This patch adds an option "realuser" which, if enabled, sets the environment
variables REALUSER to the user and the REALUID to
the uid of the user who called op. We needed this functionality so that normal
users can do a pmap (which needs root permissions to read /proc/...) on their
processes (Example at the end).
diff -ruN op-1.32.orig/main.c op-1.32/main.c
--- op-1.32.orig/main.c 2005-12-08 01:48:25.000000000 +0100
+++ op-1.32/main.c 2006-01-17 11:14:01.000000000 +0100
@@ -74,6 +74,7 @@
cmd_t *First = NULL;
var_t *Variables = NULL;
char *realuser = NULL;
+uid_t realuid;
int gargc = -1;
char **gargv = NULL;
sigset_t sig_mask, old_sig_mask;
@@ -275,7 +276,7 @@
if (!read_conf && !read_conf_dir)
fatal(1, "could not open %s or any configuration files in %s (check that file permissions are 600)", OP_ACCESS, OP_ACCESS_DIR);
- if ((pw = getpwuid(getuid())) == NULL)
+ if ((pw = getpwuid(realuid = getuid())) == NULL)
exit(1);
realuser = (char*)strdup(pw->pw_name);
strncpy(user, pw->pw_name, MAXSTRLEN);
@@ -1015,6 +1016,26 @@
continue;
}
}
+
+ if (FindOpt(cmd, "realuser") != NULL) {
+ if (strlen(realuser) + 10 > MAXSTRLEN)
+ fatal(1, "Username too long");
+
+ sprintf(str, "REALUSER=%s", realuser);
+ new_envp[curenv] = malloc(strlen(str) + 1);
+ strcpy(new_envp[curenv], str);
+ if (curenv + 1 >= MAXENV)
+ fatal(1, "%s: environment length exceeded", cmd->name);
+ ++curenv;
+
+ sprintf(str, "REALUID=%d", realuid);
+ new_envp[curenv] = malloc(strlen(str) + 1);
+ strcpy(new_envp[curenv], str);
+ if (curenv + 1 >= MAXENV)
+ fatal(1, "%s: environment length exceeded", cmd->name);
+ ++curenv;
+ }
+
new_envp[curenv] = NULL;
/* --------------------------------------------------- */
pmap /bin/sh -c '
if [ -z "$*" ]; then
/usr/bin/pmap
exit 0
fi
for arg in $*; do
case "$arg" in
[0-9]*)
/usr/binpgrep -U $REALUID | /usr/bin/grep "^$arg$" >/dev/null 2>&1
if [ $? -ne 0 ]; then
echo "permission denied by op"
exit 0
fi
;;
esac
done
/usr/bin/pmap $*
';
users=twls
realuser
help=" "
$*=(-r|-x|-l|[0-9]+)
