chiark
/
gitweb
/
~mdw
/
checkpath
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
checkpath.c: Allocate the state from a resource pool.
[checkpath]
/
chkpath.c
diff --git
a/chkpath.c
b/chkpath.c
index c9d66568e52bf51d126a1a898caa3ef7672d93aa..a7158d3c7efb3978fc7813e0f9dd957b630c3e03 100644
(file)
--- a/
chkpath.c
+++ b/
chkpath.c
@@
-1,6
+1,4
@@
/* -*-c-*-
/* -*-c-*-
- *
- * $Id: chkpath.c,v 1.4 2004/04/08 01:36:22 mdw Exp $
*
* Check a user's file search path
*
*
* Check a user's file search path
*
@@
-28,21
+26,29
@@
/*----- Header files ------------------------------------------------------*/
/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <pwd.h>
+#include <grp.h>
+
#include <mLib/alloc.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include "checkpath.h"
#include <mLib/alloc.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
#include "checkpath.h"
+#include "utils.h"
/*----- Main code ---------------------------------------------------------*/
/*----- Main code ---------------------------------------------------------*/
+/* --- @report@ --- */
+
static void report(unsigned what, int verbose,
const char *p, const char *msg,
void *arg)
static void report(unsigned what, int verbose,
const char *p, const char *msg,
void *arg)
@@
-51,7
+57,7
@@
static void report(unsigned what, int verbose,
/* --- @usage@ --- */
static void usage(FILE *fp)
/* --- @usage@ --- */
static void usage(FILE *fp)
- { fprintf(fp, "Usage: %s [-
vqstp
] [PATH...]\n", QUIS); }
+ { fprintf(fp, "Usage: %s [-
pqstv] [-g NAME
] [PATH...]\n", QUIS); }
/* --- @version@ --- */
/* --- @version@ --- */
@@
-77,12
+83,13
@@
Options provided are:\n\
-V, --version Display the program's version number.\n\
-u, --usage Show a terse usage summary.\n\
\n\
-V, --version Display the program's version number.\n\
-u, --usage Show a terse usage summary.\n\
\n\
--v, --verbose Be verbose about the search progress (cumulative).\n\
+-g, --group NAME Consider members of group NAME trustworthy.\n\
+-p, --print Write the secure path elements to standard output.\n\
-q, --quiet Be quiet about the search progress (cumulative).\n\
-s, --sticky Consider sticky directories secure against\n\
modification by world and group (not recommended).\n\
-q, --quiet Be quiet about the search progress (cumulative).\n\
-s, --sticky Consider sticky directories secure against\n\
modification by world and group (not recommended).\n\
--t, --trust-group
Consider other members of your group trustworthy.\n\
--
p, --print Write the secure path elements to standard output
.\n\
+-t, --trust-group
s
Consider other members of your group trustworthy.\n\
+-
v, --verbose Be verbose about the search progress (cumulative)
.\n\
",
fp);
}
",
fp);
}
@@
-105,27
+112,29
@@
int main(int argc, char *argv[])
/* --- Set up path scanning defaults --- */
cp.cp_verbose = 1;
/* --- Set up path scanning defaults --- */
cp.cp_verbose = 1;
- cp.cp_what =
CP_PROBLEMS | CP_REPORT | CP_SYMLINK
;
+ cp.cp_what =
(CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP
;
cp.cp_report = report;
cp.cp_arg = 0;
cp.cp_report = report;
cp.cp_arg = 0;
- checkpath_setids(&cp);
+ cp.cp_gids = 0;
+ checkpath_setuid(&cp);
/* --- Parse the options --- */
for (;;) {
static struct option opts[] = {
{ "help", 0, 0, 'h' },
/* --- Parse the options --- */
for (;;) {
static struct option opts[] = {
{ "help", 0, 0, 'h' },
- { "version", 0, 0, 'V' },
+ { "version", 0, 0, 'V' },
{ "usage", 0, 0, 'u' },
{ "usage", 0, 0, 'u' },
- { "verbose", 0, 0, 'v' },
+ { "group", OPTF_ARGREQ, 0, 'g' },
+ { "print", 0, 0, 'p' },
{ "quiet", 0, 0, 'q' },
{ "sticky", 0, 0, 's' },
{ "quiet", 0, 0, 'q' },
{ "sticky", 0, 0, 's' },
- { "trust-group
",
0, 0, 't' },
- { "
print", 0, 0, 'p
' },
+ { "trust-group
s",
0, 0, 't' },
+ { "
verbose", 0, 0, 'v
' },
{ 0, 0, 0, 0 }
};
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
+ i = mdwopt(argc, argv, "hVu" "g:pqstv", opts, 0, 0, 0);
if (i < 0)
break;
switch (i) {
if (i < 0)
break;
switch (i) {
@@
-138,8
+147,11
@@
int main(int argc, char *argv[])
case 'u':
usage(stdout);
exit(0);
case 'u':
usage(stdout);
exit(0);
- case 'v':
- cp.cp_verbose++;
+ case 'g':
+ allowgroup(&cp, optarg);
+ break;
+ case 'p':
+ f |= f_print;
break;
case 'q':
if (cp.cp_verbose)
break;
case 'q':
if (cp.cp_verbose)
@@
-149,10
+161,11
@@
int main(int argc, char *argv[])
cp.cp_what |= CP_STICKYOK;
break;
case 't':
cp.cp_what |= CP_STICKYOK;
break;
case 't':
- cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+ if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+ die(1, "too many groups");
break;
break;
- case '
p
':
-
f |= f_print
;
+ case '
v
':
+
cp.cp_verbose++
;
break;
default:
bad = 1;
break;
default:
bad = 1;
~mdw / checkpath / blobdiff