/* -*-c-*-
*
- * $Id: become.c,v 1.23 2003/10/12 10:00:06 mdw Exp $
+ * $Id: become.c,v 1.26 2004/04/08 01:36:20 mdw Exp $
*
* Main code for `become'
*
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: become.c,v $
- * Revision 1.23 2003/10/12 10:00:06 mdw
- * Fix for daemon mode. Oops.
- *
- * Revision 1.22 2003/10/12 00:14:55 mdw
- * Major overhaul. Now uses DSA signatures rather than the bogus symmetric
- * encrypt-and-hope thing. Integrated with mLib and Catacomb.
- *
- * Revision 1.21 1999/07/28 09:31:01 mdw
- * Empty path components are equivalent to `.'.
- *
- * Revision 1.20 1999/05/04 16:17:11 mdw
- * Change to header file name for parser. See log for `parse.h' for
- * details.
- *
- * Revision 1.19 1998/06/29 13:10:41 mdw
- * Add some commentary regarding an issue in `sudo' which affects `become';
- * I'm not fixing it yet because I don't think it's important.
- *
- * Fixed the PATH lookup code to use the right binary name: `binary' rather
- * than `todo[0]'. The two only differ when `style' is `l_login', in which
- * case `binary' has an initial `/' anyway, and the PATH lookup code is
- * never invoked. The name is used in a buffer-overflow precheck, though,
- * and auditing is easier if the naming is consistent.
- *
- * Revision 1.18 1998/06/26 10:32:54 mdw
- * Cosmetic change: use sizeof(destination) in memcpy.
- *
- * Revision 1.17 1998/06/18 15:06:59 mdw
- * Close log before execing program to avoid leaving a socket open.
- *
- * Revision 1.16 1998/04/23 13:21:04 mdw
- * Small tweaks. Support no-network configuration option, and rearrange
- * the help text a little.
- *
- * Revision 1.15 1998/01/13 11:10:44 mdw
- * Add `TZ' to the list of variables to be preserved.
- *
- * Revision 1.14 1998/01/12 16:45:39 mdw
- * Fix copyright date.
- *
- * Revision 1.13 1997/09/26 09:14:57 mdw
- * Merged blowfish branch into trunk.
- *
- * Revision 1.12 1997/09/25 16:04:48 mdw
- * Change directory after becoming someone else, instead of before. This
- * avoids problems with root-squashed NFS mounts.
- *
- * Revision 1.11.2.1 1997/09/26 09:07:58 mdw
- * Use the Blowfish encryption algorithm instead of IDEA. This is partly
- * because I prefer Blowfish (without any particularly strong evidence) but
- * mainly because IDEA is patented and Blowfish isn't.
- *
- * Revision 1.11 1997/09/24 09:48:45 mdw
- * Fix (scary) overrun bug in group allocation stuff.
- *
- * Revision 1.10 1997/09/17 10:14:10 mdw
- * Fix a typo. Support service names in `--port' option.
- *
- * Revision 1.9 1997/09/10 10:28:05 mdw
- * Allow default port to be given as a service name or port number. Handle
- * groups properly (lots of options here).
- *
- * Revision 1.8 1997/09/08 13:56:24 mdw
- * Change criteria for expunging items from the user's PATH: instead of
- * removing things starting with `.', remove things not starting with `/'.
- *
- * Revision 1.7 1997/09/08 13:43:20 mdw
- * Change userid when creating tracefiles rather than fiddling with
- * `access': it works rather better. Also, insert some stdio buffer
- * flushing to ensure tracedumps are completely written.
- *
- * Revision 1.6 1997/09/05 13:47:44 mdw
- * Make the `-L' (trace-level) option's argument optional, like the long
- * version is.
- *
- * Revision 1.5 1997/09/05 11:45:19 mdw
- * Add support for different login styles, and environment variable
- * manipulation in a safe and useful way.
- *
- * Revision 1.4 1997/08/20 16:15:13 mdw
- * Overhaul of environment handling. Fix daft bug in path search code.
- *
- * Revision 1.3 1997/08/07 16:28:59 mdw
- * Do something useful when users attempt to become themselves.
- *
- * Revision 1.2 1997/08/04 10:24:20 mdw
- * Sources placed under CVS control.
- *
- * Revision 1.1 1997/07/21 13:47:54 mdw
- * Initial revision
- *
- */
-
/*----- Header files ------------------------------------------------------*/
/* --- ANSI headers --- */
#include <pwd.h>
#include <syslog.h>
#include <unistd.h>
+#include <fcntl.h>
extern char **environ;
if (getuid() != geteuid())
flags |= f_setuid;
+ /* --- Make sure standard file descriptors are open --- */
+
+ {
+ int fd;
+ do {
+ if ((fd = open("/dev/null", O_RDWR)) < 0)
+ die(1, "couldn't open /dev/null: %s", strerror(errno));
+ } while (fd <= STDERR_FILENO);
+ close(fd);
+ }
+
/* --- Read the environment into a hashtable --- */
{
/* --- Group style options --- */
- { "group", gFlag_argReq, 0, 'g' },
+ { "group", OPTF_ARGREQ, 0, 'g' },
#ifdef HAVE_SETGROUPS
{ "keep-groups", 0, 0, 'k' },
{ "merge-groups", 0, 0, 'm' },
/* --- Command to run options --- */
- { "command", gFlag_argReq, 0, 'c' },
+ { "command", OPTF_ARGREQ, 0, 'c' },
/* --- Server options --- */
#ifndef NONETWORK
{ "daemon", 0, 0, 'd' },
{ "nofork", 0, 0, 'n' },
- { "port", gFlag_argReq, 0, 'p' },
- { "config-file", gFlag_argReq, 0, 'f' },
+ { "port", OPTF_ARGREQ, 0, 'p' },
+ { "config-file", OPTF_ARGREQ, 0, 'f' },
#endif
/* --- Tracing options --- */
#ifndef NTRACE
- { "impersonate", gFlag_argReq, 0, 'I' },
- { "trace", gFlag_argOpt, 0, 'T' },
- { "trace-level", gFlag_argOpt, 0, 'L' },
+ { "impersonate", OPTF_ARGREQ, 0, 'I' },
+ { "trace", OPTF_ARGOPT, 0, 'T' },
+ { "trace-level", OPTF_ARGOPT, 0, 'L' },
#endif
{ 0, 0, 0, 0 }
for (pp = banned; *pp; pp++) {
if (**pp == '-') {
p = *pp + 1;
- if (memcmp(e->_base.name, p, strlen(p)) == 0)
+ if (strncmp(e->_base.name, p, strlen(p)) == 0)
goto expunge;
} else if (strcmp(e->_base.name, *pp) == 0)
goto expunge;