Compare commits
10 commits
c3f0b728ba
...
4aab1431ed
| Author | SHA1 | Date | |
|---|---|---|---|
|
4aab1431ed | ||
|
81a2ea4414 | ||
|
|
4309fe26d9 | ||
|
|
ca8a3ee603 | ||
|
|
44d44e86d1 | ||
|
|
6a34dbb90a | ||
|
|
bd8380d809 | ||
|
|
c9d468df67 | ||
|
|
5f395137e3 | ||
|
|
c17cc8a416 |
3 changed files with 72 additions and 38 deletions
10
Makefile
10
Makefile
|
|
@ -15,15 +15,15 @@ debug: rdo.c
|
||||||
${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS}
|
${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS}
|
||||||
|
|
||||||
install: rdo
|
install: rdo
|
||||||
cp rdo ${DESTDIR}/usr/bin/rdo
|
cp rdo ${DESTDIR}/usr/local/bin/rdo
|
||||||
chown root:root ${DESTDIR}/usr/bin/rdo
|
chown 0:0 ${DESTDIR}/usr/local/bin/rdo
|
||||||
chmod 755 ${DESTDIR}/usr/bin/rdo
|
chmod 755 ${DESTDIR}/usr/local/bin/rdo
|
||||||
chmod u+s ${DESTDIR}/usr/bin/rdo
|
chmod u+s ${DESTDIR}/usr/local/bin/rdo
|
||||||
cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf
|
cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf
|
||||||
chmod 600 ${DESTDIR}/etc/rdo.conf
|
chmod 600 ${DESTDIR}/etc/rdo.conf
|
||||||
|
|
||||||
uninstall:
|
uninstall:
|
||||||
rm /usr/bin/rdo
|
rm /usr/local/bin/rdo
|
||||||
rm /etc/rdo.conf
|
rm /etc/rdo.conf
|
||||||
|
|
||||||
clean:
|
clean:
|
||||||
|
|
|
||||||
28
rdo.c
28
rdo.c
|
|
@ -1,7 +1,6 @@
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
#include <grp.h>
|
#include <grp.h>
|
||||||
#include <err.h>
|
#include <err.h>
|
||||||
#include <crypt.h>
|
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
|
@ -14,7 +13,7 @@
|
||||||
#include "readpassphrase.h"
|
#include "readpassphrase.h"
|
||||||
#include "sessions.h"
|
#include "sessions.h"
|
||||||
|
|
||||||
#define VERSION "1.4.2"
|
#define VERSION "1.4.3"
|
||||||
|
|
||||||
char* getpwhash(struct passwd* pw) {
|
char* getpwhash(struct passwd* pw) {
|
||||||
if (pw->pw_passwd[0] != 'x')
|
if (pw->pw_passwd[0] != 'x')
|
||||||
|
|
@ -34,22 +33,23 @@ char* getpwhash(struct passwd* pw) {
|
||||||
void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
|
void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
|
||||||
char* line = NULL;
|
char* line = NULL;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
size_t entry_len = strlen(entry);
|
||||||
|
|
||||||
fseek(fp, 0, SEEK_SET);
|
fseek(fp, 0, SEEK_SET);
|
||||||
|
|
||||||
while (getline(&line, &len, fp) != -1) {
|
while (getline(&line, &len, fp) != -1) {
|
||||||
if (strncmp(entry, line, strlen(entry)) == 0) {
|
if (strncmp(line, entry, entry_len) == 0 &&
|
||||||
strtok(line, "=");
|
(line[entry_len] == '=')) {
|
||||||
char* token = strtok(NULL, "=");
|
char* value = line + entry_len + 1;
|
||||||
if (token) {
|
value[strcspn(value, "\n")] = 0;
|
||||||
strncpy(result, token, len_result);
|
strncpy(result, value, len_result);
|
||||||
result[strcspn(result, "\n")] = 0;
|
result[len_result - 1] = '\0';
|
||||||
free(line);
|
free(line);
|
||||||
return;
|
return;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
free(line);
|
||||||
errx(1, "Could not get '%s' entry in config", entry);
|
errx(1, "Could not get '%s' entry in config", entry);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -69,7 +69,7 @@ void runprog(char** program_argv) {
|
||||||
|
|
||||||
int main(int argc, char** argv) {
|
int main(int argc, char** argv) {
|
||||||
char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128];
|
char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128];
|
||||||
unsigned int sleep_us, tries, ts_ttl;
|
int sleep_us, tries, ts_ttl;
|
||||||
|
|
||||||
int read_pw_from_stdin = 0;
|
int read_pw_from_stdin = 0;
|
||||||
if (argc > 1)
|
if (argc > 1)
|
||||||
|
|
@ -101,7 +101,7 @@ int main(int argc, char** argv) {
|
||||||
|
|
||||||
fclose(fp);
|
fclose(fp);
|
||||||
|
|
||||||
if (getsession(getppid(), ts_ttl, ruid) == 0 && !read_pw_from_stdin)
|
if (getsession(ts_ttl) == 0 && !read_pw_from_stdin)
|
||||||
runprog(&argv[1]);
|
runprog(&argv[1]);
|
||||||
|
|
||||||
struct passwd* pw = getpwuid(ruid);
|
struct passwd* pw = getpwuid(ruid);
|
||||||
|
|
@ -147,7 +147,7 @@ int main(int argc, char** argv) {
|
||||||
|
|
||||||
if (strcmp(given_hashed_pw, user_hashed_pw) == 0) {
|
if (strcmp(given_hashed_pw, user_hashed_pw) == 0) {
|
||||||
if (!read_pw_from_stdin)
|
if (!read_pw_from_stdin)
|
||||||
setsession(getppid(), ts_ttl, ruid);
|
setsession(ts_ttl);
|
||||||
runprog(&argv[read_pw_from_stdin+1]);
|
runprog(&argv[read_pw_from_stdin+1]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
72
sessions.h
72
sessions.h
|
|
@ -4,6 +4,7 @@
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#include <sys/ioctl.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
|
|
||||||
|
|
@ -49,24 +50,24 @@ int getpstartts(int pid, unsigned long long* startts) {
|
||||||
|
|
||||||
int ensuredir() {
|
int ensuredir() {
|
||||||
struct stat st;
|
struct stat st;
|
||||||
int fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
int fd = open("/var/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
||||||
|
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
if (errno == ENOENT) {
|
if (errno == ENOENT) {
|
||||||
if (mkdir("/run/rdo", 0700) < 0)
|
if (mkdir("/var/run/rdo", 0700) < 0)
|
||||||
err(1, "Could not create /run/rdo");
|
err(1, "Could not create /var/run/rdo");
|
||||||
|
|
||||||
fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
fd = open("/var/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
||||||
if (fd < 0)
|
if (fd < 0)
|
||||||
err(1, "Could not open /run/rdo");
|
err(1, "Could not open /var/run/rdo");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
err(1, "Could not open /run/rdo");
|
err(1, "Could not open /var/run/rdo");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fstat(fd, &st) < 0) {
|
if (fstat(fd, &st) < 0) {
|
||||||
close(fd);
|
close(fd);
|
||||||
err(1, "Could not fstat /run/rdo");
|
err(1, "Could not fstat /var/run/rdo");
|
||||||
}
|
}
|
||||||
|
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
@ -77,17 +78,46 @@ int ensuredir() {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
void setsession(int pid, unsigned int ts_ttl, int ruid) {
|
#ifdef __OpenBSD__
|
||||||
|
|
||||||
|
void setsession(int ts_ttl) {
|
||||||
|
if (ts_ttl <= 0)
|
||||||
|
return;
|
||||||
|
|
||||||
|
int ttyfd = open("/dev/tty", O_RDWR);
|
||||||
|
ioctl(ttyfd, TIOCSETVERAUTH, &ts_ttl);
|
||||||
|
close(ttyfd);
|
||||||
|
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
int getsession(int ts_ttl) {
|
||||||
|
if (ts_ttl <= 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
|
int ttyfd = open("/dev/tty", O_RDWR);
|
||||||
|
int ret = ioctl(ttyfd, TIOCCHKVERAUTH);
|
||||||
|
close(ttyfd);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
|
#else
|
||||||
|
|
||||||
|
void setsession(int ts_ttl) {
|
||||||
|
if (ts_ttl <= 0)
|
||||||
|
return;
|
||||||
|
|
||||||
unsigned long long startts;
|
unsigned long long startts;
|
||||||
char path[1024], ts_str[32];
|
char path[1024], ts_str[32];
|
||||||
|
|
||||||
if (ts_ttl == 0)
|
int ppid = getppid();
|
||||||
return;
|
int ruid = getuid();
|
||||||
|
|
||||||
if (ensuredir() < 0 || getpstartts(pid, &startts) < 0)
|
if (ensuredir() < 0 || getpstartts(ppid, &startts) < 0)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts);
|
snprintf(path, sizeof(path), "/var/run/rdo/%d-%d-%llu", ruid, ppid, startts);
|
||||||
|
|
||||||
int fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0700);
|
int fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0700);
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
|
|
@ -104,21 +134,23 @@ void setsession(int pid, unsigned int ts_ttl, int ruid) {
|
||||||
}
|
}
|
||||||
|
|
||||||
close(fd);
|
close(fd);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
int getsession(int pid, unsigned int ts_ttl, int ruid) {
|
int getsession(int ts_ttl) {
|
||||||
|
if (ts_ttl <= 0)
|
||||||
|
return -1;
|
||||||
|
|
||||||
unsigned long long startts, current;
|
unsigned long long startts, current;
|
||||||
char path[1024], ts_str[32];
|
char path[1024], ts_str[32];
|
||||||
|
|
||||||
if (ts_ttl == 0)
|
int ppid = getppid();
|
||||||
return -1;
|
int ruid = getuid();
|
||||||
|
|
||||||
if (ensuredir() < 0 || getpstartts(pid, &startts) < 0)
|
if (ensuredir() < 0 || getpstartts(ppid, &startts) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts);
|
snprintf(path, sizeof(path), "/var/run/rdo/%d-%d-%llu", ruid, ppid, startts);
|
||||||
|
|
||||||
int fd = open(path, O_RDONLY);
|
int fd = open(path, O_RDONLY);
|
||||||
if (fd < 0) {
|
if (fd < 0) {
|
||||||
|
|
@ -138,10 +170,12 @@ int getsession(int pid, unsigned int ts_ttl, int ruid) {
|
||||||
startts = strtoull(ts_str, NULL, 10);
|
startts = strtoull(ts_str, NULL, 10);
|
||||||
current = time(NULL);
|
current = time(NULL);
|
||||||
|
|
||||||
if (current - startts > ts_ttl) {
|
if (current - startts > (unsigned int)ts_ttl) {
|
||||||
unlink(path);
|
unlink(path);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endif
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue