/* us - User Switcher Copyright (C) 2021 Alessandro Mauri This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License version 3. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . e-mail: alemauri001@tuta.io */ #define _POSIX_C_SOURCE 200809L #define _DEFAULT_SOURCE #include #include #include #include #include #include #include #include #include #include #include static void usage (void); static int perm_set (const char *, const char *); static int authenticate (const char *); // FIXME: misc_conv is a separate library, should stick to plain PAM or make // our own pam module static struct pam_conv conv = {misc_conv, NULL}; int main (int argc, char *argv[]) { // TODO: Add arguments // FIXME: change the default program to execute SHELL char *t_usr = NULL, *t_grp = NULL; int opt; while ((opt = getopt(argc, argv, "A:u:g:C:")) != -1) { switch (opt) { case 'A': printf("-A is not yet implemented\n"); exit(EXIT_FAILURE); break; case 'u': t_usr = optarg; break; case 'g': t_grp = optarg; break; case 'C': printf("-C is not yet implemented\n"); exit(EXIT_FAILURE); break; case '?': usage(); exit(EINVAL); break; } } /* int c_argc = argc - optind + 2; char **c_argv = malloc((c_argc + 1) * sizeof(char *)); if (!c_argv) { fprintf(stderr, "malloc: %s\n", strerror(errno)); goto fail_end; } c_argv[0] = shell; c_argv[1] = "-c"; for (int i = 2; optind < argc; i++, optind++) { c_argv[i] = strdup(argv[optind]); if (!c_argv[i]) { fprintf(stderr, "getpwid: %s\n", strerror(errno)); exit(errno); } } c_argc[c_argv] = NULL; */ /* Set argc and argv */ // TODO: get the right shell for the user (it is in the passwd struct) char *shell = "/bin/sh"; char *command, **c_argv; int size, popind = optind; int c_argc = 3; // /bin/sh -c command c_argv = malloc((c_argc + 1) * sizeof(char *)); if (!c_argv) { fprintf(stderr, "malloc: %s\n", strerror(errno)); exit(errno); } for (size = 0; optind < argc; optind++) size += strlen(argv[optind]) + 1; command = malloc(sizeof(char) * size); if (!command) { fprintf(stderr, "malloc: %s\n", strerror(errno)); exit(errno); } for (optind = popind; optind < argc; optind++) { strcat(command, argv[optind]); strcat(command, " "); } c_argv[0] = shell; // FIXME: this should be optional if size is zero: we want just a shell c_argv[1] = "-c"; c_argv[2] = command; c_argv[c_argc] = NULL; /* Authenticate */ uid_t ruid = getuid(); struct passwd *pw = getpwuid(ruid); if (!pw) { fprintf(stderr, "getpwid: %s\n", strerror(errno)); return errno; } const char *uname = pw->pw_name; if (authenticate(uname) != PAM_SUCCESS) exit(EXIT_FAILURE); // TODO: clean up env errno = 0; /* Set permissions */ if (perm_set(t_usr, t_grp) == -1) { // 0 = root fprintf(stderr, "perm_set: %s\n", strerror(errno)); goto fail_end; } /* Execute the command */ if (execv(*c_argv, c_argv) == -1) // execvp searches in path fprintf(stderr, "execv: %s\n", strerror(errno)); /* Cleanup and return */ fail_end: /* Free up the copied argv */ for (int i = 0; i < c_argc; i++) free(c_argv[i]); free(c_argv); return errno; } static inline void usage (void) { // TODO: planned options // -a [program]: like sudo's askpass // -u [user]: change the default user from root to user // -g [group]: change the primary group to [gorup] // both -a and -g will accept numbers with #[num] like sudo // -c [file]: manually select config file // something about environment // something about non interactiveness printf("usage: us [-u user] [-g group] command [args]\n"); } static int perm_set (const char *user, const char *group) { if (!user) user = "root"; struct passwd *pw; struct group *gr; uid_t uid; gid_t gid; long uid_l, gid_l; errno = 0; if (user[0] != '#') { pw = getpwnam(user); } else { uid_l = strtol(&user[1], NULL, 10); if (uid_l < 0 || errno) { errno = errno ? errno : EINVAL; return -1; } pw = getpwuid((uid_t)uid_l); } if (!pw) { if (!errno) errno = EINVAL; return -1; } uid = pw->pw_uid; gid = pw->pw_gid; if (group) { if (group[0] != '#') { gr = getgrnam(group); } else { gid_l = strtol(&group[1], NULL, 10); if (gid_l < 0 || errno) { errno = errno ? errno : EINVAL; return -1; } gr = getgrgid((gid_t)gid_l); } if (!gr) { if (!errno) errno = EINVAL; return -1; } gid = gr->gr_gid; } /* Set permissions, setting group perms first because in the case of * dropping from higher permissions setting the uid first results in * an error */ int err; /* Non POSIX but implemented in most systems anyways */ err = initgroups(pw->pw_name, pw->pw_gid); if (err == -1) { printf("initgroups failed\n"); return -1; } // FIXME: ideally when failing reset the permissions if (setregid(gid, gid) == -1) { printf("setregid failed\n"); return -1; } if (setreuid(uid, uid) == -1) { printf("setreuid failed\n"); return -1; } return 0; } static int authenticate (const char *uname) { pam_handle_t *pamh; int pam_err, count = 0; pam_err = pam_start("User Switcher", uname, &conv, &pamh); if (pam_err != PAM_SUCCESS) { fprintf(stderr, "pam_start: %s\n", pam_strerror(pamh, pam_err)); return pam_err; } do { pam_err = pam_authenticate(pamh, 0); if (pam_err != PAM_SUCCESS) printf("Auth failed: %s\n", pam_strerror(pamh, pam_err)); // FIXME: count gets ignored because authentication service has // a set amount of retries giving an error: // Have exhausted maximum number of retries for service count++; } while (pam_err != PAM_SUCCESS && count < 4); if (pam_err != PAM_SUCCESS) { fprintf(stderr, "better luck next time\n"); pam_end(pamh, pam_err); return pam_err; } // FIXME: check again for the validity of the login for more security // as in: https://docs.oracle.com/cd/E19120-01/open.solaris/819-2145/pam-20/index.html // FIXME: ^C [SIGINT] will interrupt this call possibly causing a // vulnerability return pam_end(pamh, pam_err); }