version 1.74, 2019/01/17 05:35:35 |
version 1.75, 2019/06/10 18:11:27 |
|
|
const char *cmd; |
const char *cmd; |
char cmdline[LINE_MAX]; |
char cmdline[LINE_MAX]; |
char myname[_PW_NAME_LEN + 1]; |
char myname[_PW_NAME_LEN + 1]; |
struct passwd *pw; |
char mypwbuf[_PW_BUF_LEN], targpwbuf[_PW_BUF_LEN]; |
|
struct passwd mypwstore, targpwstore; |
|
struct passwd *mypw, *targpw; |
const struct rule *rule; |
const struct rule *rule; |
uid_t uid; |
uid_t uid; |
uid_t target = 0; |
uid_t target = 0; |
gid_t groups[NGROUPS_MAX + 1]; |
gid_t groups[NGROUPS_MAX + 1]; |
int ngroups; |
int ngroups; |
int i, ch; |
int i, ch, rv; |
int sflag = 0; |
int sflag = 0; |
int nflag = 0; |
int nflag = 0; |
char cwdpath[PATH_MAX]; |
char cwdpath[PATH_MAX]; |
|
|
} else if ((!sflag && !argc) || (sflag && argc)) |
} else if ((!sflag && !argc) || (sflag && argc)) |
usage(); |
usage(); |
|
|
pw = getpwuid(uid); |
rv = getpwuid_r(uid, &mypwstore, mypwbuf, sizeof(mypwbuf), &mypw); |
if (!pw) |
if (rv != 0 || mypw == NULL) |
err(1, "getpwuid failed"); |
err(1, "getpwuid_r failed"); |
if (strlcpy(myname, pw->pw_name, sizeof(myname)) >= sizeof(myname)) |
if (strlcpy(myname, mypw->pw_name, sizeof(myname)) >= sizeof(myname)) |
errx(1, "pw_name too long"); |
errx(1, "pw_name too long"); |
ngroups = getgroups(NGROUPS_MAX, groups); |
ngroups = getgroups(NGROUPS_MAX, groups); |
if (ngroups == -1) |
if (ngroups == -1) |
|
|
if (sflag) { |
if (sflag) { |
sh = getenv("SHELL"); |
sh = getenv("SHELL"); |
if (sh == NULL || *sh == '\0') { |
if (sh == NULL || *sh == '\0') { |
shargv[0] = strdup(pw->pw_shell); |
shargv[0] = strdup(mypw->pw_shell); |
if (shargv[0] == NULL) |
if (shargv[0] == NULL) |
err(1, NULL); |
err(1, NULL); |
} else |
} else |
|
|
if (pledge("stdio rpath getpw exec id", NULL) == -1) |
if (pledge("stdio rpath getpw exec id", NULL) == -1) |
err(1, "pledge"); |
err(1, "pledge"); |
|
|
pw = getpwuid(target); |
rv = getpwuid_r(target, &targpwstore, targpwbuf, sizeof(targpwbuf), &targpw); |
if (!pw) |
if (rv != 0 || targpw == NULL) |
errx(1, "no passwd entry for target"); |
errx(1, "no passwd entry for target"); |
|
|
if (setusercontext(NULL, pw, target, LOGIN_SETGROUP | |
if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | |
LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK | |
LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK | |
LOGIN_SETUSER) != 0) |
LOGIN_SETUSER) != 0) |
errx(1, "failed to set user context for target"); |
errx(1, "failed to set user context for target"); |
|
|
err(1, "pledge"); |
err(1, "pledge"); |
|
|
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", |
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s", |
myname, cmdline, pw->pw_name, cwd); |
myname, cmdline, targpw->pw_name, cwd); |
|
|
envp = prepenv(rule); |
envp = prepenv(rule); |
|
|