Changeset 249

Timestamp:

06/08/05 20:08:15 (3 years ago)

Author:

athomas

Message:

• Fixed long standing bug where the incorrect user is reported in the logs.
  
• Added fperms and fowner constraints thanks to Pierre.
  
• Logging beautification.
  

Files:

• op/trunk/main.c (modified) (23 diffs)
• op/trunk/Makefile.am (modified) (1 diff)
• op/trunk/op.1 (modified) (1 diff)

op/trunk/main.c

@@ -74 +74 @@
-cmd_t   *First = NULL;
-var_t   *Variables = NULL;
-struct passwd
+char
-int gargc = -1;
-char **gargv = NULL;
@@ -202 +202 @@
-
-        if (sigprocmask(SIG_BLOCK, &sig_mask, &old_sig_mask))
-C
+c
-
-        gargv = argv;
-        gargc = argc;
-        realuser = getpwuid(getuid());
-
-        while (1) {
@@ -262 +261 @@
-
-        if (!read_conf && !read_conf_dir)
-C
+c
-
-        if ((pw = getpwuid(getuid())) == NULL) 
-                exit(1);
-getpwuid(getuid()
+(char*)strdup(pw->pw_name
-        strncpy(user, pw->pw_name, MAXSTRLEN);
-
@@ -277 +276 @@
-                if (uptr != NULL) {
-                        if (getuid() != 0) 
-P
+p
-                }
-        }
@@ -296 +295 @@
-                if (access(argv[argStart], F_OK) != 0)
-                        if (access(argv[argStart], X_OK) != 0)
-U
+u
-        }
-        cmd = Find(uptr);
-
-        if (cmd == NULL) 
-N
+n
-
-        argc -= argStart;
@@ -311 +310 @@
-
-        if ((num < 0) && ((argc-1) < -num))
-I
+i
-        if ((num > 0) && ((argc-1) != num)) 
-I
+i
-        if (num <0)
-                num = -num;
@@ -319 +318 @@
-        pcmd_s = format_cmd(argc, argv, cmd_s, MAXSTRLEN);
-        if (Verify(new, num, argc, argv) < 0)
-P
+p
-
-        return Go(new, num, argc, argv);
@@ -697 +696 @@
-                                        if (regexec(reg1,argv[j]) == 1) break;
-                                }
-A
+a
-                        }
-                }
@@ -745 +744 @@
-                        }
-                }
-A
+a
-        }
-        return 0;
@@ -873 +872 @@
-                        strcat(new_envp[curenv], xauth);
-                        if (curenv + 1 >= MAXENV)
-E
+e
-                        ++curenv;
-                        /* Propagate $DISPLAY to new environment */
@@ -880 +879 @@
-                        strcat(new_envp[curenv], getenv("DISPLAY"));
-                        if (curenv + 1 >= MAXENV)
-E
+e
-                        ++curenv;
-                }
@@ -972 +971 @@
-                                if (strncmp(cmd->opts[i] + 1, environ[j], cp - environ[j]) == 0) {
-                                        if (curenv + 1 >= MAXENV)
-E
+e
-                                        new_envp[curenv++] = environ[j];
-                                        break;
@@ -981 +980 @@
-                for (i = 0; environ[i] != NULL; i++) {
-                        if (curenv + 1 >= MAXENV)
-E
+e
-                        new_envp[curenv++] = environ[i];
-                }
@@ -999 +998 @@
-                if (cmd->opts[i][0] == '$' && strchr(cmd->opts[i], '=') != NULL) {
-                        if (curenv + 1 >= MAXENV)
-E
+e
-                        new_envp[curenv++] = cmd->opts[i] + 1;
-                        continue;
@@ -1005 +1004 @@
-        }
-        new_envp[curenv] = NULL;
+
+        /* --------------------------------------------------- */
+        /* fowner constraint must respect the syntax :        */
+        /* fowner=user:group,...                              */
+        /* Notice : user and/or group are regular expressions  */
+        /* --------------------------------------------------- */
+
+        if ((cp = FindOpt(cmd, "fowner")) != NULL) {
+                struct passwd * pwbuf;
+                struct group * grbuf;
+                struct stat statbuf;
+                char * ptr;
+                char usergroup[MAXSTRLEN];
+
+                /* Get user and group name of the owner of the file */
+                stat(cmd->args[0],&statbuf);
+
+                pwbuf = getpwuid(statbuf.st_uid);
+                if (pwbuf == NULL)
+                        fatal(1,"%s: no identified user for uid %d", cmd->name, statbuf.st_uid);
+                grbuf = getgrgid(statbuf.st_gid);
+                if (grbuf == NULL)
+                        fatal(1,"%s: no identified group for gid %d", cmd->name, statbuf.st_gid);
+
+                if (strlen(pwbuf->pw_name) + strlen(grbuf->gr_name) + 1 >= MAXSTRLEN)
+                        fatal(1, "%s: user/group string buffer length exceeded", cmd->name);
+                strcpy(usergroup, pwbuf->pw_name);
+                strcat(usergroup, ":");
+                strcat(usergroup, grbuf->gr_name);
+
+                /* check users,groups candidates */
+                
+                for (cp = GetField(cp, str, MAXSTRLEN - 5); cp != NULL; cp = GetField(cp, str, MAXSTRLEN - 5)) {
+                        regexp          *reg1 = NULL;
+                        char regstr[MAXSTRLEN];
+
+                        ptr=strchr(str,':');
+                        if (ptr == NULL)
+                                fatal(1,"%s: fowner argument must respect the user:group format", cmd->name);
+
+                        strcpy(regstr, "^(");
+                        strcat(regstr, str);
+                        strcat(regstr, ")$");
+                
+                        if ((reg1 = regcomp(regstr)) == NULL)
+                                return logger(LOG_ERR, "Invalid regex '%s'", str);
+        
+                        if ((regexec(reg1, usergroup) == 1))
+                                break;
+                }
+                if (cp == NULL)
+                        fatal(1,"%s: file %s (%s) did not pass ownership constraints",
+                          cmd->name, cmd->args[0], usergroup);
+        }
+
+        /* ---------------------------------------------------------------------- */
+        /* fperms constraint must respect the syntax :                            */
+        /* fperms=NNNN,MMMM,... where NNNN and MMMM are octal representation of   */
+        /*                            the target requested authorised permissions */
+        /* Notice : NNNN and MMMM can be regular expressions                      */
+        /* ---------------------------------------------------------------------- */
+
+        if ((cp = FindOpt(cmd, "fperms")) != NULL) {
+                struct stat buf;
+                char   mode[5];
+
+                stat(cmd->args[0],&buf);
+                snprintf(mode, 5, "%o", buf.st_mode & 07777);
+
+                for (cp = GetField(cp, str, MAXSTRLEN - 5); cp != NULL; cp = GetField(cp, str, MAXSTRLEN - 5)) {
+                        regexp          *reg1 = NULL;
+                        char regstr[MAXSTRLEN];
+
+                        strcpy(regstr, "^(");
+                        strcat(regstr, str);
+                        strcat(regstr, ")$");
+                
+                        if ((reg1 = regcomp(regstr)) == NULL)
+                                return logger(LOG_ERR, "Invalid regex '%s'", str);
+
+                        if (regexec(reg1,mode) == 1)
+                                break;
+                }
+                if (cp == NULL)
+                        fatal(1,"%s: file %s (%s) did not pass permissions constraints",
+                          cmd->name, cmd->args[0],mode);
+        }
-
-        if (strcmp("MAGIC_SHELL", cmd->args[0]) == 0) {
@@ -1013 +1099 @@
-                if (environ[i] != NULL) {
-                        if (curarg >= MAXARG - 1)
-A
+a
-                        new_argv[curarg++] = environ[i] + 6;
-                } else {
-No shell"
+%s: no shell", cmd->name
-                }
-
-                if (argc != 1) {
-                        if (curarg >= MAXARG - 1)
-A
+a
-                        new_argv[curarg++] = "-c";
-
@@ -1028 +1114 @@
-
-                        if ((cp = (char *)malloc(len + 10)) == NULL)
-Unable to create buffer"
+%s: unable to create buffer", cmd->name
-
-                        len = 0;
@@ -1038 +1124 @@
-                        }
-                        if (curarg >= MAXARG - 1)
-A
+a
-                        new_argv[curarg++] = cp;
-                }
@@ -1049 +1135 @@
-                                if (np[1] == '*') {
-                                        if (curarg + argc >= MAXARG - 1)
-A
+a
-                                        for (j = 1; j < argc; j++)
-                                                new_argv[curarg++] = argv[j];
@@ -1057 +1143 @@
-                                                fatal(1, "%s Referenced argument out of range",cmd->name);
-                                        if (curarg >= MAXARG - 1)
-A
+a
-                                        new_argv[curarg++] = argv[atoi(np + 1)];
-                                }
@@ -1115 +1201 @@
-                        if (cp == NULL) {
-                                if (curarg >= MAXARG - 1)
-A
+a
-                                new_argv[curarg++] = cmd->args[i];
-                                continue;
@@ -1127 +1213 @@
-
-        if (sigprocmask(SIG_SETMASK, &old_sig_mask, NULL))
-C
+c
-        if ((i = execve(new_argv[0], new_argv, new_envp)) < 0) {
-                perror("execve");
@@ -1197 +1283 @@
-        if (level >= minimum_logging_level) return -1;
-
-->pw_name
+
-
-        vstrnprintf(buffer2, MAXSTRLEN, format, args);

op/trunk/Makefile.am

@@ -2 +2 @@
-op_SOURCES=atov.c defs.h lex.l main.c regexp.c regexp.h util.c
-man_MANS=op.1
-
+ op.1
-#README
-

op/trunk/op.1

@@ -184 +184 @@
-still be logged.
-.TP
+.B fowner
+Specifies the owner and group of the target command executable as a list of
+regular expression in the form
+.I user:group
+If the executable ownership does not match, the command will not be executed.
+.TP
+.B fperms
+As with
+.I fowner
+but matches against the octal permissions of the executable.
+.TP
-.B xauth
-Attempt to propagate the X authority entry for the current display to the new