+/* -*-c-*-
+ *
+ * $Id: chrootsh.c,v 1.1 1999/04/20 00:19:04 mdw Exp $
+ *
+ * Chroot gaol shell
+ *
+ * (c) 1999 EBI
+ */
+
+/*----- Licensing notice --------------------------------------------------*
+ *
+ * This file is part of Chroot shell.
+ *
+ * chrootsh is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * chrootsh is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with chrootsh; if not, write to the Free Software Foundation,
+ * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+/*----- Revision history --------------------------------------------------*
+ *
+ * $Log: chrootsh.c,v $
+ * Revision 1.1 1999/04/20 00:19:04 mdw
+ * Initial revision
+ *
+ */
+
+/*----- Header files ------------------------------------------------------*/
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include <sys/types.h>
+#include <unistd.h>
+#include <pwd.h>
+
+extern char **environ;
+
+/*----- Main code ---------------------------------------------------------*/
+
+#ifndef CHROOTSH_PATH
+# define CHROOTSH_PATH "/usr/bin/chrootsh"
+#endif
+
+static const char *quis = "chrootsh";
+
+static void *xmalloc(size_t sz)
+{
+ void *p = malloc(sz);
+ if (!p) {
+ fprintf(stderr, "%s: not enough memory\n", quis);
+ exit(EXIT_FAILURE);
+ }
+ return (p);
+}
+
+static char *xstrdup(const char *p)
+{
+ size_t sz = strlen(p) + 1;
+ char *q = xmalloc(sz);
+ memcpy(q, p, sz);
+ return (q);
+}
+
+int main(int argc, char *argv[])
+{
+ struct passwd *pw;
+ uid_t me = getuid();
+ char **env;
+ char **av;
+
+ /* --- Resolve the program name --- */
+
+ {
+ char *p, *q;
+ p = argv[0];
+ for (q = argv[0]; *q; q++) {
+ if (*q == '/')
+ p = q + 1;
+ }
+ quis = p;
+ }
+
+ /* --- Check the user is meant to be chrooted --- */
+
+ pw = getpwuid(me);
+ if (!pw) {
+ fprintf(stderr, "%s: you don't exist. Go away.\n", quis);
+ exit(EXIT_FAILURE);
+ }
+ if (strcmp(pw->pw_shell, CHROOTSH_PATH) != 0) {
+ fprintf(stderr, "%s: you aren't a chrooted user\n", quis);
+ exit(EXIT_FAILURE);
+ }
+ endpwent();
+
+ /* --- Chroot the user --- */
+
+ {
+ char *p = xstrdup(pw->pw_dir);
+ char *q = strstr(p, "/./");
+ if (q)
+ *q = 0;
+
+ if (chdir(p) || chroot(p)) {
+ fprintf(stderr, "%s: couldn't call chroot: %s", quis, strerror(errno));
+ exit(EXIT_FAILURE);
+ }
+ setuid(me);
+ free(p);
+ }
+
+ /* --- Read the new password block --- */
+
+ {
+ char *p = xstrdup(pw->pw_name);
+ pw = getpwnam(p);
+ free(p);
+ if (!pw) {
+ fprintf(stderr, "%s: you don't exist in the gaol\n", quis);
+ exit(EXIT_FAILURE);
+ }
+ endpwent();
+ }
+
+ /* --- Now fiddle with environment strings and suchlike --- */
+
+ {
+ size_t n;
+ for (n = 0; environ[n]; n++)
+ ;
+ env = xmalloc((n + 1) * sizeof(char *));
+
+ for (n = 0; environ[n]; n++) {
+ if (strncmp(environ[n], "HOME=", 5) == 0) {
+ char *p = xmalloc(6 + strlen(pw->pw_dir));
+ sprintf(p, "HOME=%s", pw->pw_dir);
+ env[n] = p;
+ } else if (strncmp(environ[n], "SHELL=", 6) == 0) {
+ char *p = xmalloc(7 + strlen(pw->pw_shell));
+ sprintf(p, "SHELL=%s", pw->pw_shell);
+ env[n] = p;
+ } else
+ env[n] = environ[n];
+ }
+ env[n] = 0;
+ }
+
+ /* --- Finally, sort the argument list --- */
+
+ {
+ char *p, *q;
+ int i;
+
+ av = xmalloc((argc + 1) * sizeof(char *));
+ p = pw->pw_shell;
+ for (q = p; *q; q++) {
+ if (*q == '/')
+ p = q + 1;
+ }
+ if (argv[0][0] == '-') {
+ q = xmalloc(2 + strlen(p));
+ *q = '-';
+ strcpy(q + 1, p);
+ av[0] = q;
+ } else
+ av[0] = p;
+
+ for (i = 1; i <= argc; i++)
+ av[i] = argv[i];
+ }
+
+ /* --- Change directory (again) --- */
+
+ if (chdir(pw->pw_dir))
+ fprintf(stderr, "No directory, logging in with HOME=/\n");
+
+ /* --- Run the real shell --- */
+
+ execve(pw->pw_shell, av, env);
+ fprintf(stderr, "%s: couldn't exec `%s': %s",
+ quis, pw->pw_shell, strerror(errno));
+ return (EXIT_FAILURE);
+}
+
+/*----- That's all, folks -------------------------------------------------*/