debian/control: Replace obsolete ${Source-Version} substitution.

[checkpath] / chkpath.c

diff --git a/chkpath.c b/chkpath.c
index 0751449038e6ad2a6be7e5a92212ea3dfecabc86..a44570e5816e47252e4fab347ccfebb95b042a10 100644 (file)
--- a/chkpath.c
+++ b/chkpath.c
@@ -1,6 +1,4 @@
 /* -*-c-*-
- *
- * $Id: chkpath.c,v 1.4 2004/04/08 01:36:22 mdw Exp $
  *
  * Check a user's file search path
  *
@@ -36,15 +34,21 @@
 #include <stdlib.h>
 #include <string.h>
 
+#include <pwd.h>
+#include <grp.h>
+
 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>
 #include <mLib/report.h>
 
 #include "checkpath.h"
+#include "utils.h"
 
 /*----- Main code ---------------------------------------------------------*/
 
+/* --- @report@ --- */
+
 static void report(unsigned what, int verbose,
                   const char *p, const char *msg,
                   void *arg)
@@ -53,7 +57,7 @@ static void report(unsigned what, int verbose,
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)
-  { fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); }
+  { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }
 
 /* --- @version@ --- */
 
@@ -84,6 +88,7 @@ Options provided are:\n\
 -s, --sticky           Consider sticky directories secure against\n\
                        modification by world and group (not recommended).\n\
 -t, --trust-group      Consider other members of your group trustworthy.\n\
+-g, --group NAME       Consider members of group NAME trustworthy.\n\
 -p, --print            Write the secure path elements to standard output.\n\
 ",
        fp);
@@ -107,26 +112,27 @@ int main(int argc, char *argv[])
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;
-  cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
+  cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;
   cp.cp_report = report;
   cp.cp_arg = 0;
-  checkpath_setids(&cp);
+  cp.cp_gids = 0;
+  checkpath_setuid(&cp);
 
   /* --- Parse the options --- */
 
   for (;;) {
     static struct option opts[] = {
       { "help",                0,              0,      'h' },
-      { "version",     0,              0,      'V' },
+      { "version",     0,              0,      'V' },
       { "usage",       0,              0,      'u' },
-      { "verbose",     0,              0,      'v' },
+      { "verbose",     0,              0,      'v' },
       { "quiet",       0,              0,      'q' },
       { "sticky",      0,              0,      's' },
       { "trust-group", 0,              0,      't' },
       { "print",       0,              0,      'p' },
       { 0,             0,              0,      0 }
     };
-    int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
+    int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);
 
     if (i < 0)
       break;
@@ -151,7 +157,11 @@ int main(int argc, char *argv[])
        cp.cp_what |= CP_STICKYOK;
        break;
       case 't':
-       cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+       if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+         die(1, "too many groups");
+       break;
+      case 'g':
+       allowgroup(&cp, optarg);
        break;
       case 'p':
        f |= f_print;