changed compiler to cc, shortened rdo.c
This commit is contained in:
parent
4aab1431ed
commit
1f3611e4c1
2 changed files with 9 additions and 41 deletions
2
Makefile
2
Makefile
|
|
@ -3,7 +3,7 @@ CFLAGS_RELEASE = ${CFLAGS} -O2 -s -D_FORTIFY_SOURCE=2
|
|||
CFLAGS_DEBUG = ${CFLAGS} -O0 -g -fsanitize=undefined
|
||||
CFLAGS_STATIC = ${CFLAGS_RELEASE} -static-pie
|
||||
LIBS = -lcrypt
|
||||
CC = gcc
|
||||
CC = cc
|
||||
|
||||
all: rdo.c
|
||||
${CC} ${CFLAGS_RELEASE} rdo.c -o rdo ${LIBS}
|
||||
|
|
|
|||
48
rdo.c
48
rdo.c
|
|
@ -5,41 +5,31 @@
|
|||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
#include <errno.h>
|
||||
#ifdef __linux__
|
||||
#include <shadow.h>
|
||||
#endif
|
||||
|
||||
#include "readpassphrase.h"
|
||||
#include "sessions.h"
|
||||
|
||||
#define VERSION "1.4.3"
|
||||
|
||||
char* getpwhash(struct passwd* pw) {
|
||||
if (pw->pw_passwd[0] != 'x')
|
||||
return pw->pw_passwd;
|
||||
|
||||
#ifdef __linux__
|
||||
struct spwd* pw_entry = getspnam(pw->pw_name);
|
||||
|
||||
if (!pw_entry || !pw_entry->sp_pwdp)
|
||||
err(1, "Could not get shadow entry");
|
||||
return pw_entry->sp_pwdp;
|
||||
#endif
|
||||
|
||||
errx(1, "Could not get hashed password entry");
|
||||
}
|
||||
|
||||
void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
|
||||
char* line = NULL;
|
||||
size_t len = 0;
|
||||
size_t entry_len = strlen(entry);
|
||||
|
||||
fseek(fp, 0, SEEK_SET);
|
||||
|
||||
while (getline(&line, &len, fp) != -1) {
|
||||
if (strncmp(line, entry, entry_len) == 0 &&
|
||||
(line[entry_len] == '=')) {
|
||||
if (strncmp(line, entry, entry_len) == 0 && (line[entry_len] == '=')) {
|
||||
char* value = line + entry_len + 1;
|
||||
value[strcspn(value, "\n")] = 0;
|
||||
strncpy(result, value, len_result);
|
||||
|
|
@ -48,62 +38,45 @@ void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
|
|||
return;
|
||||
}
|
||||
}
|
||||
|
||||
free(line);
|
||||
errx(1, "Could not get '%s' entry in config", entry);
|
||||
}
|
||||
|
||||
void runprog(char** program_argv) {
|
||||
if (setuid(0) < 0)
|
||||
err(1, "Could not setuid");
|
||||
if (setgid(0) < 0)
|
||||
err(1, "Could not setgid");
|
||||
|
||||
putenv("HOME=/root");
|
||||
|
||||
// NOTE: this does not return when no error occurred.
|
||||
execvp(program_argv[0], program_argv);
|
||||
|
||||
err(1, "%s", program_argv[0]);
|
||||
}
|
||||
|
||||
int main(int argc, char** argv) {
|
||||
char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128];
|
||||
int sleep_us, tries, ts_ttl;
|
||||
|
||||
int read_pw_from_stdin = 0;
|
||||
if (argc > 1)
|
||||
read_pw_from_stdin = strcmp(argv[1], "-") == 0;
|
||||
|
||||
if (argc == 1 || (read_pw_from_stdin && argc == 2)) {
|
||||
printf("RootDO version: %s\n\n", VERSION);
|
||||
printf("Usage: %s [command]\n", argv[0]);
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (geteuid() != 0)
|
||||
errx(1, "The rdo binary needs to be installed as SUID.");
|
||||
|
||||
int ruid = getuid();
|
||||
if (ruid == 0)
|
||||
runprog(&argv[read_pw_from_stdin+1]);
|
||||
|
||||
FILE* fp = fopen("/etc/rdo.conf", "r");
|
||||
|
||||
if (!fp)
|
||||
err(1, "Could not open /etc/rdo.conf");
|
||||
|
||||
getconf(fp, "group", groupname, sizeof(groupname));
|
||||
getconf(fp, "wrong_pw_sleep", wrong_pw_sleep, sizeof(wrong_pw_sleep));
|
||||
getconf(fp, "session_ttl", session_ttl, sizeof(session_ttl));
|
||||
sleep_us = atoi(wrong_pw_sleep) * 1000;
|
||||
ts_ttl = atoi(session_ttl) * 60;
|
||||
|
||||
fclose(fp);
|
||||
|
||||
if (getsession(ts_ttl) == 0 && !read_pw_from_stdin)
|
||||
runprog(&argv[1]);
|
||||
|
||||
struct passwd* pw = getpwuid(ruid);
|
||||
if (!pw) {
|
||||
if (errno == 0)
|
||||
|
|
@ -111,46 +84,40 @@ int main(int argc, char** argv) {
|
|||
else
|
||||
err(1, "Could not get user info");
|
||||
}
|
||||
|
||||
struct group* current_group_entry = getgrent();
|
||||
while (current_group_entry) {
|
||||
if (strcmp(current_group_entry->gr_name, groupname) == 0)
|
||||
break;
|
||||
current_group_entry = getgrent();
|
||||
}
|
||||
|
||||
if (!current_group_entry)
|
||||
errx(1, "The group '%s' does not exist.", groupname);
|
||||
|
||||
char* current_member = current_group_entry->gr_mem[0];
|
||||
for (int i = 1; current_member; i++) {
|
||||
if (strcmp(current_member, pw->pw_name) == 0)
|
||||
break;
|
||||
current_member = current_group_entry->gr_mem[i];
|
||||
}
|
||||
|
||||
if (!current_member)
|
||||
errx(1, "You are not allowed to execute rdo.");
|
||||
|
||||
char* user_hashed_pw = getpwhash(pw);
|
||||
|
||||
tries = 0;
|
||||
while (tries < 3) {
|
||||
if (!readpassphrase("(rdo) Password: ", password, sizeof(password), read_pw_from_stdin))
|
||||
char hostname[64];
|
||||
gethostname(hostname, sizeof(hostname));
|
||||
char prompt[256];
|
||||
snprintf(prompt, sizeof(prompt), "[rdo: (%s@%s) Password]: ", pw->pw_name, hostname);
|
||||
if (!readpassphrase(prompt, password, sizeof(password), read_pw_from_stdin))
|
||||
err(1, "Could not get passphrase");
|
||||
|
||||
char* given_hashed_pw = crypt(password, user_hashed_pw);
|
||||
memset(password, 0, sizeof(password));
|
||||
|
||||
if (!given_hashed_pw)
|
||||
errx(1, "Could not hash password, does your user have a password?");
|
||||
|
||||
if (strcmp(given_hashed_pw, user_hashed_pw) == 0) {
|
||||
if (!read_pw_from_stdin)
|
||||
setsession(ts_ttl);
|
||||
runprog(&argv[read_pw_from_stdin+1]);
|
||||
}
|
||||
|
||||
usleep(sleep_us);
|
||||
fprintf(stderr, "Wrong password.\n");
|
||||
tries++;
|
||||
|
|
@ -158,3 +125,4 @@ int main(int argc, char** argv) {
|
|||
errx(1, "Too many wrong password attempts.");
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue