summaryrefslogtreecommitdiffstats
path: root/src/newgrp.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/newgrp.c')
-rw-r--r--src/newgrp.c127
1 files changed, 58 insertions, 69 deletions
diff --git a/src/newgrp.c b/src/newgrp.c
index 9982083..1b3d76b 100644
--- a/src/newgrp.c
+++ b/src/newgrp.c
@@ -16,20 +16,24 @@
#include <pwd.h>
#include <stdio.h>
#include <assert.h>
+
+#include "agetpass.h"
+#include "alloc.h"
#include "defines.h"
#include "getdef.h"
#include "prototypes.h"
/*@-exitarg@*/
#include "exitcodes.h"
#include "shadowlog.h"
+#include "string/sprintf.h"
+
/*
* Global variables
*/
-const char *Prog;
+static const char *Prog;
extern char **newenvp;
-extern char **environ;
#ifdef HAVE_SETGROUPS
static int ngroups;
@@ -158,7 +162,7 @@ static void check_perms (const struct group *grp,
* get the password from her, and set the salt for
* the decryption from the group file.
*/
- cp = getpass (_("Password: "));
+ cp = agetpass (_("Password: "));
if (NULL == cp) {
goto failure;
}
@@ -169,7 +173,7 @@ static void check_perms (const struct group *grp,
* must match the previously encrypted value in the file.
*/
cpasswd = pw_encrypt (cp, grp->gr_passwd);
- strzero (cp);
+ erase_pass (cp);
if (NULL == cpasswd) {
fprintf (stderr,
@@ -184,12 +188,10 @@ static void check_perms (const struct group *grp,
if (grp->gr_passwd[0] == '\0' ||
strcmp (cpasswd, grp->gr_passwd) != 0) {
#ifdef WITH_AUDIT
- snprintf (audit_buf, sizeof(audit_buf),
- "authentication new-gid=%lu",
- (unsigned long) grp->gr_gid);
+ SNPRINTF(audit_buf, "authentication new-gid=%lu",
+ (unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
#endif
SYSLOG ((LOG_INFO,
"Invalid password for group '%s' from '%s'",
@@ -199,12 +201,10 @@ static void check_perms (const struct group *grp,
goto failure;
}
#ifdef WITH_AUDIT
- snprintf (audit_buf, sizeof(audit_buf),
- "authentication new-gid=%lu",
- (unsigned long) grp->gr_gid);
+ SNPRINTF(audit_buf, "authentication new-gid=%lu",
+ (unsigned long) grp->gr_gid);
audit_logger (AUDIT_GRP_AUTH, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 1);
+ audit_buf, NULL, getuid (), 1);
#endif
}
@@ -217,21 +217,17 @@ failure:
closelog ();
#ifdef WITH_AUDIT
if (groupname) {
- snprintf (audit_buf, sizeof(audit_buf),
- "changing new-group=%s", groupname);
+ SNPRINTF(audit_buf, "changing new-group=%s", groupname);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL,
- (unsigned int) getuid (), 0);
+ "changing", NULL, getuid (), 0);
}
#endif
exit (EXIT_FAILURE);
}
-#ifdef USE_SYSLOG
/*
* syslog_sg - log the change of group to syslog
*
@@ -292,6 +288,9 @@ static void syslog_sg (const char *name, const char *group)
(void) signal (SIGTSTP, SIG_IGN);
(void) signal (SIGTTIN, SIG_IGN);
(void) signal (SIGTTOU, SIG_IGN);
+ /* set SIGCHLD to default for waitpid */
+ (void) signal(SIGCHLD, SIG_DFL);
+
child = fork ();
if ((pid_t)-1 == child) {
/* error in fork() */
@@ -299,15 +298,13 @@ static void syslog_sg (const char *name, const char *group)
is_newgrp ? "newgrp" : "sg", strerror (errno));
#ifdef WITH_AUDIT
if (group) {
- snprintf (audit_buf, sizeof(audit_buf),
- "changing new-group=%s", group);
+ SNPRINTF(audit_buf,
+ "changing new-group=%s", group);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL,
- (unsigned int) getuid (), 0);
+ "changing", NULL, getuid (), 0);
}
#endif
exit (EXIT_FAILURE);
@@ -365,7 +362,6 @@ static void syslog_sg (const char *name, const char *group)
free(free_login);
free(free_tty);
}
-#endif /* USE_SYSLOG */
/*
* newgrp - change the invokers current real and effective group id
@@ -394,12 +390,15 @@ int main (int argc, char **argv)
#ifdef WITH_AUDIT
audit_help_open ();
#endif
+
+ check_fds ();
+
(void) setlocale (LC_ALL, "");
(void) bindtextdomain (PACKAGE, LOCALEDIR);
(void) textdomain (PACKAGE);
/*
- * Save my name for error messages and save my real gid incase of
+ * Save my name for error messages and save my real gid in case of
* errors. If there is an error i have to exec a new login shell for
* the user since her old shell won't have fork'd to create the
* process. Skip over the program name to the next command line
@@ -421,11 +420,18 @@ int main (int argc, char **argv)
* but we do not need to restore the previous process persona and we
* don't need to re-exec anything. -- JWP
*/
- Prog = Basename (argv[0]);
+
+ /*
+ * Ensure that "Prog" is always either "newgrp" or "sg" to avoid
+ * injecting arbitrary strings into our stderr/stdout, as this can
+ * be an exploit vector.
+ */
+ is_newgrp = (strcmp (Basename (argv[0]), "newgrp") == 0);
+ Prog = is_newgrp ? "newgrp" : "sg";
+
log_set_progname(Prog);
log_set_logfd(stderr);
- is_newgrp = (strcmp (Prog, "newgrp") == 0);
- OPENLOG (is_newgrp ? "newgrp" : "sg");
+ OPENLOG (Prog);
argc--;
argv++;
@@ -437,8 +443,7 @@ int main (int argc, char **argv)
Prog);
#ifdef WITH_AUDIT
audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL,
- (unsigned int) getuid (), 0);
+ "changing", NULL, getuid (), 0);
#endif
SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
(unsigned long) getuid ()));
@@ -507,7 +512,7 @@ int main (int argc, char **argv)
if ((argc > 0) && (argv[0][0] == '-')) {
usage ();
goto failure;
- } else if (argv[0] != (char *) 0) {
+ } else if (argv[0] != NULL) {
group = argv[0];
} else {
/*
@@ -541,7 +546,7 @@ int main (int argc, char **argv)
/* don't use getgroups(0, 0) - it doesn't work on some systems */
i = 16;
for (;;) {
- grouplist = (GETGROUPS_T *) xmalloc (i * sizeof (GETGROUPS_T));
+ grouplist = XMALLOC(i, GETGROUPS_T);
ngroups = getgroups (i, grouplist);
if (i > ngroups && !(ngroups == -1 && errno == EINVAL)) {
break;
@@ -554,15 +559,12 @@ int main (int argc, char **argv)
perror ("getgroups");
#ifdef WITH_AUDIT
if (group) {
- snprintf (audit_buf, sizeof(audit_buf),
- "changing new-group=%s", group);
+ SNPRINTF(audit_buf, "changing new-group=%s", group);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL,
- (unsigned int) getuid (), 0);
+ "changing", NULL, getuid (), 0);
}
#endif
exit (EXIT_FAILURE);
@@ -628,7 +630,7 @@ int main (int argc, char **argv)
}
#endif /* HAVE_SETGROUPS */
/*
- * For splitted groups (due to limitations of NIS), check all
+ * For split groups (due to limitations of NIS), check all
* groups of the same GID like the requested group for
* membership of the current user.
*/
@@ -665,11 +667,9 @@ int main (int argc, char **argv)
* all successful validations pass through this point. The group id
* will be set, and the group added to the concurrent groupset.
*/
-#ifdef USE_SYSLOG
if (getdef_bool ("SYSLOG_SG_ENAB")) {
syslog_sg (name, group);
}
-#endif /* USE_SYSLOG */
gid = grp->gr_gid;
@@ -718,11 +718,9 @@ int main (int argc, char **argv)
if (setgid (gid) != 0) {
perror ("setgid");
#ifdef WITH_AUDIT
- snprintf (audit_buf, sizeof(audit_buf),
- "changing new-gid=%lu", (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
#endif
exit (EXIT_FAILURE);
}
@@ -730,11 +728,9 @@ int main (int argc, char **argv)
if (setuid (getuid ()) != 0) {
perror ("setuid");
#ifdef WITH_AUDIT
- snprintf (audit_buf, sizeof(audit_buf),
- "changing new-gid=%lu", (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
#endif
exit (EXIT_FAILURE);
}
@@ -745,13 +741,11 @@ int main (int argc, char **argv)
*/
if (cflag) {
closelog ();
- execl (SHELL, "sh", "-c", command, (char *) 0);
+ execl (SHELL, "sh", "-c", command, (char *) NULL);
#ifdef WITH_AUDIT
- snprintf (audit_buf, sizeof(audit_buf),
- "changing new-gid=%lu", (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
#endif
perror (SHELL);
exit ((errno == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
@@ -815,17 +809,15 @@ int main (int argc, char **argv)
}
#ifdef WITH_AUDIT
- snprintf (audit_buf, sizeof(audit_buf), "changing new-gid=%lu",
- (unsigned long) gid);
+ SNPRINTF(audit_buf, "changing new-gid=%lu", (unsigned long) gid);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 1);
+ audit_buf, NULL, getuid (), 1);
#endif
/*
* Exec the login shell and go away. We are trying to get back to
* the previous environment which should be the user's login shell.
*/
- err = shell (prog, initflag ? (char *) 0 : progbase, newenvp);
+ err = shell (prog, initflag ? NULL : progbase, newenvp);
exit ((err == ENOENT) ? E_CMD_NOTFOUND : E_CMD_NOEXEC);
/*@notreached@*/
failure:
@@ -843,15 +835,12 @@ int main (int argc, char **argv)
closelog ();
#ifdef WITH_AUDIT
if (NULL != group) {
- snprintf (audit_buf, sizeof(audit_buf),
- "changing new-group=%s", group);
+ SNPRINTF(audit_buf, "changing new-group=%s", group);
audit_logger (AUDIT_CHGRP_ID, Prog,
- audit_buf, NULL,
- (unsigned int) getuid (), 0);
+ audit_buf, NULL, getuid (), 0);
} else {
audit_logger (AUDIT_CHGRP_ID, Prog,
- "changing", NULL,
- (unsigned int) getuid (), 0);
+ "changing", NULL, getuid (), 0);
}
#endif
exit (EXIT_FAILURE);