ -467,6 +476,7 @@ static int authenticate(uid_t uid, char ask)
} }
char *enc = crypt(pass, hash); char *enc = crypt(pass, hash);
/* clean pass from memory */
memset(pass, 0, 1024); memset(pass, 0, 1024);
if (strncmp(hash, enc, 1024)) { if (strncmp(hash, enc, 1024)) {
printf("Authentication failure\n"); printf("Authentication failure\n");
@ -591,7 +601,7 @@ static int get_config(struct config **conf, int *num)
{ {
if (!conf || !num) if (!conf || !num)
return -1; return -1;
FILE *fp = fopen(CONF_FILE, "r"); FILE *fp = fopen(config_file, "r");
if (!fp) if (!fp)
die("fopen:"); die("fopen:");
struct stat st; struct stat st;

Loading…
Cancel
Save