Compare commits
No commits in common. "37967a87c0f8ebf8cadab1e098ff4df54a58e0c5" and "f489885e3ed045af8cfc1b9c005ba272351e4b6c" have entirely different histories.
37967a87c0
...
f489885e3e
64
us.c
64
us.c
@ -41,7 +41,6 @@
|
|||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <syslog.h>
|
|
||||||
|
|
||||||
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
|
#if !defined(_XOPEN_CRYPT) || _XOPEN_CRYPT == -1
|
||||||
#include <crypt.h>
|
#include <crypt.h>
|
||||||
@ -52,7 +51,6 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define MAX_HASH 1024
|
#define MAX_HASH 1024
|
||||||
#define PASS_MAX 1024
|
|
||||||
#define CONF_LINE_MAX 1024
|
#define CONF_LINE_MAX 1024
|
||||||
#define GROUPS_MAX 256
|
#define GROUPS_MAX 256
|
||||||
#define STR_MAX 1024
|
#define STR_MAX 1024
|
||||||
@ -87,7 +85,7 @@ struct user_info {
|
|||||||
static void *emalloc(size_t);
|
static void *emalloc(size_t);
|
||||||
static char *estrdup(const char *);
|
static char *estrdup(const char *);
|
||||||
void *erealloc(void *, size_t);
|
void *erealloc(void *, size_t);
|
||||||
static void usage(int);
|
static void usage(void);
|
||||||
static void die(const char *, ...);
|
static void die(const char *, ...);
|
||||||
static int perm_set(struct passwd *, struct group *);
|
static int perm_set(struct passwd *, struct group *);
|
||||||
static int authenticate(uid_t, int, int);
|
static int authenticate(uid_t, int, int);
|
||||||
@ -106,7 +104,7 @@ int main(int argc, char *argv[])
|
|||||||
struct user_info t_gr_info = {0}, t_pw_info = {0};
|
struct user_info t_gr_info = {0}, t_pw_info = {0};
|
||||||
int opt, err;
|
int opt, err;
|
||||||
int shellflag = 0, envflag = 0, askpass = 0;
|
int shellflag = 0, envflag = 0, askpass = 0;
|
||||||
while ((opt = getopt(argc, argv, "Au:g:C:seh")) != -1) {
|
while ((opt = getopt(argc, argv, "Au:g:C:se")) != -1) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case 'A':
|
case 'A':
|
||||||
askpass = 1;
|
askpass = 1;
|
||||||
@ -126,12 +124,8 @@ int main(int argc, char *argv[])
|
|||||||
case 'e':
|
case 'e':
|
||||||
envflag = 1;
|
envflag = 1;
|
||||||
break;
|
break;
|
||||||
case 'h':
|
|
||||||
usage(1);
|
|
||||||
exit(EXIT_SUCCESS);
|
|
||||||
break;
|
|
||||||
case '?':
|
case '?':
|
||||||
usage(0);
|
usage();
|
||||||
exit(EINVAL);
|
exit(EINVAL);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -248,18 +242,8 @@ int main(int argc, char *argv[])
|
|||||||
|
|
||||||
/* Authenticate, we will be root from now on */
|
/* Authenticate, we will be root from now on */
|
||||||
if (!(conf_flags & FLAG_NOPASS))
|
if (!(conf_flags & FLAG_NOPASS))
|
||||||
if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST)) {
|
if (authenticate(my_pw->pw_uid, askpass, conf_flags & FLAG_PERSIST))
|
||||||
if (!(conf_flags & FLAG_NOLOG))
|
|
||||||
exit(EXIT_FAILURE);
|
|
||||||
char cmd[1024] = {0};
|
|
||||||
for (int i = optind, x = 0; argv[i] && x < 1024; i++)
|
|
||||||
x += snprintf(cmd, 1024-x, "%s ", argv[i]);
|
|
||||||
openlog("us", LOG_NOWAIT, LOG_AUTH);
|
|
||||||
syslog(LOG_NOTICE, "user %s tried to run %s as %s"
|
|
||||||
"but failed", my_name, cmd, t_pw->pw_name);
|
|
||||||
closelog();
|
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
|
||||||
|
|
||||||
/* Get target user's shell */
|
/* Get target user's shell */
|
||||||
if (!shellflag)
|
if (!shellflag)
|
||||||
@ -349,15 +333,6 @@ int main(int argc, char *argv[])
|
|||||||
goto fail_end;
|
goto fail_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(conf_flags & FLAG_NOLOG)) {
|
|
||||||
char cmd[1024] = {0};
|
|
||||||
for (int i = 0, x = 0; c_argv[i] && x < 1024; i++)
|
|
||||||
x += snprintf(cmd, 1024-x, "%s ", c_argv[i]);
|
|
||||||
openlog("us", LOG_NOWAIT, LOG_AUTH);
|
|
||||||
syslog(LOG_INFO, "user %s ran %s as %s", my_name, cmd, t_pw->pw_name);
|
|
||||||
closelog();
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Execute the command */
|
/* Execute the command */
|
||||||
err = execvp(c_argv[0], c_argv);
|
err = execvp(c_argv[0], c_argv);
|
||||||
if (err == -1)
|
if (err == -1)
|
||||||
@ -372,18 +347,17 @@ int main(int argc, char *argv[])
|
|||||||
return errno;
|
return errno;
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void usage(int complete)
|
static inline void usage(void)
|
||||||
{
|
{
|
||||||
printf("usage: us [-hseA] [-u user] [-g group] [-C config] command [args]\n");
|
// TODO: planned options
|
||||||
if (!complete)
|
// -a [program]: like sudo's askpass
|
||||||
return;
|
// -u [user]: change the default user from root to user
|
||||||
printf("-h print this message\n"
|
// -g [group]: change the primary group to [gorup]
|
||||||
"-s use the user's shell instead of /bin/sh\n"
|
// both -a and -g will accept numbers with #[num] like sudo
|
||||||
"-e keep the user's entire environment\n"
|
// -c [file]: manually select config file
|
||||||
"-A use the command in US_ASKPASS as askpass helper\n"
|
// something about environment
|
||||||
"-u user set new user to 'user' instead of root\n"
|
// something about non interactiveness
|
||||||
"-s group set new group to 'group'\n"
|
printf("usage: us [-seA] [-u user] [-g group] [-C config] command [args]\n");
|
||||||
"-C config use specifi config file\n");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int perm_set(struct passwd *pw, struct group *gr)
|
static int perm_set(struct passwd *pw, struct group *gr)
|
||||||
@ -512,7 +486,7 @@ static int authenticate(uid_t uid, int ask, int persist)
|
|||||||
|
|
||||||
int fd = STDIN_FILENO;
|
int fd = STDIN_FILENO;
|
||||||
char *askpass = getenv("US_ASKPASS");
|
char *askpass = getenv("US_ASKPASS");
|
||||||
char pass[PASS_MAX] = {0};
|
char pass[1024] = {0};
|
||||||
struct termios tio_before, tio_pass;
|
struct termios tio_before, tio_pass;
|
||||||
if (ask && askpass) {
|
if (ask && askpass) {
|
||||||
pid_t pid, parent = getpid();
|
pid_t pid, parent = getpid();
|
||||||
@ -558,7 +532,7 @@ static int authenticate(uid_t uid, int ask, int persist)
|
|||||||
if (tcsetattr(tty_fd, TCSANOW, &tio_pass) == -1)
|
if (tcsetattr(tty_fd, TCSANOW, &tio_pass) == -1)
|
||||||
die("tcsetattr:");
|
die("tcsetattr:");
|
||||||
}
|
}
|
||||||
int r = read(fd, pass, PASS_MAX-1);
|
int r = read(fd, pass, 1023);
|
||||||
if (!r || r == -1) {
|
if (!r || r == -1) {
|
||||||
if (errno)
|
if (errno)
|
||||||
fprintf(stderr, "read: %s\n", strerror(errno));
|
fprintf(stderr, "read: %s\n", strerror(errno));
|
||||||
@ -569,7 +543,7 @@ static int authenticate(uid_t uid, int ask, int persist)
|
|||||||
waitpid(-1, NULL, 0);
|
waitpid(-1, NULL, 0);
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
pass[PASS_MAX-1] = '\0';
|
pass[1023] = '\0';
|
||||||
/* Remove the terminating (if there is) \n in password */
|
/* Remove the terminating (if there is) \n in password */
|
||||||
int l = strlen(pass);
|
int l = strlen(pass);
|
||||||
if (pass[l-1] == '\n')
|
if (pass[l-1] == '\n')
|
||||||
@ -584,8 +558,8 @@ static int authenticate(uid_t uid, int ask, int persist)
|
|||||||
|
|
||||||
char *enc = crypt(pass, hash);
|
char *enc = crypt(pass, hash);
|
||||||
/* Remove password from memory, just to be sure */
|
/* Remove password from memory, just to be sure */
|
||||||
memset(pass, 0, PASS_MAX);
|
memset(pass, 0, 1024);
|
||||||
if (strncmp(hash, enc, PASS_MAX)) {
|
if (strncmp(hash, enc, 1024)) {
|
||||||
printf("Authentication failure\n");
|
printf("Authentication failure\n");
|
||||||
setuid(uid);
|
setuid(uid);
|
||||||
return -1;
|
return -1;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user