soccera/rdo
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

changed compiler to cc, shortened rdo.c

Browse source
This commit is contained in:
coast 2025-08-13 02:04:32 +03:30
parent 4aab1431ed
commit 1f3611e4c1
2 changed files with 9 additions and 41 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -3,7 +3,7 @@ CFLAGS_RELEASE = ${CFLAGS} -O2 -s -D_FORTIFY_SOURCE=2
CFLAGS_DEBUG = ${CFLAGS} -O0 -g -fsanitize=undefined CFLAGS_DEBUG = ${CFLAGS} -O0 -g -fsanitize=undefined
CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie
LIBS = -lcrypt LIBS = -lcrypt
CC = gcc CC = cc
all: rdo.c all: rdo.c
${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS} ${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS}

48
rdo.c
View file

@ -5,41 +5,31 @@
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <errno.h>
#ifdef __linux__ #ifdef __linux__
#include <shadow.h> #include <shadow.h>
#endif #endif
#include "readpassphrase.h" #include "readpassphrase.h"
#include "sessions.h" #include "sessions.h"
#define VERSION "1.4.3" #define VERSION "1.4.3"
char* getpwhash(struct passwd* pw) { char* getpwhash(struct passwd* pw) {
if (pw->pw_passwd[0] != 'x') if (pw->pw_passwd[0] != 'x')
return pw->pw_passwd; return pw->pw_passwd;
#ifdef __linux__ #ifdef __linux__
struct spwd* pw_entry = getspnam(pw->pw_name); struct spwd* pw_entry = getspnam(pw->pw_name);
if (!pw_entry || !pw_entry->sp_pwdp) if (!pw_entry || !pw_entry->sp_pwdp)
err(1, "Could not get shadow entry"); err(1, "Could not get shadow entry");
return pw_entry->sp_pwdp; return pw_entry->sp_pwdp;
#endif #endif
errx(1, "Could not get hashed password entry"); errx(1, "Could not get hashed password entry");
} }
void getconf(FILE* fp, const char* entry, char* result, size_t len_result) { void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
char* line = NULL; char* line = NULL;
size_t len = 0; size_t len = 0;
size_t entry_len = strlen(entry); size_t entry_len = strlen(entry);
fseek(fp, 0, SEEK_SET); fseek(fp, 0, SEEK_SET);
while (getline(&line, &len, fp) != -1) { while (getline(&line, &len, fp) != -1) {
if (strncmp(line, entry, entry_len) == 0 && if (strncmp(line, entry, entry_len) == 0 && (line[entry_len] == '=')) {
(line[entry_len] == '=')) {
char* value = line + entry_len + 1; char* value = line + entry_len + 1;
value[strcspn(value, "\n")] = 0; value[strcspn(value, "\n")] = 0;
strncpy(result, value, len_result); strncpy(result, value, len_result);
@ -48,62 +38,45 @@ void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
return; return;
} }
} }
free(line); free(line);
errx(1, "Could not get '%s' entry in config", entry); errx(1, "Could not get '%s' entry in config", entry);
} }
void runprog(char** program_argv) { void runprog(char** program_argv) {
if (setuid(0) < 0) if (setuid(0) < 0)
err(1, "Could not setuid"); err(1, "Could not setuid");
if (setgid(0) < 0) if (setgid(0) < 0)
err(1, "Could not setgid"); err(1, "Could not setgid");
putenv("HOME=/root"); putenv("HOME=/root");
// NOTE: this does not return when no error occurred.
execvp(program_argv[0], program_argv); execvp(program_argv[0], program_argv);
err(1, "%s", program_argv[0]); err(1, "%s", program_argv[0]);
} }
int main(int argc, char** argv) { int main(int argc, char** argv) {
char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128]; char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128];
int sleep_us, tries, ts_ttl; int sleep_us, tries, ts_ttl;
int read_pw_from_stdin = 0; int read_pw_from_stdin = 0;
if (argc > 1) if (argc > 1)
read_pw_from_stdin = strcmp(argv[1], "-") == 0; read_pw_from_stdin = strcmp(argv[1], "-") == 0;
if (argc == 1 || (read_pw_from_stdin && argc == 2)) { if (argc == 1 || (read_pw_from_stdin && argc == 2)) {
printf("RootDO version: %s\n\n", VERSION); printf("RootDO version: %s\n\n", VERSION);
printf("Usage: %s [command]\n", argv[0]); printf("Usage: %s [command]\n", argv[0]);
return 0; return 0;
} }
if (geteuid() != 0) if (geteuid() != 0)
errx(1, "The rdo binary needs to be installed as SUID."); errx(1, "The rdo binary needs to be installed as SUID.");
int ruid = getuid(); int ruid = getuid();
if (ruid == 0) if (ruid == 0)
runprog(&argv[read_pw_from_stdin+1]); runprog(&argv[read_pw_from_stdin+1]);
FILE* fp = fopen("/etc/rdo.conf", "r"); FILE* fp = fopen("/etc/rdo.conf", "r");
if (!fp) if (!fp)
err(1, "Could not open /etc/rdo.conf"); err(1, "Could not open /etc/rdo.conf");
getconf(fp, "group", groupname, sizeof(groupname)); getconf(fp, "group", groupname, sizeof(groupname));
getconf(fp, "wrong_pw_sleep", wrong_pw_sleep, sizeof(wrong_pw_sleep)); getconf(fp, "wrong_pw_sleep", wrong_pw_sleep, sizeof(wrong_pw_sleep));
getconf(fp, "session_ttl", session_ttl, sizeof(session_ttl)); getconf(fp, "session_ttl", session_ttl, sizeof(session_ttl));
sleep_us = atoi(wrong_pw_sleep) * 1000; sleep_us = atoi(wrong_pw_sleep) * 1000;
ts_ttl = atoi(session_ttl) * 60; ts_ttl = atoi(session_ttl) * 60;
fclose(fp); fclose(fp);
if (getsession(ts_ttl) == 0 && !read_pw_from_stdin) if (getsession(ts_ttl) == 0 && !read_pw_from_stdin)
runprog(&argv[1]); runprog(&argv[1]);
struct passwd* pw = getpwuid(ruid); struct passwd* pw = getpwuid(ruid);
if (!pw) { if (!pw) {
if (errno == 0) if (errno == 0)
@ -111,46 +84,40 @@ int main(int argc, char** argv) {
else else
err(1, "Could not get user info"); err(1, "Could not get user info");
} }
struct group* current_group_entry = getgrent(); struct group* current_group_entry = getgrent();
while (current_group_entry) { while (current_group_entry) {
if (strcmp(current_group_entry->gr_name, groupname) == 0) if (strcmp(current_group_entry->gr_name, groupname) == 0)
break; break;
current_group_entry = getgrent(); current_group_entry = getgrent();
} }
if (!current_group_entry) if (!current_group_entry)
errx(1, "The group '%s' does not exist.", groupname); errx(1, "The group '%s' does not exist.", groupname);
char* current_member = current_group_entry->gr_mem[0]; char* current_member = current_group_entry->gr_mem[0];
for (int i = 1; current_member; i++) { for (int i = 1; current_member; i++) {
if (strcmp(current_member, pw->pw_name) == 0) if (strcmp(current_member, pw->pw_name) == 0)
break; break;
current_member = current_group_entry->gr_mem[i]; current_member = current_group_entry->gr_mem[i];
} }
if (!current_member) if (!current_member)
errx(1, "You are not allowed to execute rdo."); errx(1, "You are not allowed to execute rdo.");
char* user_hashed_pw = getpwhash(pw); char* user_hashed_pw = getpwhash(pw);
tries = 0; tries = 0;
while (tries < 3) { while (tries < 3) {
if (!readpassphrase("(rdo) Password: ", password, sizeof(password), read_pw_from_stdin)) char hostname[64];
gethostname(hostname, sizeof(hostname));
char prompt[256];
snprintf(prompt, sizeof(prompt), "[rdo: (%s@%s) Password]: ", pw->pw_name, hostname);
if (!readpassphrase(prompt, password, sizeof(password), read_pw_from_stdin))
err(1, "Could not get passphrase"); err(1, "Could not get passphrase");
char* given_hashed_pw = crypt(password, user_hashed_pw); char* given_hashed_pw = crypt(password, user_hashed_pw);
memset(password, 0, sizeof(password)); memset(password, 0, sizeof(password));
if (!given_hashed_pw) if (!given_hashed_pw)
errx(1, "Could not hash password, does your user have a password?"); errx(1, "Could not hash password, does your user have a password?");
if (strcmp(given_hashed_pw, user_hashed_pw) == 0) { if (strcmp(given_hashed_pw, user_hashed_pw) == 0) {
if (!read_pw_from_stdin) if (!read_pw_from_stdin)
setsession(ts_ttl); setsession(ts_ttl);
runprog(&argv[read_pw_from_stdin+1]); runprog(&argv[read_pw_from_stdin+1]);
} }
usleep(sleep_us); usleep(sleep_us);
fprintf(stderr, "Wrong password.\n"); fprintf(stderr, "Wrong password.\n");
tries++; tries++;
@ -158,3 +125,4 @@ int main(int argc, char** argv) {
errx(1, "Too many wrong password attempts."); errx(1, "Too many wrong password attempts.");
return 1; return 1;
} }