rdo/rdo.c

#include <pwd.h>
#include <err.h>
#include <shadow.h>
#include <crypt.h>
#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <bsd/readpassphrase.h>

void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
	char* line = NULL;
	size_t len = 0;

	fseek(fp, 0, SEEK_SET);

	while (getline(&line, &len, fp) != -1) {
		if (strncmp(entry, line, strlen(entry)) == 0) {
			strtok(line, "=");
			char* token = strtok(NULL, "=");
			if (token) {
				strncpy(result, token, len_result);
				result[strcspn(result, "\n")] = 0;
				return;
			}
		}
	}

	errx(1, "Could not get '%s' entry in config", entry);
}

void runprog(int argc, char** argv) {
	for(int i=0; i<argc; i++)
		argv[i] = argv[i + 1];

	if (setuid(0) == -1)
		err(1, "Could not setuid");
	if (setgid(0) == -1)
		err(1, "Could not setgid");

	if (execvp(argv[0], argv) != 0)
		perror(argv[0]);
}

int main(int argc, char** argv) {
	char username[64];
	char wrong_pw_sleep[64];
	unsigned int sleep_ms;

	if (argc < 2)
		errx(1, "Please specify a program to run");

	FILE* fp = fopen("/etc/rdo.conf", "r");

	if (!fp)
		err(1, "Could not open /etc/rdo.conf");

	int ruid = getuid();
	if (ruid == 0) {
		fclose(fp);
		runprog(argc, argv);
		return 0;
	}

	getconf(fp, "username", username, sizeof(username));
	getconf(fp, "wrong_pw_sleep", wrong_pw_sleep, sizeof(wrong_pw_sleep));
	sleep_ms = atoi(wrong_pw_sleep) * 1000;

	struct passwd* p = getpwnam(username);
	if (!p)
		err(1, "Could not get user info");

	int uid = p->pw_uid;
	if (uid != ruid && ruid != 0)
		errx(1, "You are not in the username file");

	struct spwd* shadowEntry = getspnam(username);

	if (!shadowEntry)
		err(1, "Could not get shadow entry");

	int tries = 0;
	char password[128];
	while (tries < 3) {
		if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY))
			err(1, "Could not get passphrase");

		if (strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp)) == 0) {
			runprog(argc, argv);
			return 0;
		}

		usleep(sleep_ms);
		fprintf(stderr, "Wrong password.\n");
		tries++;
	}
	errx(1, "Too many wrong password attempts.");
	return 1;
}
First Commit 2021-07-13 21:33:12 +02:00			`#include <pwd.h>`
Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`#include <err.h>`
First Commit 2021-07-13 21:33:12 +02:00			`#include <shadow.h>`
			`#include <crypt.h>`
			`#include <unistd.h>`
			`#include <stdio.h>`
Add sleep between wrong password attempts This is required for #1 2021-07-13 23:42:11 +02:00			`#include <stdlib.h>`
First Commit 2021-07-13 21:33:12 +02:00			`#include <string.h>`
Get passphrase from TTY This is required for #1. 2021-07-13 22:23:27 +02:00			`#include <bsd/readpassphrase.h>`
First Commit 2021-07-13 21:33:12 +02:00
Add error message for faulty config 2021-07-13 23:31:23 +02:00			`void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {`
Add config for rdo This is needed for #1. 2021-07-13 23:21:34 +02:00			`char* line = NULL;`
			`size_t len = 0;`

			`fseek(fp, 0, SEEK_SET);`

			`while (getline(&line, &len, fp) != -1) {`
			`if (strncmp(entry, line, strlen(entry)) == 0) {`
			`strtok(line, "=");`
			`char* token = strtok(NULL, "=");`
			`if (token) {`
			`strncpy(result, token, len_result);`
			`result[strcspn(result, "\n")] = 0;`
Add error message for faulty config 2021-07-13 23:31:23 +02:00			`return;`
Add config for rdo This is needed for #1. 2021-07-13 23:21:34 +02:00			`}`
			`}`
			`}`

Add error message for faulty config 2021-07-13 23:31:23 +02:00			`errx(1, "Could not get '%s' entry in config", entry);`
Add config for rdo This is needed for #1. 2021-07-13 23:21:34 +02:00			`}`

First Commit 2021-07-13 21:33:12 +02:00			`void runprog(int argc, char** argv) {`
Fix various formatting mistakes in rdo.c 2021-07-13 22:14:46 +02:00			`for(int i=0; i<argc; i++)`
			`argv[i] = argv[i + 1];`
Fix formatting in rdo.c 2021-07-13 22:46:57 +02:00
Check return values of setuid() and setgid() 2021-07-14 06:12:50 +02:00			`if (setuid(0) == -1)`
			`err(1, "Could not setuid");`
			`if (setgid(0) == -1)`
			`err(1, "Could not setgid");`
Add config for rdo This is needed for #1. 2021-07-13 23:21:34 +02:00
Removed extra whitespace 2021-07-15 12:46:27 +02:00			`if (execvp(argv[0], argv) != 0)`
Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`perror(argv[0]);`
First Commit 2021-07-13 21:33:12 +02:00			`}`

			`int main(int argc, char** argv) {`
Add sleep between wrong password attempts This is required for #1 2021-07-13 23:42:11 +02:00			`char username[64];`
			`char wrong_pw_sleep[64];`
			`unsigned int sleep_ms;`

Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`if (argc < 2)`
			`errx(1, "Please specify a program to run");`
First Commit 2021-07-13 21:33:12 +02:00
Add config for rdo This is needed for #1. 2021-07-13 23:21:34 +02:00			`FILE* fp = fopen("/etc/rdo.conf", "r");`
Removed extra whitespace 2021-07-15 12:46:27 +02:00
Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`if (!fp)`
Add config for rdo This is needed for #1. 2021-07-13 23:21:34 +02:00			`err(1, "Could not open /etc/rdo.conf");`
First Commit 2021-07-13 21:33:12 +02:00
			`int ruid = getuid();`
			`if (ruid == 0) {`
			`fclose(fp);`
Fix various formatting mistakes in rdo.c 2021-07-13 22:14:46 +02:00			`runprog(argc, argv);`
			`return 0;`
Fix formatting in rdo.c 2021-07-13 22:46:57 +02:00			`}`
Removed extra whitespace 2021-07-15 12:46:27 +02:00
Add config for rdo This is needed for #1. 2021-07-13 23:21:34 +02:00			`getconf(fp, "username", username, sizeof(username));`
Add sleep between wrong password attempts This is required for #1 2021-07-13 23:42:11 +02:00			`getconf(fp, "wrong_pw_sleep", wrong_pw_sleep, sizeof(wrong_pw_sleep));`
			`sleep_ms = atoi(wrong_pw_sleep) * 1000;`
First Commit 2021-07-13 21:33:12 +02:00
			`struct passwd* p = getpwnam(username);`
Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`if (!p)`
			`err(1, "Could not get user info");`
First Commit 2021-07-13 21:33:12 +02:00
			`int uid = p->pw_uid;`
Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`if (uid != ruid && ruid != 0)`
			`errx(1, "You are not in the username file");`
First Commit 2021-07-13 21:33:12 +02:00
			`struct spwd* shadowEntry = getspnam(username);`

Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`if (!shadowEntry)`
			`err(1, "Could not get shadow entry");`
First Commit 2021-07-13 21:33:12 +02:00
			`int tries = 0;`
			`char password[128];`
			`while (tries < 3) {`
Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`if (!readpassphrase("(rdo) Password: ", password, sizeof(password), RPP_REQUIRE_TTY))`
			`err(1, "Could not get passphrase");`
Get passphrase from TTY This is required for #1. 2021-07-13 22:23:27 +02:00
First Commit 2021-07-13 21:33:12 +02:00			`if (strcmp(shadowEntry->sp_pwdp, crypt(password, shadowEntry->sp_pwdp)) == 0) {`
Fix various formatting mistakes in rdo.c 2021-07-13 22:14:46 +02:00			`runprog(argc, argv);`
Fix formatting in rdo.c 2021-07-13 22:46:57 +02:00			`return 0;`
First Commit 2021-07-13 21:33:12 +02:00			`}`
Removed extra whitespace 2021-07-15 12:46:27 +02:00
Add sleep between wrong password attempts This is required for #1 2021-07-13 23:42:11 +02:00			`usleep(sleep_ms);`
First Commit 2021-07-13 21:33:12 +02:00			`fprintf(stderr, "Wrong password.\n");`
Fix various formatting mistakes in rdo.c 2021-07-13 22:14:46 +02:00			`tries++;`
First Commit 2021-07-13 21:33:12 +02:00			`}`
Improve error messages This commit makes rdo make use of the err.h header for more pleasant and convenient error logging. 2021-07-13 22:39:28 +02:00			`errx(1, "Too many wrong password attempts.");`
			`return 1;`
First Commit 2021-07-13 21:33:12 +02:00			`}`