improvements and fixes
This commit is contained in:
parent
d6c13b3d39
commit
e63109a763
52
us.c
52
us.c
@ -38,6 +38,7 @@
|
|||||||
#include <termios.h>
|
#include <termios.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
|
#include <signal.h>
|
||||||
|
|
||||||
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
|
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
|
||||||
#include <crypt.h>
|
#include <crypt.h>
|
||||||
@ -48,7 +49,6 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define MAX_HASH 1024
|
#define MAX_HASH 1024
|
||||||
#define CONF_FILE "/etc/us.conf"
|
|
||||||
#define CONF_LINE_MAX 1024
|
#define CONF_LINE_MAX 1024
|
||||||
#define GROUPS_MAX 256
|
#define GROUPS_MAX 256
|
||||||
#define FLAG_PERSIST 0x1
|
#define FLAG_PERSIST 0x1
|
||||||
@ -81,20 +81,19 @@ static struct group* group_to_grp(const char *);
|
|||||||
static int get_config(struct config **, int *);
|
static int get_config(struct config **, int *);
|
||||||
|
|
||||||
extern char **environ;
|
extern char **environ;
|
||||||
|
char *config_file = "/etc/us.conf";
|
||||||
|
|
||||||
int main(int argc, char *argv[])
|
int main(int argc, char *argv[])
|
||||||
{
|
{
|
||||||
// TODO: modify signal handlers to ignore sigchld to not make zombies
|
|
||||||
char *t_usr = "root", *t_grp = NULL;
|
char *t_usr = "root", *t_grp = NULL;
|
||||||
struct passwd *t_pw;
|
struct passwd *t_pw;
|
||||||
struct group *t_gr;
|
struct group *t_gr;
|
||||||
int opt, err;
|
int opt, err;
|
||||||
int shellflag = 0, envflag = 0;
|
int shellflag = 0, envflag = 0, askpass = 0;
|
||||||
while ((opt = getopt(argc, argv, "A:u:g:C:se")) != -1) {
|
while ((opt = getopt(argc, argv, "Au:g:C:se")) != -1) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case 'A':
|
case 'A':
|
||||||
printf("-A is not yet implemented\n");
|
askpass = 1;
|
||||||
exit(EXIT_FAILURE);
|
|
||||||
break;
|
break;
|
||||||
case 'u':
|
case 'u':
|
||||||
t_usr = optarg;
|
t_usr = optarg;
|
||||||
@ -103,8 +102,7 @@ int main(int argc, char *argv[])
|
|||||||
t_grp = optarg;
|
t_grp = optarg;
|
||||||
break;
|
break;
|
||||||
case 'C':
|
case 'C':
|
||||||
printf("-C is not yet implemented\n");
|
config_file = optarg;
|
||||||
exit(EXIT_FAILURE);
|
|
||||||
break;
|
break;
|
||||||
case 's':
|
case 's':
|
||||||
shellflag = 1;
|
shellflag = 1;
|
||||||
@ -139,6 +137,13 @@ int main(int argc, char *argv[])
|
|||||||
die("user_to_passwd:");
|
die("user_to_passwd:");
|
||||||
t_gr = group_to_grp(t_grp);
|
t_gr = group_to_grp(t_grp);
|
||||||
|
|
||||||
|
/* Don't have to wait for children */
|
||||||
|
struct sigaction sa = {0};
|
||||||
|
sa.sa_handler = SIG_DFL;
|
||||||
|
sa.sa_flags = SA_NOCLDWAIT;
|
||||||
|
if (sigaction(SIGCHLD, &sa, NULL) == -1)
|
||||||
|
die("sigaction:");
|
||||||
|
|
||||||
/* From now on most actions require root */
|
/* From now on most actions require root */
|
||||||
if (setuid(0) == -1)
|
if (setuid(0) == -1)
|
||||||
die("setuid:");
|
die("setuid:");
|
||||||
@ -210,7 +215,7 @@ int main(int argc, char *argv[])
|
|||||||
|
|
||||||
/* Authenticate, we will be root from now on */
|
/* Authenticate, we will be root from now on */
|
||||||
if (!(conf_flags & FLAG_NOPASS))
|
if (!(conf_flags & FLAG_NOPASS))
|
||||||
if (authenticate(my_pw->pw_uid, 0))
|
if (authenticate(my_pw->pw_uid, askpass))
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
|
|
||||||
/* Get target user's shell */
|
/* Get target user's shell */
|
||||||
@ -323,7 +328,7 @@ static inline void usage(void)
|
|||||||
// -c [file]: manually select config file
|
// -c [file]: manually select config file
|
||||||
// something about environment
|
// something about environment
|
||||||
// something about non interactiveness
|
// something about non interactiveness
|
||||||
printf("usage: us [-se] [-u user] [-g group] command [args]\n");
|
printf("usage: us [-seA] [-u user] [-g group] [-C config] command [args]\n");
|
||||||
}
|
}
|
||||||
|
|
||||||
static int perm_set(struct passwd *pw, struct group *gr)
|
static int perm_set(struct passwd *pw, struct group *gr)
|
||||||
@ -388,7 +393,6 @@ static int authenticate(uid_t uid, char ask)
|
|||||||
endspent();
|
endspent();
|
||||||
ulckpwdf();
|
ulckpwdf();
|
||||||
#elif defined(__OpenBSD__)
|
#elif defined(__OpenBSD__)
|
||||||
// TODO: openbsd has getpwuid_passwd
|
|
||||||
struct passwd *op = getpwuid_shadow(uid);
|
struct passwd *op = getpwuid_shadow(uid);
|
||||||
if (!op)
|
if (!op)
|
||||||
die("getpwuid_shadow:");
|
die("getpwuid_shadow:");
|
||||||
@ -407,7 +411,7 @@ static int authenticate(uid_t uid, char ask)
|
|||||||
char pass[1024] = {0};
|
char pass[1024] = {0};
|
||||||
struct termios tio_before, tio_pass;
|
struct termios tio_before, tio_pass;
|
||||||
if (ask && askpass) {
|
if (ask && askpass) {
|
||||||
pid_t pid;
|
pid_t pid, parent = getpid();
|
||||||
int pipefd[2];
|
int pipefd[2];
|
||||||
if (pipe(pipefd) == -1)
|
if (pipe(pipefd) == -1)
|
||||||
die("pipe:");
|
die("pipe:");
|
||||||
@ -416,23 +420,28 @@ static int authenticate(uid_t uid, char ask)
|
|||||||
die("fork:");
|
die("fork:");
|
||||||
break;
|
break;
|
||||||
case 0:
|
case 0:
|
||||||
|
/* we are still root, drop off permissions before
|
||||||
|
* disasters happen */
|
||||||
|
if (setuid(uid) == -1) {
|
||||||
|
kill(parent, SIGTERM);
|
||||||
|
die("askpass: setuid:");
|
||||||
|
}
|
||||||
if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
|
if (dup2(pipefd[1], STDOUT_FILENO) == -1) {
|
||||||
// TODO: send signal to parent dup failed
|
kill(parent, SIGTERM);
|
||||||
die("dup2:");
|
die("askpass: dup2:");
|
||||||
}
|
}
|
||||||
close(pipefd[0]);
|
close(pipefd[0]);
|
||||||
execl(askpass, "", (char *)NULL);
|
execl("/bin/sh", "sh", "-c", askpass, (char *)NULL);
|
||||||
die("execl:");
|
kill(parent, SIGTERM);
|
||||||
|
die("askpass: execl:");
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
fd = pipefd[0];
|
fd = pipefd[0];
|
||||||
close(pipefd[1]);
|
close(pipefd[1]);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} else if (ask) {
|
|
||||||
die("askpass: no valid askpass specified");
|
|
||||||
} else {
|
} else {
|
||||||
printf("Password: ");
|
printf("Password (%s): ", pw->pw_name);
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
if (tcgetattr(tty_fd, &tio_before) == -1)
|
if (tcgetattr(tty_fd, &tio_before) == -1)
|
||||||
die("tcgetattr:");
|
die("tcgetattr:");
|
||||||
@ -459,7 +468,7 @@ static int authenticate(uid_t uid, char ask)
|
|||||||
if (pass[l-1] == '\n')
|
if (pass[l-1] == '\n')
|
||||||
pass[--l] = '\0';
|
pass[--l] = '\0';
|
||||||
|
|
||||||
if (ask) {
|
if (ask && askpass) {
|
||||||
close(fd);
|
close(fd);
|
||||||
} else {
|
} else {
|
||||||
if (tcsetattr(tty_fd, TCSANOW, &tio_before) == -1)
|
if (tcsetattr(tty_fd, TCSANOW, &tio_before) == -1)
|
||||||
@ -467,6 +476,7 @@ static int authenticate(uid_t uid, char ask)
|
|||||||
}
|
}
|
||||||
|
|
||||||
char *enc = crypt(pass, hash);
|
char *enc = crypt(pass, hash);
|
||||||
|
/* clean pass from memory */
|
||||||
memset(pass, 0, 1024);
|
memset(pass, 0, 1024);
|
||||||
if (strncmp(hash, enc, 1024)) {
|
if (strncmp(hash, enc, 1024)) {
|
||||||
printf("Authentication failure\n");
|
printf("Authentication failure\n");
|
||||||
@ -591,7 +601,7 @@ static int get_config(struct config **conf, int *num)
|
|||||||
{
|
{
|
||||||
if (!conf || !num)
|
if (!conf || !num)
|
||||||
return -1;
|
return -1;
|
||||||
FILE *fp = fopen(CONF_FILE, "r");
|
FILE *fp = fopen(config_file, "r");
|
||||||
if (!fp)
|
if (!fp)
|
||||||
die("fopen:");
|
die("fopen:");
|
||||||
struct stat st;
|
struct stat st;
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user