soccera/rdo
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Convert indentation for all files to spaces

Browse source 
To unify things.
This commit is contained in:
sw1tchbl4d3 2022-12-17 00:37:56 +01:00
parent 3dcb269236
commit 2f0bdc7712
2 changed files with 187 additions and 187 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

194
rdo.c
View file

@ -14,132 +14,132 @@
#define VERSION "1.4.2" #define VERSION "1.4.2"
void getconf(FILE* fp, const char* entry, char* result, size_t len_result) { void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
char* line = NULL; char* line = NULL;
size_t len = 0; size_t len = 0;
fseek(fp, 0, SEEK_SET); fseek(fp, 0, SEEK_SET);
while (getline(&line, &len, fp) != -1) { while (getline(&line, &len, fp) != -1) {
if (strncmp(entry, line, strlen(entry)) == 0) { if (strncmp(entry, line, strlen(entry)) == 0) {
strtok(line, "="); strtok(line, "=");
char* token = strtok(NULL, "="); char* token = strtok(NULL, "=");
if (token) { if (token) {
strncpy(result, token, len_result); strncpy(result, token, len_result);
result[strcspn(result, "\n")] = 0; result[strcspn(result, "\n")] = 0;
free(line); free(line);
return; return;
} }
} }
} }
errx(1, "Could not get '%s' entry in config", entry); errx(1, "Could not get '%s' entry in config", entry);
} }
void runprog(char** program_argv) { void runprog(char** program_argv) {
if (setuid(0) < 0) if (setuid(0) < 0)
err(1, "Could not setuid"); err(1, "Could not setuid");
if (setgid(0) < 0) if (setgid(0) < 0)
err(1, "Could not setgid"); err(1, "Could not setgid");
putenv("HOME=/root"); putenv("HOME=/root");
// NOTE: this does not return when no error occurred. // NOTE: this does not return when no error occurred.
execvp(program_argv[0], program_argv); execvp(program_argv[0], program_argv);
err(1, "%s", program_argv[0]); err(1, "%s", program_argv[0]);
} }
int main(int argc, char** argv) { int main(int argc, char** argv) {
char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128]; char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128];
unsigned int sleep_us, tries, ts_ttl; unsigned int sleep_us, tries, ts_ttl;
int read_pw_from_stdin = 0; int read_pw_from_stdin = 0;
if (argc > 1) if (argc > 1)
read_pw_from_stdin = strcmp(argv[1], "-") == 0; read_pw_from_stdin = strcmp(argv[1], "-") == 0;
if (argc == 1 || (read_pw_from_stdin && argc == 2)) { if (argc == 1 || (read_pw_from_stdin && argc == 2)) {
printf("RootDO version: %s\n\n", VERSION); printf("RootDO version: %s\n\n", VERSION);
printf("Usage: %s [command]\n", argv[0]); printf("Usage: %s [command]\n", argv[0]);
return 0; return 0;
} }
if (geteuid() != 0) if (geteuid() != 0)
errx(1, "The rdo binary needs to be installed as SUID."); errx(1, "The rdo binary needs to be installed as SUID.");
int ruid = getuid(); int ruid = getuid();
if (ruid == 0) if (ruid == 0)
runprog(&argv[read_pw_from_stdin+1]); runprog(&argv[read_pw_from_stdin+1]);
FILE* fp = fopen("/etc/rdo.conf", "r"); FILE* fp = fopen("/etc/rdo.conf", "r");
if (!fp) if (!fp)
err(1, "Could not open /etc/rdo.conf"); err(1, "Could not open /etc/rdo.conf");
getconf(fp, "group", groupname, sizeof(groupname)); getconf(fp, "group", groupname, sizeof(groupname));
getconf(fp, "wrong_pw_sleep", wrong_pw_sleep, sizeof(wrong_pw_sleep)); getconf(fp, "wrong_pw_sleep", wrong_pw_sleep, sizeof(wrong_pw_sleep));
getconf(fp, "session_ttl", session_ttl, sizeof(session_ttl)); getconf(fp, "session_ttl", session_ttl, sizeof(session_ttl));
sleep_us = atoi(wrong_pw_sleep) * 1000; sleep_us = atoi(wrong_pw_sleep) * 1000;
ts_ttl = atoi(session_ttl) * 60; ts_ttl = atoi(session_ttl) * 60;
fclose(fp); fclose(fp);
if (getsession(getppid(), ts_ttl, ruid) == 0 && !read_pw_from_stdin) if (getsession(getppid(), ts_ttl, ruid) == 0 && !read_pw_from_stdin)
runprog(&argv[1]); runprog(&argv[1]);
struct passwd* pw = getpwuid(ruid); struct passwd* pw = getpwuid(ruid);
if (!pw) { if (!pw) {
if (errno == 0) if (errno == 0)
errx(1, "No user with UID %d", ruid); errx(1, "No user with UID %d", ruid);
else else
err(1, "Could not get user info"); err(1, "Could not get user info");
} }
struct group* current_group_entry = getgrent(); struct group* current_group_entry = getgrent();
while (current_group_entry) { while (current_group_entry) {
if (strcmp(current_group_entry->gr_name, groupname) == 0) if (strcmp(current_group_entry->gr_name, groupname) == 0)
break; break;
current_group_entry = getgrent(); current_group_entry = getgrent();
} }
if (!current_group_entry) if (!current_group_entry)
errx(1, "The group '%s' does not exist.", groupname); errx(1, "The group '%s' does not exist.", groupname);
char* current_member = current_group_entry->gr_mem[0];
for (int i = 1; current_member; i++) {
if (strcmp(current_member, pw->pw_name) == 0)
break;
current_member = current_group_entry->gr_mem[i];
}
if (!current_member) char* current_member = current_group_entry->gr_mem[0];
errx(1, "You are not allowed to execute rdo."); for (int i = 1; current_member; i++) {
if (strcmp(current_member, pw->pw_name) == 0)
break;
current_member = current_group_entry->gr_mem[i];
}
struct spwd* shadowEntry = getspnam(pw->pw_name); if (!current_member)
errx(1, "You are not allowed to execute rdo.");
if (!shadowEntry || !shadowEntry->sp_pwdp) struct spwd* shadowEntry = getspnam(pw->pw_name);
err(1, "Could not get shadow entry");
tries = 0; if (!shadowEntry || !shadowEntry->sp_pwdp)
while (tries < 3) { err(1, "Could not get shadow entry");
if (!readpassphrase("(rdo) Password: ", password, sizeof(password), read_pw_from_stdin))
err(1, "Could not get passphrase");
char* hashed_pw = crypt(password, shadowEntry->sp_pwdp); tries = 0;
memset(password, 0, sizeof(password)); while (tries < 3) {
if (!readpassphrase("(rdo) Password: ", password, sizeof(password), read_pw_from_stdin))
if (!hashed_pw) err(1, "Could not get passphrase");
errx(1, "Could not hash password, does your user have a password?");
if (strcmp(shadowEntry->sp_pwdp, hashed_pw) == 0) { char* hashed_pw = crypt(password, shadowEntry->sp_pwdp);
if (!read_pw_from_stdin) memset(password, 0, sizeof(password));
setsession(getppid(), ts_ttl, ruid);
runprog(&argv[read_pw_from_stdin+1]);
}
usleep(sleep_us); if (!hashed_pw)
fprintf(stderr, "Wrong password.\n"); errx(1, "Could not hash password, does your user have a password?");
tries++;
} if (strcmp(shadowEntry->sp_pwdp, hashed_pw) == 0) {
errx(1, "Too many wrong password attempts."); if (!read_pw_from_stdin)
return 1; setsession(getppid(), ts_ttl, ruid);
runprog(&argv[read_pw_from_stdin+1]);
}
usleep(sleep_us);
fprintf(stderr, "Wrong password.\n");
tries++;
}
errx(1, "Too many wrong password attempts.");
return 1;
} }

180
sessions.h
View file

@ -8,140 +8,140 @@
#include <time.h> #include <time.h>
int getpstartts(int pid, unsigned long long* startts) { int getpstartts(int pid, unsigned long long* startts) {
char path[255], fc[1024]; char path[255], fc[1024];
char* ptr = fc; char* ptr = fc;
snprintf(path, sizeof(path), "/proc/%d/stat", pid); snprintf(path, sizeof(path), "/proc/%d/stat", pid);
int fd = open(path, O_RDONLY); int fd = open(path, O_RDONLY);
if (fd < 0) if (fd < 0)
err(1, "Could not open %s", path); err(1, "Could not open %s", path);
int bytes_read = read(fd, fc, sizeof(fc)); int bytes_read = read(fd, fc, sizeof(fc));
close(fd); close(fd);
if (bytes_read < 0) if (bytes_read < 0)
err(1, "Could not read %s", path); err(1, "Could not read %s", path);
fc[bytes_read] = '\0'; fc[bytes_read] = '\0';
if (memchr(ptr, '\0', bytes_read) != NULL) if (memchr(ptr, '\0', bytes_read) != NULL)
return -1; return -1;
ptr = strrchr(fc, ')'); ptr = strrchr(fc, ')');
char* token = strtok(ptr, " "); char* token = strtok(ptr, " ");
for (int i = 0; i<20 && token; i++) for (int i = 0; i<20 && token; i++)
token = strtok(NULL, " "); token = strtok(NULL, " ");
if (!token) if (!token)
return -1; return -1;
unsigned long long temp_ts = strtoull(token, NULL, 10); unsigned long long temp_ts = strtoull(token, NULL, 10);
if (temp_ts == 0 || temp_ts == ULLONG_MAX) if (temp_ts == 0 || temp_ts == ULLONG_MAX)
return -1; return -1;
*startts = temp_ts; *startts = temp_ts;
return 0; return 0;
} }
int ensuredir() { int ensuredir() {
struct stat st; struct stat st;
int fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW); int fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
if (fd < 0) { if (fd < 0) {
if (errno == ENOENT) { if (errno == ENOENT) {
if (mkdir("/run/rdo", 0700) < 0) if (mkdir("/run/rdo", 0700) < 0)
err(1, "Could not create /run/rdo"); err(1, "Could not create /run/rdo");
fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW); fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
if (fd < 0) if (fd < 0)
err(1, "Could not open /run/rdo"); err(1, "Could not open /run/rdo");
} }
else else
err(1, "Could not open /run/rdo"); err(1, "Could not open /run/rdo");
} }
if (fstat(fd, &st) < 0) { if (fstat(fd, &st) < 0) {
close(fd); close(fd);
err(1, "Could not fstat /run/rdo"); err(1, "Could not fstat /run/rdo");
} }
close(fd); close(fd);
if (st.st_uid != 0 || st.st_mode != (0700 | S_IFDIR)) if (st.st_uid != 0 || st.st_mode != (0700 | S_IFDIR))
return -1; return -1;
return 0; return 0;
} }
void setsession(int pid, unsigned int ts_ttl, int ruid) { void setsession(int pid, unsigned int ts_ttl, int ruid) {
unsigned long long startts; unsigned long long startts;
char path[1024], ts_str[32]; char path[1024], ts_str[32];
if (ts_ttl == 0) if (ts_ttl == 0)
return; return;
if (ensuredir() < 0 || getpstartts(pid, &startts) < 0) if (ensuredir() < 0 || getpstartts(pid, &startts) < 0)
return; return;
snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts); snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts);
int fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0700); int fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0700);
if (fd < 0) { if (fd < 0) {
if (errno == EEXIST) if (errno == EEXIST)
return; return;
err(1, "Could not open %s", path); err(1, "Could not open %s", path);
} }
snprintf(ts_str, sizeof(ts_str), "%llu", (unsigned long long)time(NULL)); snprintf(ts_str, sizeof(ts_str), "%llu", (unsigned long long)time(NULL));
if (write(fd, ts_str, strlen(ts_str)) < 0) { if (write(fd, ts_str, strlen(ts_str)) < 0) {
close(fd); close(fd);
err(1, "Could not write to %s", path); err(1, "Could not write to %s", path);
} }
close(fd); close(fd);
return; return;
} }
int getsession(int pid, unsigned int ts_ttl, int ruid) { int getsession(int pid, unsigned int ts_ttl, int ruid) {
unsigned long long startts, current; unsigned long long startts, current;
char path[1024], ts_str[32]; char path[1024], ts_str[32];
if (ts_ttl == 0) if (ts_ttl == 0)
return -1; return -1;
if (ensuredir() < 0 || getpstartts(pid, &startts) < 0) if (ensuredir() < 0 || getpstartts(pid, &startts) < 0)
return -1; return -1;
snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts); snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts);
int fd = open(path, O_RDONLY); int fd = open(path, O_RDONLY);
if (fd < 0) { if (fd < 0) {
if (errno == ENOENT) if (errno == ENOENT)
return -1; return -1;
err(1, "Could not open %s", path); err(1, "Could not open %s", path);
} }
int bytes_read = read(fd, ts_str, sizeof(ts_str)); int bytes_read = read(fd, ts_str, sizeof(ts_str));
close(fd); close(fd);
if (bytes_read < 0) if (bytes_read < 0)
err(1, "Could not read %s", path); err(1, "Could not read %s", path);
ts_str[bytes_read] = '\0'; ts_str[bytes_read] = '\0';
startts = strtoull(ts_str, NULL, 10); startts = strtoull(ts_str, NULL, 10);
current = time(NULL); current = time(NULL);
if (current - startts > ts_ttl) { if (current - startts > ts_ttl) {
unlink(path); unlink(path);
return -1; return -1;
} }
return 0; return 0;
} }