X-Git-Url: https://git.distorted.org.uk/~mdw/checkpath/blobdiff_plain/7868d789c2b2f6a074b7fc14cd4dc482957c90b5..e0d83cefbc0d0fec6a9e59a97a2191da6d8e61b4:/chkpath.c diff --git a/chkpath.c b/chkpath.c index 250e922..7dea761 100644 --- a/chkpath.c +++ b/chkpath.c @@ -1,13 +1,11 @@ /* -*-c-*- * - * $Id: chkpath.c,v 1.2 2001/01/25 22:16:02 mdw Exp $ - * * Check a user's file search path * * (c) 1999 Mark Wooding */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of chkpath. * @@ -15,65 +13,56 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * chkpath is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with chkpath; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: chkpath.c,v $ - * Revision 1.2 2001/01/25 22:16:02 mdw - * Make flags be unsigned. - * - * Revision 1.1.1.1 1999/04/06 20:12:07 mdw - * Import new project. - * - */ - /*----- Header files ------------------------------------------------------*/ +#include "config.h" + #include #include #include #include #include +#include +#include + #include #include #include #include -#include "path.h" +#include "checkpath.h" +#include "utils.h" /*----- Main code ---------------------------------------------------------*/ -static void report(int what, int verbose, +/* --- @report@ --- */ + +static void report(unsigned what, int verbose, const char *p, const char *msg, void *arg) -{ - moan("%s", msg); -} + { moan("%s", msg); } /* --- @usage@ --- */ static void usage(FILE *fp) -{ - fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); -} + { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); } /* --- @version@ --- */ static void version(FILE *fp) -{ - fprintf(fp, "%s version %s\n", QUIS, VERSION); -} + { fprintf(fp, "%s version %s\n", QUIS, VERSION); } /* --- @help@ --- */ @@ -99,6 +88,7 @@ Options provided are:\n\ -s, --sticky Consider sticky directories secure against\n\ modification by world and group (not recommended).\n\ -t, --trust-group Consider other members of your group trustworthy.\n\ +-g, --group NAME Consider members of group NAME trustworthy.\n\ -p, --print Write the secure path elements to standard output.\n\ ", fp); @@ -106,10 +96,10 @@ Options provided are:\n\ int main(int argc, char *argv[]) { - int bad = 0; + unsigned bad = 0; int i; char *p, *q, *path; - struct chkpath cp; + struct checkpath cp; int f = 0; #define f_print 1u @@ -122,11 +112,11 @@ int main(int argc, char *argv[]) /* --- Set up path scanning defaults --- */ cp.cp_verbose = 1; - cp.cp_what = (CP_WRWORLD | CP_WRGRP | CP_WROTHUSR | - CP_ERROR | CP_REPORT | CP_SYMLINK); + cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP; cp.cp_report = report; cp.cp_arg = 0; - path_setids(&cp); + cp.cp_gids = 0; + checkpath_setuid(&cp); /* --- Parse the options --- */ @@ -142,7 +132,7 @@ int main(int argc, char *argv[]) { "print", 0, 0, 'p' }, { 0, 0, 0, 0 } }; - int i = mdwopt(argc, argv, "hVu vqstp", opts, 0, 0, 0); + int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0); if (i < 0) break; @@ -167,7 +157,11 @@ int main(int argc, char *argv[]) cp.cp_what |= CP_STICKYOK; break; case 't': - cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP; + if (checkpath_setgid(&cp) || checkpath_setgroups(&cp)) + die(1, "too many groups"); + break; + case 'g': + allowgroup(&cp, optarg); break; case 'p': f |= f_print; @@ -196,7 +190,7 @@ int main(int argc, char *argv[]) p = xstrdup(argv[i]); q = strtok(p, ":"); while (q) { - int b = path_check(q, &cp); + unsigned b = checkpath(q, &cp); if (!b && (f & f_print)) { if (f & f_colon) putchar(':');