X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/checkpath/blobdiff_plain/263d6e0d5b3272ea76ed646258ee945fae8a096f..c7ade76f8e82fb51068cfd9e41b8268b35c50b13:/chkpath.c

diff --git a/chkpath.c b/chkpath.c
index c9d6656..a7158d3 100644
--- a/chkpath.c
+++ b/chkpath.c
@@ -1,6 +1,4 @@
 /* -*-c-*-
- *
- * $Id: chkpath.c,v 1.4 2004/04/08 01:36:22 mdw Exp $
  *
  * Check a user's file search path
  *
@@ -28,21 +26,29 @@
 
 /*----- Header files ------------------------------------------------------*/
 
+#include "config.h"
+
 #include <errno.h>
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
+#include <pwd.h>
+#include <grp.h>
+
 #include <mLib/alloc.h>
 #include <mLib/mdwopt.h>
 #include <mLib/quis.h>
 #include <mLib/report.h>
 
 #include "checkpath.h"
+#include "utils.h"
 
 /*----- Main code ---------------------------------------------------------*/
 
+/* --- @report@ --- */
+
 static void report(unsigned what, int verbose,
 		   const char *p, const char *msg,
 		   void *arg)
@@ -51,7 +57,7 @@ static void report(unsigned what, int verbose,
 /* --- @usage@ --- */
 
 static void usage(FILE *fp)
-  { fprintf(fp, "Usage: %s [-vqstp] [PATH...]\n", QUIS); }
+  { fprintf(fp, "Usage: %s [-pqstv] [-g NAME] [PATH...]\n", QUIS); }
 
 /* --- @version@ --- */
 
@@ -77,12 +83,13 @@ Options provided are:\n\
 -V, --version		Display the program's version number.\n\
 -u, --usage		Show a terse usage summary.\n\
 \n\
--v, --verbose		Be verbose about the search progress (cumulative).\n\
+-g, --group NAME	Consider members of group NAME trustworthy.\n\
+-p, --print		Write the secure path elements to standard output.\n\
 -q, --quiet		Be quiet about the search progress (cumulative).\n\
 -s, --sticky		Consider sticky directories secure against\n\
 			modification by world and group (not recommended).\n\
--t, --trust-group	Consider other members of your group trustworthy.\n\
--p, --print		Write the secure path elements to standard output.\n\
+-t, --trust-groups	Consider other members of your group trustworthy.\n\
+-v, --verbose		Be verbose about the search progress (cumulative).\n\
 ",
 	fp);
 }
@@ -105,27 +112,29 @@ int main(int argc, char *argv[])
   /* --- Set up path scanning defaults --- */
 
   cp.cp_verbose = 1;
-  cp.cp_what = CP_PROBLEMS | CP_REPORT | CP_SYMLINK;
+  cp.cp_what = (CP_PROBLEMS | CP_REPORT | CP_SYMLINK) & ~CP_WRGRP;
   cp.cp_report = report;
   cp.cp_arg = 0;
-  checkpath_setids(&cp);
+  cp.cp_gids = 0;
+  checkpath_setuid(&cp);
 
   /* --- Parse the options --- */
 
   for (;;) {
     static struct option opts[] = {
       { "help",		0,		0,	'h' },
-      { "version", 	0, 		0,	'V' },
+      { "version",	0,		0,	'V' },
       { "usage",	0,		0,	'u' },
-      { "verbose", 	0,		0,	'v' },
+      { "group",	OPTF_ARGREQ,	0,	'g' },
+      { "print",	0,		0,	'p' },
       { "quiet",	0,		0,	'q' },
       { "sticky",	0,		0,	's' },
-      { "trust-group",	0,		0,	't' },
-      { "print",	0,		0,	'p' },
+      { "trust-groups",	0,		0,	't' },
+      { "verbose",	0,		0,	'v' },
       { 0,		0,		0,	0 }
     };
-    int i = mdwopt(argc, argv, "hVu" "vqstp", opts, 0, 0, 0);
 
+    i = mdwopt(argc, argv, "hVu" "g:pqstv", opts, 0, 0, 0);
     if (i < 0)
       break;
     switch (i) {
@@ -138,8 +147,11 @@ int main(int argc, char *argv[])
       case 'u':
 	usage(stdout);
 	exit(0);
-      case 'v':
-	cp.cp_verbose++;
+      case 'g':
+	allowgroup(&cp, optarg);
+	break;
+      case 'p':
+	f |= f_print;
 	break;
       case 'q':
 	if (cp.cp_verbose)
@@ -149,10 +161,11 @@ int main(int argc, char *argv[])
 	cp.cp_what |= CP_STICKYOK;
 	break;
       case 't':
-	cp.cp_what = (cp.cp_what & ~CP_WRGRP) | CP_WROTHGRP;
+	if (checkpath_setgid(&cp) || checkpath_setgroups(&cp))
+	  die(1, "too many groups");
 	break;
-      case 'p':
-	f |= f_print;
+      case 'v':
+	cp.cp_verbose++;
 	break;
       default:
 	bad = 1;