/* -*-c-*-
- *
- * $Id: chkpath.c,v 1.1 1999/04/06 20:12:07 mdw Exp $
*
* Check a user's file search path
*
* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: chkpath.c,v $
- * Revision 1.1 1999/04/06 20:12:07 mdw
- * Initial revision
- *
- */
-
/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <pwd.h>
+#include <grp.h>
+
#include <mLib/alloc.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>
-#include "path.h"
+#include "checkpath.h"
+#include "utils.h"
/*----- Main code ---------------------------------------------------------*/
-static void report(int what, int verbose,
+/* --- @report@ --- */
+
+static void report(unsigned what, int verbose,
const char *p, const char *msg,
void *arg)
-{
- moan("%s", msg);
-}
+ { moan("%s", msg); }
/* --- @usage@ --- */
static void usage(FILE *fp)
-{
- fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS);
-}
+ { fprintf(fp, "Usage: %s [-vqstp] [-g NAME] [PATH...]\n", QUIS); }
/* --- @version@ --- */
static void version(FILE *fp)
-{
- fprintf(fp, "%s version %s\n", QUIS, VERSION);
-}
+ { fprintf(fp, "%s version %s\n", QUIS, VERSION); }
/* --- @help@ --- */
-s, --sticky Consider sticky directories secure against\n\
modification by world and group (not recommended).\n\
-t, --trust-group Consider other members of your group trustworthy.\n\
+-g, --group NAME Consider members of group NAME trustworthy.\n\
-p, --print Write the secure path elements to standard output.\n\
",
fp);
int main(int argc, char *argv[])
{
- int bad = 0;
+ unsigned bad = 0;
int i;
char *p, *q, *path;
- struct chkpath cp;
+ struct checkpath cp;
int f = 0;
- enum {
- f_print = 1,
- f_colon = 2
- };
+#define f_print 1u
+#define f_colon 2u
/* --- Initialize the world --- */
/* --- Set up path scanning defaults --- */
cp.cp_verbose = 1;
- cp.cp_what = (CP_WRWORLD | CP_WRGRP | CP_WROTHUSR |
- CP_ERROR | CP_REPORT | CP_SYMLINK);
+ cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;
cp.cp_report = report;
cp.cp_arg = 0;
- path_setids(&cp);
+ cp.cp_gids = 0;
+ checkpath_setuid(&cp);
/* --- Parse the options --- */
for (;;) {
static struct option opts[] = {
{ "help", 0, 0, 'h' },
- { "version", 0, 0, 'V' },
+ { "version", 0, 0, 'V' },
{ "usage", 0, 0, 'u' },
- { "verbose", 0, 0, 'v' },
+ { "verbose", 0, 0, 'v' },
{ "quiet", 0, 0, 'q' },
{ "sticky", 0, 0, 's' },
{ "trust-group", 0, 0, 't' },
{ "print", 0, 0, 'p' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVu vqstp", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVu" "vqstpg:", opts, 0, 0, 0);
if (i < 0)
break;
cp.cp_what |= CP_STICKYOK;
break;
case 't':
- cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+ if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+ die(1, "too many groups");
+ break;
+ case 'g':
+ allowgroup(&cp, optarg);
break;
case 'p':
f |= f_print;
p = xstrdup(argv[i]);
q = strtok(p, ":");
while (q) {
- int b = path_check(q, &cp);
+ unsigned b = checkpath(q, &cp);
if (!b && (f & f_print)) {
if (f & f_colon)
putchar(':');
~mdw / checkpath / blobdiff