OSSP CVS Repository

ossp - Check-in [3378]
Not logged in 		[Honeypot]  [Browse]  [Home]  [Login]  [Reports
[Search]  [Ticket]  [Timeline
  [Patchset]  [Tagging/Branching

Check-in Number: 3378
Date: 2003-May-23 16:14:09 (local)
2003-May-23 14:14:09 (UTC)
User:ms
Branch:
Comment: Mostly finish setuid(2) work in section parsing of userid, and exec mode.
Tickets:
Inspections:
Files:
ossp-pkg/rc/rc_const.h      1.15 -> 1.16     1 inserted, 0 deleted
ossp-pkg/rc/rc_proc.c      1.32 -> 1.33     44 inserted, 16 deleted
ossp-pkg/rc/rc_script.c      1.20 -> 1.21     1 inserted, 1 deleted
ossp-pkg/rc/rc_const.h 1.15 -> 1.16 

--- rc_const.h   2003/05/21 12:49:21     1.15
+++ rc_const.h   2003/05/23 14:14:09     1.16
@@ -36,6 +36,7 @@
 #define RC_EEP_TEXT "The exec, eval, and print options may not be combined.\n"
 #define RC_SLO_TEXT "The silent option may not be combined with output options.\n"
 #define RC_SUM_TEXT "Option argument summary.\n"
+#define RC_RUT_TEXT "Failed to set the user id. Please become the root user and try again.\n"
 
 /* Option descriptions used with popt, should not include termination */
 #define RC_USE_DESC "Print a short usage summary, then exit."

ossp-pkg/rc/rc_proc.c 1.32 -> 1.33 

--- rc_proc.c    2003/05/22 14:46:33     1.32
+++ rc_proc.c    2003/05/23 14:14:09     1.33
@@ -27,17 +27,16 @@
 **  rc_proc.c: Run-command processor ISO C source file
 */
 
-#include <stdlib.h>     /* Standard system headers  */
-#include <fcntl.h>      /* For reading rc files     */
-#include <unistd.h>     /* For reading rc files     */
-#include <string.h>     /* For string manipulation  */
-
-/* FIXME: Remove */
-#include <sys/stat.h>
-
-#include "rc.h"         /* Public interfaces        */
-#include "rc_const.h"   /* String and value const   */
-#include "rc_config.h"  /* Option definitions       */
+#include <stdlib.h>     /* Standard system headers    */
+#include <fcntl.h>      /* For reading rc files       */
+#include <unistd.h>     /* For reading rc files       */
+#include <string.h>     /* For string manipulation    */
+#include <signal.h>     /* For signal(3)              */
+#include <sys/wait.h>   /* For waitpid(2) and fork(2) */
+
+#include "rc.h"         /* Public interfaces          */
+#include "rc_const.h"   /* String and value const     */
+#include "rc_config.h"  /* Option definitions         */
 
 
 /************************************************
@@ -194,6 +193,9 @@
     int   nTmpname  = 0;              /* Temp file name size */
     int   nRcs      = 0;              /* Rc index            */
     int   nSecs     = 0;              /* Section index       */
+    int   nSectuid  = -1;             /* The section's user id           */
+    int   nRunuid   = -1;             /* The current user id             */
+    pid_t Pidexec   = -1;             /* When spawning before execv(3)   */
     char *szTmpfile = NULL;           /* Path of temporary file          */
     char *szTmp     = NULL;           /* Generic temporary string        */
     char *szCom     = NULL;           /* Stores common script text       */
@@ -262,6 +264,20 @@
         pFatscript = NULL;
     }
     else if (configGetval(RC_EXC_VAL)) {                        /* Execute  */
+        /* FIXME FIXME FIXME FIXME */
+        /* For however many labels */
+            /* For however many sections in this label */
+                /* If the we must setuid(2) */
+                    /* If yes, are we root? */
+                        /* If no, then report error and exit */
+/*        for (nTmp = 0; ; nTmp++) {
+            if ()
+            nRunuid = getuid();
+            if (nRunuid != 0 && nRunuid != nSectuid) {
+                fprintf(stderr, RC_RUT_TEXT);
+                return(RC_THROW(RC_ERR_USE));
+            }
+        }*/
         /* Allocate a block of section pointers to use temporarily */
         ppSectmp = calloc(pRc->m_pAnal->m_nRcs, sizeof(rc_section_t *));
         szCom = (char *)scriptTostring(pRc->m_pScriptcom);
@@ -288,12 +304,24 @@
                                (strlen(szTmp) + 1) * sizeof(char));
                 strcpy(szExec, szCom); /* Start out with just the common script code */
                 strcat(szExec, szTmp); /* And build a section onto the command chain */
-                pszVec[2] = szExec; /* Actually launch the new process image now */
+                pszVec[2] = szExec;    /* Actually launch the new process image now  */
 
-/* FIXME: Put the fork in here! */
-                if (execvp(*pszVec, pszVec) == -1) {                    /* launch */
-                    TRACE("Bad, execvp for common script in child returned -1");
-                    return(RC_THROW(RC_ERR_INT));
+                /* Spawn the section shell code */
+                switch (Pidexec = fork()){
+                    case -1:    /* Broken */
+                        return(RC_THROW(RC_ERR_INT));
+                        break;  /* Huh? */
+                    case 0:     /* Child, runs script code through bourne shell */
+                        nSectuid = sectionGetuid(ppSectmp[nTmp]);
+                        if (nSectuid >= 0 && getuid() != nSectuid)
+                            if (setuid(nSectuid) != 0)
+                                return(RC_THROW(RC_ERR_INT));
+                        if (execvp(*pszVec, pszVec) == -1)
+                            return(RC_THROW(RC_ERR_INT));
+                        break;
+                    default: /* Parent, blocks until child returns */
+                        waitpid(Pidexec, NULL, WUNTRACED);
+                        break;
                 }
 
                 free(szExec); /* Cleanup after exec */

ossp-pkg/rc/rc_script.c 1.20 -> 1.21 

--- rc_script.c  2003/05/21 15:16:41     1.20
+++ rc_script.c  2003/05/23 14:14:09     1.21
@@ -32,7 +32,7 @@
 #include <unistd.h>     /* For mkstemp(3)             */
 #include <fcntl.h>      /* For open(2)                */
 #include <ctype.h>      /* For isspace(3)             */
-#include <pwd.h>        /* For getlogin(2)            */
+#include <pwd.h>        /* For getpwuid(3)            */
 
 #include "rc.h"         /* Public Rc interface        */
 #include "rc_pcre.h"    /* For section parsing        */

CVSTrac 2.0.1