X-Git-Url: https://git.distorted.org.uk/~mdw/become/blobdiff_plain/f60a34341fee6aafd5b878dce23b80af7c60064d..af4f4d6a77aceba8e2d6f58d15e894df320e7c24:/src/become.c diff --git a/src/become.c b/src/become.c index d383084..b4956ff 100644 --- a/src/become.c +++ b/src/become.c @@ -1,6 +1,6 @@ /* -*-c-*- * - * $Id: become.c,v 1.22 2003/10/12 00:14:55 mdw Exp $ + * $Id: become.c,v 1.26 2004/04/08 01:36:20 mdw Exp $ * * Main code for `become' * @@ -26,99 +26,6 @@ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: become.c,v $ - * Revision 1.22 2003/10/12 00:14:55 mdw - * Major overhaul. Now uses DSA signatures rather than the bogus symmetric - * encrypt-and-hope thing. Integrated with mLib and Catacomb. - * - * Revision 1.21 1999/07/28 09:31:01 mdw - * Empty path components are equivalent to `.'. - * - * Revision 1.20 1999/05/04 16:17:11 mdw - * Change to header file name for parser. See log for `parse.h' for - * details. - * - * Revision 1.19 1998/06/29 13:10:41 mdw - * Add some commentary regarding an issue in `sudo' which affects `become'; - * I'm not fixing it yet because I don't think it's important. - * - * Fixed the PATH lookup code to use the right binary name: `binary' rather - * than `todo[0]'. The two only differ when `style' is `l_login', in which - * case `binary' has an initial `/' anyway, and the PATH lookup code is - * never invoked. The name is used in a buffer-overflow precheck, though, - * and auditing is easier if the naming is consistent. - * - * Revision 1.18 1998/06/26 10:32:54 mdw - * Cosmetic change: use sizeof(destination) in memcpy. - * - * Revision 1.17 1998/06/18 15:06:59 mdw - * Close log before execing program to avoid leaving a socket open. - * - * Revision 1.16 1998/04/23 13:21:04 mdw - * Small tweaks. Support no-network configuration option, and rearrange - * the help text a little. - * - * Revision 1.15 1998/01/13 11:10:44 mdw - * Add `TZ' to the list of variables to be preserved. - * - * Revision 1.14 1998/01/12 16:45:39 mdw - * Fix copyright date. - * - * Revision 1.13 1997/09/26 09:14:57 mdw - * Merged blowfish branch into trunk. - * - * Revision 1.12 1997/09/25 16:04:48 mdw - * Change directory after becoming someone else, instead of before. This - * avoids problems with root-squashed NFS mounts. - * - * Revision 1.11.2.1 1997/09/26 09:07:58 mdw - * Use the Blowfish encryption algorithm instead of IDEA. This is partly - * because I prefer Blowfish (without any particularly strong evidence) but - * mainly because IDEA is patented and Blowfish isn't. - * - * Revision 1.11 1997/09/24 09:48:45 mdw - * Fix (scary) overrun bug in group allocation stuff. - * - * Revision 1.10 1997/09/17 10:14:10 mdw - * Fix a typo. Support service names in `--port' option. - * - * Revision 1.9 1997/09/10 10:28:05 mdw - * Allow default port to be given as a service name or port number. Handle - * groups properly (lots of options here). - * - * Revision 1.8 1997/09/08 13:56:24 mdw - * Change criteria for expunging items from the user's PATH: instead of - * removing things starting with `.', remove things not starting with `/'. - * - * Revision 1.7 1997/09/08 13:43:20 mdw - * Change userid when creating tracefiles rather than fiddling with - * `access': it works rather better. Also, insert some stdio buffer - * flushing to ensure tracedumps are completely written. - * - * Revision 1.6 1997/09/05 13:47:44 mdw - * Make the `-L' (trace-level) option's argument optional, like the long - * version is. - * - * Revision 1.5 1997/09/05 11:45:19 mdw - * Add support for different login styles, and environment variable - * manipulation in a safe and useful way. - * - * Revision 1.4 1997/08/20 16:15:13 mdw - * Overhaul of environment handling. Fix daft bug in path search code. - * - * Revision 1.3 1997/08/07 16:28:59 mdw - * Do something useful when users attempt to become themselves. - * - * Revision 1.2 1997/08/04 10:24:20 mdw - * Sources placed under CVS control. - * - * Revision 1.1 1997/07/21 13:47:54 mdw - * Initial revision - * - */ - /*----- Header files ------------------------------------------------------*/ /* --- ANSI headers --- */ @@ -147,6 +54,7 @@ #include #include #include +#include extern char **environ; @@ -470,6 +378,7 @@ static void bc__help(FILE *fp, int suid) #ifndef NONETWORK "\n" "-d, --daemon Start a daemon\n" +"-n, --nofork In daemon mode, don't fork into background\n" "-p PORT, --port=PORT In daemon mode, listen on PORT\n" "-f FILE, --config-file=FILE In daemon mode, read config from FILE\n" #endif @@ -539,14 +448,13 @@ int main(int argc, char *argv[]) /* --- Definitions for the various flags --- */ - enum { - f_daemon = 1, /* Start up in daemon mode */ - f_duff = 2, /* Fault in arguments */ - f_shell = 4, /* Run a default shell */ - f_dummy = 8, /* Don't actually do anything */ - f_setuid = 16, /* We're running setuid */ - f_havegroup = 32 /* Set a default group */ - }; +#define f_daemon 1u /* Start up in daemon mode */ +#define f_duff 2u /* Fault in arguments */ +#define f_shell 4u /* Run a default shell */ +#define f_dummy 8u /* Don't actually do anything */ +#define f_setuid 16u /* We're running setuid */ +#define f_havegroup 32u /* Set a default group */ +#define f_nofork 64u /* Don't fork into background */ /* --- Set up the program name --- */ @@ -555,6 +463,17 @@ int main(int argc, char *argv[]) if (getuid() != geteuid()) flags |= f_setuid; + /* --- Make sure standard file descriptors are open --- */ + + { + int fd; + do { + if ((fd = open("/dev/null", O_RDWR)) < 0) + die(1, "couldn't open /dev/null: %s", strerror(errno)); + } while (fd <= STDERR_FILENO); + close(fd); + } + /* --- Read the environment into a hashtable --- */ { @@ -586,7 +505,7 @@ int main(int argc, char *argv[]) /* --- Group style options --- */ - { "group", gFlag_argReq, 0, 'g' }, + { "group", OPTF_ARGREQ, 0, 'g' }, #ifdef HAVE_SETGROUPS { "keep-groups", 0, 0, 'k' }, { "merge-groups", 0, 0, 'm' }, @@ -595,22 +514,23 @@ int main(int argc, char *argv[]) /* --- Command to run options --- */ - { "command", gFlag_argReq, 0, 'c' }, + { "command", OPTF_ARGREQ, 0, 'c' }, /* --- Server options --- */ #ifndef NONETWORK { "daemon", 0, 0, 'd' }, - { "port", gFlag_argReq, 0, 'p' }, - { "config-file", gFlag_argReq, 0, 'f' }, + { "nofork", 0, 0, 'n' }, + { "port", OPTF_ARGREQ, 0, 'p' }, + { "config-file", OPTF_ARGREQ, 0, 'f' }, #endif /* --- Tracing options --- */ #ifndef NTRACE - { "impersonate", gFlag_argReq, 0, 'I' }, - { "trace", gFlag_argOpt, 0, 'T' }, - { "trace-level", gFlag_argOpt, 0, 'L' }, + { "impersonate", OPTF_ARGREQ, 0, 'I' }, + { "trace", OPTF_ARGOPT, 0, 'T' }, + { "trace-level", OPTF_ARGOPT, 0, 'L' }, #endif { 0, 0, 0, 0 } @@ -627,7 +547,7 @@ int main(int argc, char *argv[]) #endif "c:" /* Command to run options */ #ifndef NONETWORK - "dp:f:" /* Server options */ + "dnp:f:" /* Server options */ #endif #ifndef NTRACE "I:T::L::" /* Tracing options */ @@ -712,6 +632,9 @@ int main(int argc, char *argv[]) case 'd': flags |= f_daemon; break; + case 'n': + flags |= f_nofork; + break; case 'f': conffile = optarg; break; @@ -887,7 +810,7 @@ done_options: #ifndef NONETWORK if (flags & f_daemon) { T( trace(TRACE_MISC, "become: daemon mode requested"); ) - daemon_init(conffile, port); + daemon_init(conffile, port, (flags & f_nofork) ? df_nofork : 0); exit(0); } #endif @@ -1301,7 +1224,7 @@ done_options: for (pp = banned; *pp; pp++) { if (**pp == '-') { p = *pp + 1; - if (memcmp(e->_base.name, p, strlen(p)) == 0) + if (strncmp(e->_base.name, p, strlen(p)) == 0) goto expunge; } else if (strcmp(e->_base.name, *pp) == 0) goto expunge;