version 1.75, 2019/06/10 18:11:27 |
version 1.76, 2019/06/12 02:50:29 |
|
|
char *sh; |
char *sh; |
const char *cmd; |
const char *cmd; |
char cmdline[LINE_MAX]; |
char cmdline[LINE_MAX]; |
char myname[_PW_NAME_LEN + 1]; |
|
char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN]; |
char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN]; |
struct passwd mypwstore, targpwstore; |
struct passwd mypwstore, targpwstore; |
struct passwd *mypw, *targpw; |
struct passwd *mypw, *targpw; |
|
|
usage(); |
usage(); |
|
|
rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); |
rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); |
if (rv != 0 || mypw == NULL) |
if (rv != 0) |
err(1, "getpwuid_r failed"); |
err(1, "getpwuid_r failed"); |
if (strlcpy(myname, mypw->pw_name, sizeof(myname)) >= sizeof(myname)) |
if (mypw == NULL) |
errx(1, "pw_name too long"); |
errx(1, "no passwd entry for self"); |
ngroups = getgroups(NGROUPS_MAX, groups); |
ngroups = getgroups(NGROUPS_MAX, groups); |
if (ngroups == -1) |
if (ngroups == -1) |
err(1, "can't get groups"); |
err(1, "can't get groups"); |
|
|
if (sflag) { |
if (sflag) { |
sh = getenv("SHELL"); |
sh = getenv("SHELL"); |
if (sh == NULL || *sh == '\0') { |
if (sh == NULL || *sh == '\0') { |
shargv[0] = strdup(mypw->pw_shell); |
shargv[0] = mypw->pw_shell; |
if (shargv[0] == NULL) |
|
err(1, NULL); |
|
} else |
} else |
shargv[0] = sh; |
shargv[0] = sh; |
argv = shargv; |
argv = shargv; |
|
|
if (!permit(uid, groups, ngroups, &rule, target, cmd, |
if (!permit(uid, groups, ngroups, &rule, target, cmd, |
(const char **)argv + 1)) { |
(const char **)argv + 1)) { |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
"failed command for %s: %s", myname, cmdline); |
"failed command for %s: %s", mypw->pw_name, cmdline); |
errc(1, EPERM, NULL); |
errc(1, EPERM, NULL); |
} |
} |
|
|
|
|
if (nflag) |
if (nflag) |
errx(1, "Authorization required"); |
errx(1, "Authorization required"); |
|
|
authuser(myname, login_style, rule->options & PERSIST); |
authuser(mypw->pw_name, login_style, rule->options & PERSIST); |
} |
} |
|
|
if (unveil(_PATH_LOGIN_CONF, "r") == -1) |
if (unveil(_PATH_LOGIN_CONF, "r") == -1) |
|
|
err(1, "pledge"); |
err(1, "pledge"); |
|
|
rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); |
rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); |
if (rv != 0 || targpw == NULL) |
if (rv != 0) |
|
err(1, "getpwuid_r failed"); |
|
if (targpw == NULL) |
errx(1, "no passwd entry for target"); |
errx(1, "no passwd entry for target"); |
|
|
if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | |
if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | |
|
|
err(1, "pledge"); |
err(1, "pledge"); |
|
|
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", |
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", |
myname, cmdline, targpw->pw_name, cwd); |
mypw->pw_name, cmdline, targpw->pw_name, cwd); |
|
|
envp = prepenv(rule); |
envp = prepenv(rule); |
|
|