Compare commits
10 commits
c3f0b728ba
...
4aab1431ed
| Author | SHA1 | Date | |
|---|---|---|---|
|
4aab1431ed | ||
|
81a2ea4414 | ||
|
|
4309fe26d9 | ||
|
|
ca8a3ee603 | ||
|
|
44d44e86d1 | ||
|
|
6a34dbb90a | ||
|
|
bd8380d809 | ||
|
|
c9d468df67 | ||
|
|
5f395137e3 | ||
|
|
c17cc8a416 |
3 changed files with 72 additions and 38 deletions
10
Makefile
10
Makefile
|
|
@ -15,15 +15,15 @@ debug: rdo.c
|
|||
${CC} ${CFLAGS_DEBUG} rdo.c -o rdo ${LIBS}
|
||||
|
||||
install: rdo
|
||||
cp rdo ${DESTDIR}/usr/bin/rdo
|
||||
chown root:root ${DESTDIR}/usr/bin/rdo
|
||||
chmod 755 ${DESTDIR}/usr/bin/rdo
|
||||
chmod u+s ${DESTDIR}/usr/bin/rdo
|
||||
cp rdo ${DESTDIR}/usr/local/bin/rdo
|
||||
chown 0:0 ${DESTDIR}/usr/local/bin/rdo
|
||||
chmod 755 ${DESTDIR}/usr/local/bin/rdo
|
||||
chmod u+s ${DESTDIR}/usr/local/bin/rdo
|
||||
cp rdo_sample.conf ${DESTDIR}/etc/rdo.conf
|
||||
chmod 600 ${DESTDIR}/etc/rdo.conf
|
||||
|
||||
uninstall:
|
||||
rm /usr/bin/rdo
|
||||
rm /usr/local/bin/rdo
|
||||
rm /etc/rdo.conf
|
||||
|
||||
clean:
|
||||
|
|
|
|||
24
rdo.c
24
rdo.c
|
|
@ -1,7 +1,6 @@
|
|||
#include <pwd.h>
|
||||
#include <grp.h>
|
||||
#include <err.h>
|
||||
#include <crypt.h>
|
||||
#include <unistd.h>
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
|
@ -14,7 +13,7 @@
|
|||
#include "readpassphrase.h"
|
||||
#include "sessions.h"
|
||||
|
||||
#define VERSION "1.4.2"
|
||||
#define VERSION "1.4.3"
|
||||
|
||||
char* getpwhash(struct passwd* pw) {
|
||||
if (pw->pw_passwd[0] != 'x')
|
||||
|
|
@ -34,22 +33,23 @@ char* getpwhash(struct passwd* pw) {
|
|||
void getconf(FILE* fp, const char* entry, char* result, size_t len_result) {
|
||||
char* line = NULL;
|
||||
size_t len = 0;
|
||||
size_t entry_len = strlen(entry);
|
||||
|
||||
fseek(fp, 0, SEEK_SET);
|
||||
|
||||
while (getline(&line, &len, fp) != -1) {
|
||||
if (strncmp(entry, line, strlen(entry)) == 0) {
|
||||
strtok(line, "=");
|
||||
char* token = strtok(NULL, "=");
|
||||
if (token) {
|
||||
strncpy(result, token, len_result);
|
||||
result[strcspn(result, "\n")] = 0;
|
||||
if (strncmp(line, entry, entry_len) == 0 &&
|
||||
(line[entry_len] == '=')) {
|
||||
char* value = line + entry_len + 1;
|
||||
value[strcspn(value, "\n")] = 0;
|
||||
strncpy(result, value, len_result);
|
||||
result[len_result - 1] = '\0';
|
||||
free(line);
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
free(line);
|
||||
errx(1, "Could not get '%s' entry in config", entry);
|
||||
}
|
||||
|
||||
|
|
@ -69,7 +69,7 @@ void runprog(char** program_argv) {
|
|||
|
||||
int main(int argc, char** argv) {
|
||||
char groupname[64], wrong_pw_sleep[64], session_ttl[64], password[128];
|
||||
unsigned int sleep_us, tries, ts_ttl;
|
||||
int sleep_us, tries, ts_ttl;
|
||||
|
||||
int read_pw_from_stdin = 0;
|
||||
if (argc > 1)
|
||||
|
|
@ -101,7 +101,7 @@ int main(int argc, char** argv) {
|
|||
|
||||
fclose(fp);
|
||||
|
||||
if (getsession(getppid(), ts_ttl, ruid) == 0 && !read_pw_from_stdin)
|
||||
if (getsession(ts_ttl) == 0 && !read_pw_from_stdin)
|
||||
runprog(&argv[1]);
|
||||
|
||||
struct passwd* pw = getpwuid(ruid);
|
||||
|
|
@ -147,7 +147,7 @@ int main(int argc, char** argv) {
|
|||
|
||||
if (strcmp(given_hashed_pw, user_hashed_pw) == 0) {
|
||||
if (!read_pw_from_stdin)
|
||||
setsession(getppid(), ts_ttl, ruid);
|
||||
setsession(ts_ttl);
|
||||
runprog(&argv[read_pw_from_stdin+1]);
|
||||
}
|
||||
|
||||
|
|
|
|||
72
sessions.h
72
sessions.h
|
|
@ -4,6 +4,7 @@
|
|||
#include <errno.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
#include <sys/ioctl.h>
|
||||
#include <fcntl.h>
|
||||
#include <time.h>
|
||||
|
||||
|
|
@ -49,24 +50,24 @@ int getpstartts(int pid, unsigned long long* startts) {
|
|||
|
||||
int ensuredir() {
|
||||
struct stat st;
|
||||
int fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
||||
int fd = open("/var/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
||||
|
||||
if (fd < 0) {
|
||||
if (errno == ENOENT) {
|
||||
if (mkdir("/run/rdo", 0700) < 0)
|
||||
err(1, "Could not create /run/rdo");
|
||||
if (mkdir("/var/run/rdo", 0700) < 0)
|
||||
err(1, "Could not create /var/run/rdo");
|
||||
|
||||
fd = open("/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
||||
fd = open("/var/run/rdo", O_RDONLY, O_DIRECTORY | O_NOFOLLOW);
|
||||
if (fd < 0)
|
||||
err(1, "Could not open /run/rdo");
|
||||
err(1, "Could not open /var/run/rdo");
|
||||
}
|
||||
else
|
||||
err(1, "Could not open /run/rdo");
|
||||
err(1, "Could not open /var/run/rdo");
|
||||
}
|
||||
|
||||
if (fstat(fd, &st) < 0) {
|
||||
close(fd);
|
||||
err(1, "Could not fstat /run/rdo");
|
||||
err(1, "Could not fstat /var/run/rdo");
|
||||
}
|
||||
|
||||
close(fd);
|
||||
|
|
@ -77,17 +78,46 @@ int ensuredir() {
|
|||
return 0;
|
||||
}
|
||||
|
||||
void setsession(int pid, unsigned int ts_ttl, int ruid) {
|
||||
#ifdef __OpenBSD__
|
||||
|
||||
void setsession(int ts_ttl) {
|
||||
if (ts_ttl <= 0)
|
||||
return;
|
||||
|
||||
int ttyfd = open("/dev/tty", O_RDWR);
|
||||
ioctl(ttyfd, TIOCSETVERAUTH, &ts_ttl);
|
||||
close(ttyfd);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
int getsession(int ts_ttl) {
|
||||
if (ts_ttl <= 0)
|
||||
return -1;
|
||||
|
||||
int ttyfd = open("/dev/tty", O_RDWR);
|
||||
int ret = ioctl(ttyfd, TIOCCHKVERAUTH);
|
||||
close(ttyfd);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
#else
|
||||
|
||||
void setsession(int ts_ttl) {
|
||||
if (ts_ttl <= 0)
|
||||
return;
|
||||
|
||||
unsigned long long startts;
|
||||
char path[1024], ts_str[32];
|
||||
|
||||
if (ts_ttl == 0)
|
||||
return;
|
||||
int ppid = getppid();
|
||||
int ruid = getuid();
|
||||
|
||||
if (ensuredir() < 0 || getpstartts(pid, &startts) < 0)
|
||||
if (ensuredir() < 0 || getpstartts(ppid, &startts) < 0)
|
||||
return;
|
||||
|
||||
snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts);
|
||||
snprintf(path, sizeof(path), "/var/run/rdo/%d-%d-%llu", ruid, ppid, startts);
|
||||
|
||||
int fd = open(path, O_CREAT | O_EXCL | O_WRONLY, 0700);
|
||||
if (fd < 0) {
|
||||
|
|
@ -104,21 +134,23 @@ void setsession(int pid, unsigned int ts_ttl, int ruid) {
|
|||
}
|
||||
|
||||
close(fd);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
int getsession(int pid, unsigned int ts_ttl, int ruid) {
|
||||
int getsession(int ts_ttl) {
|
||||
if (ts_ttl <= 0)
|
||||
return -1;
|
||||
|
||||
unsigned long long startts, current;
|
||||
char path[1024], ts_str[32];
|
||||
|
||||
if (ts_ttl == 0)
|
||||
return -1;
|
||||
int ppid = getppid();
|
||||
int ruid = getuid();
|
||||
|
||||
if (ensuredir() < 0 || getpstartts(pid, &startts) < 0)
|
||||
if (ensuredir() < 0 || getpstartts(ppid, &startts) < 0)
|
||||
return -1;
|
||||
|
||||
snprintf(path, sizeof(path), "/run/rdo/%d-%d-%llu", ruid, pid, startts);
|
||||
snprintf(path, sizeof(path), "/var/run/rdo/%d-%d-%llu", ruid, ppid, startts);
|
||||
|
||||
int fd = open(path, O_RDONLY);
|
||||
if (fd < 0) {
|
||||
|
|
@ -138,10 +170,12 @@ int getsession(int pid, unsigned int ts_ttl, int ruid) {
|
|||
startts = strtoull(ts_str, NULL, 10);
|
||||
current = time(NULL);
|
||||
|
||||
if (current - startts > ts_ttl) {
|
||||
if (current - startts > (unsigned int)ts_ttl) {
|
||||
unlink(path);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue