@ -46,8 +46,6 @@ extern char **environ;
int main ( int argc , char * argv [ ] )
{
// TODO: Add arguments
// FIXME: change the default program to execute SHELL
char * t_usr = " root " , * t_grp = NULL ;
struct passwd * t_pw ;
struct group * t_gr ;
@ -93,6 +91,12 @@ int main (int argc, char *argv[])
}
uname = my_pw - > pw_name ;
/* Authenticate */
if ( authenticate ( uname ) ! = PAM_SUCCESS )
exit ( EXIT_FAILURE ) ;
/* Get target user and group info */
t_pw = user_to_passwd ( t_usr ) ;
if ( ! t_pw ) {
fprintf ( stderr , " user_to_passwd: %s \n " , strerror ( errno ) ) ;
@ -139,11 +143,6 @@ int main (int argc, char *argv[])
}
c_argv [ c_argc ] = NULL ;
/* Authenticate */
// FIXME: move this up
if ( authenticate ( uname ) ! = PAM_SUCCESS )
exit ( EXIT_FAILURE ) ;
struct env_elem {
char * name ;
char * value ;
@ -174,15 +173,22 @@ int main (int argc, char *argv[])
}
for ( int i = 0 ; env_mod [ i ] . name ; i + + ) {
// TODO: check err value
err = setenv ( env_mod [ i ] . name , env_mod [ i ] . value , 1 ) ;
if ( err = = - 1 ) {
fprintf ( stderr , " setenv: %s \n " , strerror ( errno ) ) ;
goto fail_end ;
}
}
if ( envflag ) {
for ( int i = 0 ; env_keep [ i ] . name ; i + + ) {
// TODO: check err value
if ( env_keep [ i ] . value )
if ( env_keep [ i ] . value ) {
err = setenv ( env_keep [ i ] . name , env_keep [ i ] . value , 1 ) ;
if ( err = = - 1 ) {
fprintf ( stderr , " setenv: %s \n " , strerror ( errno ) ) ;
goto fail_end ;
}
}
}
}
// do not override, we might be under more levels of 'us'
@ -249,7 +255,6 @@ static int perm_set (struct passwd *pw, struct group *gr)
return - 1 ;
}
// FIXME: ideally when failing reset the permissions
if ( setregid ( gid , gid ) = = - 1 ) {
printf ( " setregid failed \n " ) ;
return - 1 ;
@ -267,24 +272,29 @@ static int authenticate (const char *uname)
{
pam_handle_t * pamh ;
int pam_err , count = 0 ;
pam_err = pam_start ( " User Switcher " , uname , & conv , & pamh ) ;
if ( pam_err ! = PAM_SUCCESS ) {
fprintf ( stderr , " pam_start: %s \n " , pam_strerror ( pamh , pam_err ) ) ;
return pam_err ;
}
do {
pam_err = pam_start ( " User Switcher " , uname , & conv , & pamh ) ;
if ( pam_err ! = PAM_SUCCESS ) {
fprintf ( stderr , " pam_start: %s \n " , pam_strerror ( pamh , pam_err ) ) ;
return pam_err ;
}
pam_err = pam_authenticate ( pamh , 0 ) ;
if ( pam_err ! = PAM_SUCCESS )
if ( pam_err = = PAM_SUCCESS ) {
pam_err = pam_acct_mgmt ( pamh , 0 ) ;
}
if ( pam_err ! = PAM_SUCCESS ) {
printf ( " Auth failed: %s \n " , pam_strerror ( pamh , pam_err ) ) ;
// FIXME: count gets ignored because authentication service has
// a set amount of retries giving an error:
// Have exhausted maximum number of retries for service
pam_end ( pamh , pam_err ) ;
}
count + + ;
} while ( pam_err ! = PAM_SUCCESS & & count < 4 ) ;
} while ( pam_err ! = PAM_SUCCESS & & count < 3 ) ;
if ( pam_err ! = PAM_SUCCESS ) {
fprintf ( stderr , " better luck next time \n " ) ;
pam_end ( pamh , pam_err ) ;
return pam_err ;
}
// FIXME: check again for the validity of the login for more security
@ -353,42 +363,3 @@ static struct group* group_to_grp (const char *group)
}
return gr ;
}
/*
static int execvpe ( const char * file , char * const argv [ ] , char * const envp [ ] )
{
const char * p , * z , * path = getenv ( " PATH " ) ;
size_t l , k ;
errno = ENOENT ;
if ( ! * file ) return - 1 ;
if ( strchr ( file , ' / ' ) )
return execve ( file , argv , envp ) ;
if ( ! path ) path = " /usr/local/bin:/bin:/usr/bin " ;
k = strnlen ( file , NAME_MAX + 1 ) ;
if ( k > NAME_MAX ) {
errno = ENAMETOOLONG ;
return - 1 ;
}
l = strnlen ( path , PATH_MAX - 1 ) + 1 ;
for ( p = path ; ; p = z ) {
char b [ l + k + 1 ] ;
z = strchr ( p , ' : ' ) ;
if ( ! z ) z = p + strlen ( p ) ;
if ( ( size_t ) ( z - p ) > = l ) {
if ( ! * z + + ) break ;
continue ;
}
memcpy ( b , p , z - p ) ;
b [ z - p ] = ' / ' ;
memcpy ( b + ( z - p ) + ( z > p ) , file , k + 1 ) ;
execve ( b , argv , envp ) ;
if ( errno ! = ENOENT ) return - 1 ;
if ( ! * z + + ) break ;
}
return - 1 ;
}
*/
Alessandro Mauri