X-Git-Url: https://git.distorted.org.uk/~mdw/checkpath/blobdiff_plain/9c42854ddcd101d7c18dbe762afeed91fca5c477..b8eb35c13263163e9849ee3fbdc1bc8bd5c5167b:/chkpath.c

diff --git a/chkpath.c b/chkpath.c
index 0751449..a44570e 100644
--- a/chkpath.c
+++ b/chkpath.c
@@ -1,7 +1,5 @@
 /* -*-c-*-
  *
- * $Id: chkpath.c,v 1.4 2004/04/08 01:36:22 mdw Exp $
- *
  * Check a user's file search path
  *
  * (c) 1999 Mark Wooding
@@ -36,15 +34,21 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <pwd.h>
+#include <grp.h>
+
 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>
 #include <mLib/report.h>
 
 #include "checkpath.h"
+#include "utils.h"
 
 /*----- Main code ---------------------------------------------------------*/
 
+/* --- @report@ --- */
+
 static void report(unsigned what, int verbose,
 		   const char *p, const char *msg,
 		   void *arg)
@@ -53,7 +57,7 @@ static void report(unsigned what, int verbose,
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)
-  { fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); }
+  { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }
 
 /* --- @version@ --- */
 
@@ -84,6 +88,7 @@ Options provided are:\n\
 -s, --sticky		Consider sticky directories secure against\n\
 			modification by world and group (not recommended).\n\
 -t, --trust-group	Consider other members of your group trustworthy.\n\
+-g, --group NAME	Consider members of group NAME trustworthy.\n\
 -p, --print		Write the secure path elements to standard output.\n\
 ",
 	fp);
@@ -107,26 +112,27 @@ int main(int argc, char *argv[])
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;
-  cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
+  cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;
   cp.cp_report = report;
   cp.cp_arg = 0;
-  checkpath_setids(&cp);
+  cp.cp_gids = 0;
+  checkpath_setuid(&cp);
 
   /* --- Parse the options --- */
 
   for (;;) {
     static struct option opts[] = {
       { "help",		0,		0,	'h' },
-      { "version", 	0, 		0,	'V' },
+      { "version",	0,		0,	'V' },
       { "usage",	0,		0,	'u' },
-      { "verbose", 	0,		0,	'v' },
+      { "verbose",	0,		0,	'v' },
       { "quiet",	0,		0,	'q' },
       { "sticky",	0,		0,	's' },
       { "trust-group",	0,		0,	't' },
       { "print",	0,		0,	'p' },
       { 0,		0,		0,	0 }
     };
-    int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
+    int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);
 
     if (i < 0)
       break;
@@ -151,7 +157,11 @@ int main(int argc, char *argv[])
 	cp.cp_what |= CP_STICKYOK;
 	break;
       case 't':
-	cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+	if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+	  die(1, "too many groups");
+	break;
+      case 'g':
+	allowgroup(&cp, optarg);
 	break;
       case 'p':
 	f |= f_print;