Update of /cvsroot/serverfilters/script
In directory sc8-pr-cvs1:/tmp/cvs-serv22637/script
Added Files:
filtercmd.c
Removed Files:
getrc putrc rcexists
Log Message:
Changed setuid functions to use a C wrapper instead of sudo command.
--- NEW FILE: filtercmd.c ---
/*
how-to compile:
# gcc -o filtercmd filtercmd.c; chmod 4750 filtercmd; chown root:apache filtercmd
*/
#define STR_MAX 1024
#define MAXLEN 1024
#include <stdio.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <pwd.h>
void eperror(register char *);
int rcexists(char *);
int getrc(char*, char*, uid_t, gid_t);
int putrc(char*, char*, char*);
int copy_file(char*, char*);
int main(int argc, char *argv[]){
/*
Developed by
Pedro L Orso - or...@on...
Changed by
Thiago Melo de Paula - th...@fa...
*/
int i, ok;
char cmd[STR_MAX];
char user[STR_MAX];
char filter_file[STR_MAX];
char temp_file[STR_MAX];
uid_t UID;
gid_t GID;
UID = getuid();
GID = getgid();
if((setuid(0)) < 0) eperror("setuid");
if((setgid(3)) < 0) eperror("setgid");
sprintf(cmd,"%s",argv[1]);
if(!strlen(cmd)){
printf("You forgot to provide a command.\n");
return 1;
} else {
if (!strcmp("getrc",cmd)) {
if (argc < 4) {
printf("Usage: filtercmd getrc filter_file temp_file\n");
return 2;
}
sprintf(filter_file, "%s", argv[2]);
sprintf(temp_file, "%s", argv[3]);
return getrc(filter_file, temp_file, UID, GID);
} else if (!strcmp("putrc", cmd)) {
if (argc < 5) {
printf("Usage: filtercmd putrc owner temp_file filter_file\n");
return 3;
}
sprintf(user, "%s", argv[2]);
if(!strcmp(user,"root") && !strcmp(user, "0")){
printf("The file cannot have root ownership for security reasons.\n");
return 6; //the root user cannot be edited for security reasons
}
sprintf(temp_file, "%s", argv[3]);
sprintf(filter_file, "%s", argv[4]);
return putrc(user, temp_file, filter_file);
} else if (!strcmp("rcexists",cmd)) {
if (argc < 3) {
printf("Usage: filtercmd rcexists filter_file\n");
return 4;
}
sprintf(filter_file, "%s", argv[2]);
return rcexists(filter_file);
} else if (argc > 1) {
printf("Invalid command specified.\n");
return 5;
} else {
printf("Usage: filtercmd [getrc|putrc|rcexists]\n");
return 7;
}
}
}
void eperror(s)
register char *s;
{
/*
Developed by
Pedro L Orso - or...@on...
Changed by
Thiago Melo de Paula - th...@fa...
*/
char str[50];
sprintf(str,"filtercmd - %s",s);
perror(str);
exit(1);
}
int rcexists(char* filter_file)
{
FILE *filter;
if(!(filter=fopen(filter_file,"r"))){
echo "File not found";
return 7;
} else {
fclose(filter);
return 0;
}
}
int getrc(char* filter_file, char* temp_file, uid_t UID, gid_t GID)
{
copy_file(filter_file, temp_file);
chown(temp_file, UID, GID);
return 0;
}
int putrc(char* user, char* temp_file, char* filter_file)
{
struct passwd* user_pass;
user_pass = getpwnam(user);
if (copy_file(temp_file, filter_file)) {
return 10;
}
chown(filter_file, user_pass->pw_uid, user_pass->pw_gid);
chmod(filter_file, (S_IRUSR|S_IWUSR));
unlink(temp_file);
return 0;
}
int copy_file(char* old_file, char* new_file)
{
FILE *infile, *outfile;
char buf[MAXLEN];
if (!(infile=fopen(old_file,"r"))) {
printf("Could not open %s", old_file);
return 8;
}
if (!(outfile=fopen(new_file,"w"))) {
printf("Could not open %s", new_file);
return 9;
}
while(fgets(buf,MAXLEN,infile)!=NULL){
fputs(buf, outfile);
}
fclose(outfile);
fclose(infile);
return 0;
}
--- getrc DELETED ---
--- putrc DELETED ---
--- rcexists DELETED ---
|
