| version 1.75, 2019/06/10 18:11:27 |
version 1.76, 2019/06/12 02:50:29 |
|
|
| char *sh; |
char *sh; |
| const char *cmd; |
const char *cmd; |
| char cmdline[LINE_MAX]; |
char cmdline[LINE_MAX]; |
| char myname[_PW_NAME_LEN + 1]; |
|
| char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN]; |
char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN]; |
| struct passwd mypwstore, targpwstore; |
struct passwd mypwstore, targpwstore; |
| struct passwd *mypw, *targpw; |
struct passwd *mypw, *targpw; |
|
|
| usage(); |
usage(); |
| |
|
| rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); |
rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); |
| if (rv != 0 || mypw == NULL) |
if (rv != 0) |
| err(1, "getpwuid_r failed"); |
err(1, "getpwuid_r failed"); |
| if (strlcpy(myname, mypw->pw_name, sizeof(myname)) >= sizeof(myname)) |
if (mypw == NULL) |
| errx(1, "pw_name too long"); |
errx(1, "no passwd entry for self"); |
| ngroups = getgroups(NGROUPS_MAX, groups); |
ngroups = getgroups(NGROUPS_MAX, groups); |
| if (ngroups == -1) |
if (ngroups == -1) |
| err(1, "can't get groups"); |
err(1, "can't get groups"); |
|
|
| if (sflag) { |
if (sflag) { |
| sh = getenv("SHELL"); |
sh = getenv("SHELL"); |
| if (sh == NULL || *sh == '\0') { |
if (sh == NULL || *sh == '\0') { |
| shargv[0] = strdup(mypw->pw_shell); |
shargv[0] = mypw->pw_shell; |
| if (shargv[0] == NULL) |
|
| err(1, NULL); |
|
| } else |
} else |
| shargv[0] = sh; |
shargv[0] = sh; |
| argv = shargv; |
argv = shargv; |
|
|
| if (!permit(uid, groups, ngroups, &rule, target, cmd, |
if (!permit(uid, groups, ngroups, &rule, target, cmd, |
| (const char **)argv + 1)) { |
(const char **)argv + 1)) { |
| syslog(LOG_AUTHPRIV | LOG_NOTICE, |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
| "failed command for %s: %s", myname, cmdline); |
"failed command for %s: %s", mypw->pw_name, cmdline); |
| errc(1, EPERM, NULL); |
errc(1, EPERM, NULL); |
| } |
} |
| |
|
|
|
| if (nflag) |
if (nflag) |
| errx(1, "Authorization required"); |
errx(1, "Authorization required"); |
| |
|
| authuser(myname, login_style, rule->options & PERSIST); |
authuser(mypw->pw_name, login_style, rule->options & PERSIST); |
| } |
} |
| |
|
| if (unveil(_PATH_LOGIN_CONF, "r") == -1) |
if (unveil(_PATH_LOGIN_CONF, "r") == -1) |
|
|
| err(1, "pledge"); |
err(1, "pledge"); |
| |
|
| rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); |
rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); |
| if (rv != 0 || targpw == NULL) |
if (rv != 0) |
| |
err(1, "getpwuid_r failed"); |
| |
if (targpw == NULL) |
| errx(1, "no passwd entry for target"); |
errx(1, "no passwd entry for target"); |
| |
|
| if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | |
if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | |
|
|
| err(1, "pledge"); |
err(1, "pledge"); |
| |
|
| syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", |
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", |
| myname, cmdline, targpw->pw_name, cwd); |
mypw->pw_name, cmdline, targpw->pw_name, cwd); |
| |
|
| envp = prepenv(rule); |
envp = prepenv(rule); |
| |
|
![[BACK]](/icons/back.gif){kind=icon}
Return to doas.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / doas