rdo/rdo.c

#include <pwd.h>
#include <shadow.h>
#include <crypt.h>
#include <unistd.h>
#include <stdio.h>
#include <string.h>
#include <bsd/readpassphrase.h>

void runprog(int argc, char** argv) {
	for(int i=0; i<argc; i++)
		argv[i] = argv[i + 1];
	setuid(0);
	setgid(0);
	if (execvp(argv[0], argv) != 0) perror(argv[0]);
}

int main(int argc, char** argv) {
	if (argc < 2) {
		fprintf(stderr, "Please specify a program to run.\n");
		return -1;
	}

	FILE* fp = fopen("/etc/rdo/username", "r");
	
	if (fp == NULL) {
		fprintf(stderr, "The file /etc/rdo/username could not be read.\n");
		return -2;
	}

	int ruid = getuid();
	if (ruid == 0) {
		fclose(fp);
		runprog(argc, argv);
		return 0;
    }

	char username[64];
	fgets(username, 64, fp);
	fclose(fp);
	username[strcspn(username, "\n")] = 0;

	struct passwd* p = getpwnam(username);
	if (!p) {
		fprintf(stderr, "The user in the username file does not exist.\n");
		return -3;
	}

	int uid = p->pw_uid;
	if (uid != ruid && ruid != 0) {
		fprintf(stderr, "You are not in the username file.\n");
		return -4;
	}

	struct spwd* shadowEntry = getspnam(username);

	if (!shadowEntry) {
		fprintf(stderr, "Could not get shadow entry, suid bit not set or username invalid?\n");
		return -5;
	}

	int tries = 0;
	char password[128];
	while (tries < 3) {
		if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY)) {
			fprintf(stderr, "Could not get passphrase, not in a TTY?\n");
			return -7;
		}

		if (strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp)) == 0) {
			runprog(argc, argv);
            return 0;
		}
		fprintf(stderr, "Wrong password.\n");
		tries++;
	}
    return -6;
}