|
|
|
@ -38,6 +38,7 @@ |
|
|
|
#include <termios.h> |
|
|
|
#include <termios.h> |
|
|
|
#include <stdarg.h> |
|
|
|
#include <stdarg.h> |
|
|
|
#include <ctype.h> |
|
|
|
#include <ctype.h> |
|
|
|
|
|
|
|
#include <signal.h> |
|
|
|
|
|
|
|
|
|
|
|
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1 |
|
|
|
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1 |
|
|
|
#include <crypt.h> |
|
|
|
#include <crypt.h> |
|
|
|
@ -48,7 +49,6 @@ |
|
|
|
#endif |
|
|
|
#endif |
|
|
|
|
|
|
|
|
|
|
|
#define MAX_HASH 1024 |
|
|
|
#define MAX_HASH 1024 |
|
|
|
#define CONF_FILE "/etc/us.conf" |
|
|
|
|
|
|
|
#define CONF_LINE_MAX 1024 |
|
|
|
#define CONF_LINE_MAX 1024 |
|
|
|
#define GROUPS_MAX 256 |
|
|
|
#define GROUPS_MAX 256 |
|
|
|
#define FLAG_PERSIST 0x1 |
|
|
|
#define FLAG_PERSIST 0x1 |
|
|
|
@ -81,20 +81,19 @@ static struct group* group_to_grp(const char *); |
|
|
|
static int get_config(struct config **, int *); |
|
|
|
static int get_config(struct config **, int *); |
|
|
|
|
|
|
|
|
|
|
|
extern char **environ; |
|
|
|
extern char **environ; |
|
|
|
|
|
|
|
char *config_file = "/etc/us.conf"; |
|
|
|
|
|
|
|
|
|
|
|
int main(int argc, char *argv[]) |
|
|
|
int main(int argc, char *argv[]) |
|
|
|
{ |
|
|
|
{ |
|
|
|
// TODO: modify signal handlers to ignore sigchld to not make zombies
|
|
|
|
|
|
|
|
char *t_usr = "root", *t_grp = NULL; |
|
|
|
char *t_usr = "root", *t_grp = NULL; |
|
|
|
struct passwd *t_pw; |
|
|
|
struct passwd *t_pw; |
|
|
|
struct group *t_gr; |
|
|
|
struct group *t_gr; |
|
|
|
int opt, err; |
|
|
|
int opt, err; |
|
|
|
int shellflag = 0, envflag = 0; |
|
|
|
int shellflag = 0, envflag = 0, askpass = 0; |
|
|
|
while ((opt = getopt(argc, argv, "A:u:g:C:se")) != -1) { |
|
|
|
while ((opt = getopt(argc, argv, "Au:g:C:se")) != -1) { |
|
|
|
switch (opt) { |
|
|
|
switch (opt) { |
|
|
|
case 'A': |
|
|
|
case 'A': |
|
|
|
printf("-A is not yet implemented\n"); |
|
|
|
askpass = 1; |
|
|
|
exit(EXIT_FAILURE); |
|
|
|
|
|
|
|
break; |
|
|
|
break; |
|
|
|
case 'u': |
|
|
|
case 'u': |
|
|
|
t_usr = optarg; |
|
|
|
t_usr = optarg; |
|
|
|
@ -103,8 +102,7 @@ int main(int argc, char *argv[]) |
|
|
|
t_grp = optarg; |
|
|
|
t_grp = optarg; |
|
|
|
break; |
|
|
|
break; |
|
|
|
case 'C': |
|
|
|
case 'C': |
|
|
|
printf("-C is not yet implemented\n"); |
|
|
|
config_file = optarg; |
|
|
|
exit(EXIT_FAILURE); |
|
|
|
|
|
|
|
break; |
|
|
|
break; |
|
|
|
case 's': |
|
|
|
case 's': |
|
|
|
shellflag = 1; |
|
|
|
shellflag = 1; |
|
|
|
@ -139,6 +137,13 @@ int main(int argc, char *argv[]) |
|
|
|
die("user_to_passwd:"); |
|
|
|
die("user_to_passwd:"); |
|
|
|
t_gr = group_to_grp(t_grp); |
|
|
|
t_gr = group_to_grp(t_grp); |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/* Don't have to wait for children */ |
|
|
|
|
|
|
|
struct sigaction sa = {0}; |
|
|
|
|
|
|
|
sa.sa_handler = SIG_DFL; |
|
|
|
|
|
|
|
sa.sa_flags = SA_NOCLDWAIT; |
|
|
|
|
|
|
|
if (sigaction(SIGCHLD, &sa, NULL) == -1) |
|
|
|
|
|
|
|
die("sigaction:"); |
|
|
|
|
|
|
|
|
|
|
|
/* From now on most actions require root */ |
|
|
|
/* From now on most actions require root */ |
|
|
|
if (setuid(0) == -1) |
|
|
|
if (setuid(0) == -1) |
|
|
|
die("setuid:"); |
|
|
|
die("setuid:"); |
|
|
|
@ -210,7 +215,7 @@ int main(int argc, char *argv[]) |
|
|
|
|
|
|
|
|
|
|
|
/* Authenticate, we will be root from now on */ |
|
|
|
/* Authenticate, we will be root from now on */ |
|
|
|
if (!(conf_flags & FLAG_NOPASS)) |
|
|
|
if (!(conf_flags & FLAG_NOPASS)) |
|
|
|
if (authenticate(my_pw->pw_uid, 0)) |
|
|
|
if (authenticate(my_pw->pw_uid, askpass)) |
|
|
|
exit(EXIT_FAILURE); |
|
|
|
exit(EXIT_FAILURE); |
|
|
|
|
|
|
|
|
|
|
|
/* Get target user's shell */ |
|
|
|
/* Get target user's shell */ |
|
|
|
@ -323,7 +328,7 @@ static inline void usage(void) |
|
|
|
// -c [file]: manually select config file
|
|
|
|
// -c [file]: manually select config file
|
|
|
|
// something about environment
|
|
|
|
// something about environment
|
|
|
|
// something about non interactiveness
|
|
|
|
// something about non interactiveness
|
|
|
|
printf("usage: us [-se] [-u user] [-g group] command [args]\n"); |
|
|
|
printf("usage: us [-seA] [-u user] [-g group] [-C config] command [args]\n"); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
static int perm_set(struct passwd *pw, struct group *gr) |
|
|
|
static int perm_set(struct passwd *pw, struct group *gr) |
|
|
|
@ -388,7 +393,6 @@ static int authenticate(uid_t uid, char ask) |
|
|
|
endspent(); |
|
|
|
endspent(); |
|
|
|
ulckpwdf(); |
|
|
|
ulckpwdf(); |
|
|
|
#elif defined(__OpenBSD__) |
|
|
|
#elif defined(__OpenBSD__) |
|
|
|
// TODO: openbsd has getpwuid_passwd
|
|
|
|
|
|
|
|
struct passwd *op = getpwuid_shadow(uid); |
|
|
|
struct passwd *op = getpwuid_shadow(uid); |
|
|
|
if (!op) |
|
|
|
if (!op) |
|
|
|
die("getpwuid_shadow:"); |
|
|
|
die("getpwuid_shadow:"); |
|
|
|
@ -407,7 +411,7 @@ static int authenticate(uid_t uid, char ask) |
|
|
|
char pass[1024] = {0}; |
|
|
|
char pass[1024] = {0}; |
|
|
|
struct termios tio_before, tio_pass; |
|
|
|
struct termios tio_before, tio_pass; |
|
|
|
if (ask && askpass) { |
|
|
|
if (ask && askpass) { |
|
|
|
pid_t pid; |
|
|
|
pid_t pid, parent = getpid(); |
|
|
|
int pipefd[2]; |
|
|
|
int pipefd[2]; |
|
|
|
if (pipe(pipefd) == -1) |
|
|
|
if (pipe(pipefd) == -1) |
|
|
|
die("pipe:"); |
|
|
|
die("pipe:"); |
|
|
|
@ -416,23 +420,28 @@ static int authenticate(uid_t uid, char ask) |
|
|
|
die("fork:"); |
|
|
|
die("fork:"); |
|
|
|
break; |
|
|
|
break; |
|
|
|
case 0: |
|
|
|
case 0: |
|
|
|
|
|
|
|
/* we are still root, drop off permissions before
|
|
|
|
|
|
|
|
* disasters happen */ |
|
|
|
|
|
|
|
if (setuid(uid) == -1) { |
|
|
|
|
|
|
|
kill(parent, SIGTERM); |
|
|
|
|
|
|
|
die("askpass: setuid:"); |
|
|
|
|
|
|
|
} |
|
|
|
if (dup2(pipefd[1], STDOUT_FILENO) == -1) { |
|
|
|
if (dup2(pipefd[1], STDOUT_FILENO) == -1) { |
|
|
|
// TODO: send signal to parent dup failed
|
|
|
|
kill(parent, SIGTERM); |
|
|
|
die("dup2:"); |
|
|
|
die("askpass: dup2:"); |
|
|
|
} |
|
|
|
} |
|
|
|
close(pipefd[0]); |
|
|
|
close(pipefd[0]); |
|
|
|
execl(askpass, "", (char *)NULL); |
|
|
|
execl("/bin/sh", "sh", "-c", askpass, (char *)NULL); |
|
|
|
die("execl:"); |
|
|
|
kill(parent, SIGTERM); |
|
|
|
|
|
|
|
die("askpass: execl:"); |
|
|
|
break; |
|
|
|
break; |
|
|
|
default: |
|
|
|
default: |
|
|
|
fd = pipefd[0]; |
|
|
|
fd = pipefd[0]; |
|
|
|
close(pipefd[1]); |
|
|
|
close(pipefd[1]); |
|
|
|
break; |
|
|
|
break; |
|
|
|
} |
|
|
|
} |
|
|
|
} else if (ask) { |
|
|
|
|
|
|
|
die("askpass: no valid askpass specified"); |
|
|
|
|
|
|
|
} else { |
|
|
|
} else { |
|
|
|
printf("Password: "); |
|
|
|
printf("Password (%s): ", pw->pw_name); |
|
|
|
fflush(stdout); |
|
|
|
fflush(stdout); |
|
|
|
if (tcgetattr(tty_fd, &tio_before) == -1) |
|
|
|
if (tcgetattr(tty_fd, &tio_before) == -1) |
|
|
|
die("tcgetattr:"); |
|
|
|
die("tcgetattr:"); |
|
|
|
@ -459,7 +468,7 @@ static int authenticate(uid_t uid, char ask) |
|
|
|
if (pass[l-1] == '\n') |
|
|
|
if (pass[l-1] == '\n') |
|
|
|
pass[--l] = '\0'; |
|
|
|
pass[--l] = '\0'; |
|
|
|
|
|
|
|
|
|
|
|
if (ask) { |
|
|
|
if (ask && askpass) { |
|
|
|
close(fd); |
|
|
|
close(fd); |
|
|
|
} else { |
|
|
|
} else { |
|
|
|
if (tcsetattr(tty_fd, TCSANOW, &tio_before) == -1) |
|
|
|
if (tcsetattr(tty_fd, TCSANOW, &tio_before) == -1) |
|
|
|
@ -467,6 +476,7 @@ static int authenticate(uid_t uid, char ask) |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
char *enc = crypt(pass, hash); |
|
|
|
char *enc = crypt(pass, hash); |
|
|
|
|
|
|
|
/* clean pass from memory */ |
|
|
|
memset(pass, 0, 1024); |
|
|
|
memset(pass, 0, 1024); |
|
|
|
if (strncmp(hash, enc, 1024)) { |
|
|
|
if (strncmp(hash, enc, 1024)) { |
|
|
|
printf("Authentication failure\n"); |
|
|
|
printf("Authentication failure\n"); |
|
|
|
@ -591,7 +601,7 @@ static int get_config(struct config **conf, int *num) |
|
|
|
{ |
|
|
|
{ |
|
|
|
if (!conf || !num) |
|
|
|
if (!conf || !num) |
|
|
|
return -1; |
|
|
|
return -1; |
|
|
|
FILE *fp = fopen(CONF_FILE, "r"); |
|
|
|
FILE *fp = fopen(config_file, "r"); |
|
|
|
if (!fp) |
|
|
|
if (!fp) |
|
|
|
die("fopen:"); |
|
|
|
die("fopen:"); |
|
|
|
struct stat st; |
|
|
|
struct stat st; |
|
|
|
|
