us.c

@@ -61,7 +61,6 @@
 #define FLAG_NOLOG 0x4
 #define SESSION_FILE_DIR "/var/run"
 #define SESSION_TIMEOUT (60*5)
-#define FAIL_PAUSE 3
 
 struct env_elem {
 	char *name;
@@ -98,17 +97,6 @@ static int get_config(struct config **, int *);
 
 extern char **environ;
 char *config_file = "/etc/us.conf";
-int tty_fd = STDOUT_FILENO;
-struct termios tio_before = {0};
-
-void int_handler(int signum)
-{
-	(void)signum;
-	if (tio_before.c_iflag || tio_before.c_oflag || tio_before.c_iflag)
-		tcsetattr(tty_fd, TCSANOW, &tio_before);
-	putchar('\n');
-	exit(signum);
-}
 
 int main(int argc, char *argv[])
 {
@@ -118,24 +106,6 @@ int main(int argc, char *argv[])
 	struct user_info t_gr_info = {0}, t_pw_info = {0};
 	int opt, err;
 	int shellflag = 0, envflag = 0, askpass = 0;
-
-	/* Save the terminal setup, don't fail since we don't know if we'll
-	 * need it, save it because some shells don't reset termios upon
-	 * program exit, if we don't reset it after a SIGINT or SIGTERM then
-	 * the controlling terminal will be stuck in no echo */
-	if (tcgetattr(tty_fd, &tio_before) == -1) {
-		tio_before.c_iflag = 0;
-		tio_before.c_oflag = 0;
-		tio_before.c_cflag = 0;
-	}
-	struct sigaction action;
-	memset(&action, 0, sizeof(action));
-	action.sa_handler = int_handler;
-	if (sigaction(SIGINT, &action, NULL) == -1)
-		die("Error setting interrupt handler:");
-	if (sigaction(SIGTERM, &action, NULL) == -1)
-		die("Error setting interrupt handler:");
-	
 	while ((opt = getopt(argc, argv, "Au:g:C:seh")) != -1) {
 		switch (opt) {
 		case 'A':
@@ -517,6 +487,7 @@ static int authenticate(uid_t uid, int ask, int persist)
 	struct passwd *pw = getpwuid(uid);
 	char *hash_p, hash[MAX_HASH];
 	char *p = pw->pw_passwd;
+	int tty_fd = STDOUT_FILENO;
 
 	if (!strcmp(p, "x") || *p == '*' || *p == '!') {
 #if defined(__linux__)
@@ -548,7 +519,7 @@ static int authenticate(uid_t uid, int ask, int persist)
 	int fd = STDIN_FILENO;
 	char *askpass = getenv("US_ASKPASS");
 	char pass[PASS_MAX] = {0};
-	struct termios tio_pass;
+	struct termios tio_before, tio_pass;
 	if (ask && askpass) {
 		pid_t pid, parent = getpid();
 		int pipefd[2];
@@ -621,7 +592,6 @@ static int authenticate(uid_t uid, int ask, int persist)
 	/* Remove password from memory, just to be sure */
 	memset(pass, 0, PASS_MAX);
 	if (strncmp(hash, enc, PASS_MAX)) {
-		sleep(FAIL_PAUSE);
 		printf("Authentication failure\n");
 		setuid(uid);
 		return -1;
@@ -789,9 +759,9 @@ static int get_config(struct config **conf, int *num)
 				break;
 			switch (n) {
 			case 0:
-				if (!strcmp(t, "permit"))
+				if (!strcmp(t, "+"))
 					c.type = 1;
-				else if (!strcmp(t, "deny"))
+				else if (!strcmp(t, "-"))
 					c.type = 0;
 				else
 					die("non valid config line %d", i);

us.conf.5

@@ -13,7 +13,7 @@ configuration file.
 .PP
 The rules have the following format:
 .IP
-.BR "permit|deny"
+.BR "+|\-"
 .BR user
 as
 .BR target
@@ -67,7 +67,7 @@ The following example will allow root to execute commands as itself without
 requiring a password and without logging:
 .PP
 .EX
-permit root as root nopass nolog
++ root as root nopass nolog
 .EE
 .PP
 This next example allows users in the wheel group to execute commands as
@@ -75,7 +75,7 @@ root including a new environment variable IS_WHEEL set to 'yes' and the variable
 EDITOR will be set to ed, the standard unix editor:
 .PP
 .EX
-permit :wheel as root IS_WHEEL=yes,EDITOR=ed
++ :wheel as root IS_WHEEL=yes,EDITOR=ed
 .EE
 .PP
 In this example the user maria is allowed to execute commands as a member of
@@ -83,14 +83,14 @@ the group wheel and the session is remembered so that in the next five
 minutes the password won't be needed:
 .PP
 .EX
-permit maria as :wheel persist
++ maria as :wheel persist
 .EE
 .PP
 This time the user joe is denied to execute commands as anyone who's member of
 the group 'coolppl' because joe is uncool
 .PP
 .EX
-deny joe as :coolppl
+- joe as :coolppl
 .EE
 
 .SH LIMITATIONS