* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <errno.h>
+#include <ctype.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include <unistd.h>
#include <pwd.h>
+#include <grp.h>
#include <mLib/alloc.h>
#include <mLib/dstr.h>
*/
static int fullcheck(const char *p)
-{
- return (checkpath(p, &cp) == 0 && ok(p, 0));
-}
+ { return (checkpath(p, &cp) == 0 && ok(p, 0)); }
/* --- @goodtmp@ --- *
*
/* --- Try making a directory in `/tmp' --- */
- if (!(q = getenv("USER")) && !(q = getenv("LOGNAME")))
- q = pw->pw_name;
- if ((q = trytmp("/tmp", q)) != 0)
+ if ((q = trytmp("/tmp", pw->pw_name)) != 0)
return (q);
/* --- That failed: try a directory in the user's home --- */
- if (!(q = getenv("HOME")))
- q = pw->pw_dir;
- if ((q = trytmp(q, "tmp")) != 0)
+ if ((q = trytmp(pw->pw_dir, "tmp")) != 0)
return (q);
/* --- Still no joy: give up --- *
-b, --bourne Output a `TMPDIR' setting for Bourne shell users.\n\
-c, --cshell Output a `TMPDIR' setting for C shell users.\n\
-v, --verbose Report problems to standard error.\n\
+-g, --group NAME Trust group NAME to be honest and true.\n\
-C, --check PATH Check whether PATH is good, setting exit status.\n\
\n\
The default action is to examine the caller's shell and output a suitable\n\
fp);
}
+/* --- @allowgroup@ --- *
+ *
+ * Arguments: @const char *gname@ = trust group @gname@
+ *
+ * Returns: ---
+ *
+ * Use: Adds the gid corresponding to @gname@ (which may be a number)
+ * to the list of things we trust.
+ */
+
+static void allowgroup(const char *gname)
+{
+ struct group *gr;
+ const char *p;
+ gid_t g;
+
+ /* --- Check for numeric group spec --- */
+
+ for (p = gname; *p; p++) {
+ if (!isdigit((unsigned char)*p))
+ goto lookup;
+ }
+ g = atoi(gname);
+ goto insert;
+
+ /* --- Look up a group by name --- */
+
+lookup:
+ if ((gr = getgrnam(gname)) == 0)
+ die(1, "group %s not found", gname);
+ g = gr->gr_gid;
+
+ /* --- Insert the group into the table --- */
+
+insert:
+ if (cp.cp_gids >= N(cp.cp_gid))
+ die(1, "too many groups");
+ cp.cp_gid[cp.cp_gids++] = g;
+}
+
/* --- @main@ --- *
*
* Arguments: @int argc@ = number of command line arguments
/* --- Initialize variables --- */
ego(argv[0]);
- me = getuid();
- cp.cp_what = CP_WRWORLD | CP_WRGRP | CP_WROTHUSR | CP_STICKYOK | CP_REPORT;
+ me = geteuid();
+ cp.cp_what = (CP_WRWORLD | CP_WROTHGRP | CP_WROTHUSR |
+ CP_STICKYOK | CP_REPORT);
cp.cp_verbose = 0;
cp.cp_report = report;
checkpath_setids(&cp);
+ cp.cp_gids = 0; /* ignore group membership */
pw = getpwuid(me);
if (!pw)
die(1, "you don't exist");
{ "check", OPTF_ARGREQ, 0, 'C' },
{ "verify", OPTF_ARGREQ, 0, 'C' },
{ "verbose", 0, 0, 'v' },
+ { "trust-groups", 0, 0, 't' },
+ { "group", OPTF_ARGREQ, 0, 'g' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu bcvc:", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVu" "bcvtg:c:", opts, 0, 0, 0);
if (i < 0)
break;
case 'C':
return (!fullcheck(optarg));
break;
+ case 'g':
+ allowgroup(optarg);
+ break;
case 'v':
cp.cp_verbose++;
break;