Am I doing this right?

Am I doing this right?

Post by sp00f » Fri, 08 Dec 2000 04:00:00



I'm not a very good C programmer,but we needed something that could be
used by our NOC (sitroom, whatever you want to call it) to do emergency
reboots of our systems.  I came up with this, but I'm not sure how well
it's written.  I had some troubles with the getpw*() stuff, so I'm a
little uneasy as to whether this is all kosher.  Any thoughts are
appreciated, I tried to make this as secure as I could, but I suck :),
so I'm sure someone will correct me on some stuff here (please do!)

/*
*

*
* Program Name:         mksuid.c
* Date Created:         11/20/00
*
*
*/
#include <unistd.h>
#include <libgen.h>
#include <errno.h>
#include <pwd.h>
#include <grp.h>

#ifndef ALLOWED_USER
#define ALLOWED_USER    "sitroom1"
#endif

#ifndef ALLOWED_GROUP
#define ALLOWED_GROUP   "sitroom"
#endif

#ifndef CMD
#define CMD             "/sbin/init"
#endif

#ifndef CMD_ARGS
#define CMD_ARGS        "6"
#endif

#ifndef ARG0
#define ARG0            "sitrcmd"
#endif

#ifndef EXEC_AS_USER
#define EXEC_AS_USER    "root"
#endif

#ifndef EXEC_AS_GROUP
#define EXEC_AS_GROUP   "other"
#endif

int main(int argc, char **argv) {
        char *arg[3];
        char *env[1];

        struct passwd *pwd, *auth_usr, *exec_usr;
        struct group *grp, *auth_grp, *exec_grp;

        setpwent();
        if((auth_usr = getpwnam(ALLOWED_USER)) == NULL) {
                perror("Problem getting user info");
                exit(errno);
        }

        if((auth_grp = getgrnam(ALLOWED_GROUP)) == NULL) {
                perror("Problem getting group info");
                exit(errno);
        }

        setpwent();
        if((pwd = getpwuid(getuid())) == NULL) {
                perror("Problem getting user info");
                exit(errno);
        }

        if((grp = getgrgid(getgid())) == NULL) {
                perror("Problem getting group info");
                exit(errno)
        }

        if((strcmp(pwd->pw_name, ALLOWED_USER) != 0) ||
           (strcmp(grp->gr_name, ALLOWED_GROUP) != 0) ||
            pwd->pw_uid != auth_usr->pw_uid ||
            grp->gr_gid != auth_grp->gr_gid) {
                printf("Authorization denied for user %s\n", pwd-

Quote:>pw_name);

                exit(1);
        }

        setpwent();
        if((exec_usr = getpwnam(EXEC_AS_USER)) == NULL) {
                perror("Problem getting user info");
                exit(errno);
        }

        if((exec_grp = getgrnam(EXEC_AS_GROUP)) == NULL) {
                perror("Problem getting group info");
                exit(errno)
        }

        setuid(exec_usr->pw_uid);
        setgid(exec_grp->gr_gid);
        endpwent();

        arg[0] = ARG0;
        arg[1] = CMD_ARGS;
        arg[2] = NULL;
        env[0] = NULL;
        execve(CMD, arg, env);

        return 0;

Quote:}

Sent via Deja.com http://www.deja.com/
Before you buy.
 
 
 

Am I doing this right?

Post by sp00f » Thu, 14 Dec 2000 05:35:18




> I'm not a very good C programmer,but we needed something that could be
> used by our NOC (sitroom, whatever you want to call it) to do
emergency
> reboots of our systems.  I came up with this, but I'm not sure how
well
> it's written.  I had some troubles with the getpw*() stuff, so I'm a
> little uneasy as to whether this is all kosher.  Any thoughts are
> appreciated, I tried to make this as secure as I could, but I suck :),
> so I'm sure someone will correct me on some stuff here (please do!)

> /*
> *

> *
> * Program Name:            mksuid.c
> * Date Created:            11/20/00
> *
> *
> */
> #include <unistd.h>
> #include <libgen.h>
> #include <errno.h>
> #include <pwd.h>
> #include <grp.h>

> #ifndef ALLOWED_USER
> #define    ALLOWED_USER    "sitroom1"
> #endif

> #ifndef ALLOWED_GROUP
> #define    ALLOWED_GROUP   "sitroom"
> #endif

> #ifndef CMD
> #define    CMD             "/sbin/init"
> #endif

> #ifndef CMD_ARGS
> #define CMD_ARGS   "6"
> #endif

> #ifndef ARG0
> #define ARG0               "sitrcmd"
> #endif

> #ifndef EXEC_AS_USER
> #define EXEC_AS_USER       "root"
> #endif

> #ifndef EXEC_AS_GROUP
> #define EXEC_AS_GROUP      "other"
> #endif

> int main(int argc, char **argv) {
>    char *arg[3];
>    char *env[1];

>    struct passwd *pwd, *auth_usr, *exec_usr;
>    struct group *grp, *auth_grp, *exec_grp;

>         setpwent();
>         if((auth_usr = getpwnam(ALLOWED_USER)) == NULL) {
>                 perror("Problem getting user info");
>            exit(errno);
>         }

>         if((auth_grp = getgrnam(ALLOWED_GROUP)) == NULL) {
>                 perror("Problem getting group info");
>            exit(errno);
>         }

>    setpwent();
>    if((pwd = getpwuid(getuid())) == NULL) {
>            perror("Problem getting user info");
>            exit(errno);
>    }

>    if((grp = getgrgid(getgid())) == NULL) {
>            perror("Problem getting group info");
>            exit(errno)
>    }

>    if((strcmp(pwd->pw_name, ALLOWED_USER) != 0) ||
>       (strcmp(grp->gr_name, ALLOWED_GROUP) != 0) ||
>        pwd->pw_uid != auth_usr->pw_uid ||
>        grp->gr_gid != auth_grp->gr_gid) {
>            printf("Authorization denied for user %s\n", pwd-
> >pw_name);
>            exit(1);
>    }

>    setpwent();
>    if((exec_usr = getpwnam(EXEC_AS_USER)) == NULL) {
>            perror("Problem getting user info");
>            exit(errno);
>    }

>    if((exec_grp = getgrnam(EXEC_AS_GROUP)) == NULL) {
>            perror("Problem getting group info");
>            exit(errno)
>    }

>    setuid(exec_usr->pw_uid);
>    setgid(exec_grp->gr_gid);
>    endpwent();

>         arg[0] = ARG0;
>         arg[1] = CMD_ARGS;
>         arg[2] = NULL;
>         env[0] = NULL;
>    execve(CMD, arg, env);

>    return 0;
> }

> Sent via Deja.com http://www.deja.com/
> Before you buy.

Sent via Deja.com
http://www.deja.com/

 
 
 

Am I doing this right?

Post by Aidan Keho » Sat, 16 Dec 2000 06:55:27


(2 days later; I know, I know :-) It seems fine; the setpwent() and
endpwent() are superflous, though. They're only used if you're
iterating through the passwd file; i.e. read first entry, read next
entry and so on.

        - Aidan

(shaddup ntk nazis)


> I'm not a very good C programmer,but we needed something that could be
> used by our NOC (sitroom, whatever you want to call it) to do emergency
> reboots of our systems.  I came up with this, but I'm not sure how well
> it's written.  I had some troubles with the getpw*() stuff, so I'm a
> little uneasy as to whether this is all kosher.  Any thoughts are
> appreciated, I tried to make this as secure as I could, but I suck :),
> so I'm sure someone will correct me on some stuff here (please do!)

> /*
> *

> *
> * Program Name:            mksuid.c
> * Date Created:            11/20/00
> *
> *
> */
> #include <unistd.h>
> #include <libgen.h>
> #include <errno.h>
> #include <pwd.h>
> #include <grp.h>

> #ifndef ALLOWED_USER
> #define    ALLOWED_USER    "sitroom1"
> #endif

> #ifndef ALLOWED_GROUP
> #define    ALLOWED_GROUP   "sitroom"
> #endif

> #ifndef CMD
> #define    CMD             "/sbin/init"
> #endif

> #ifndef CMD_ARGS
> #define CMD_ARGS   "6"
> #endif

> #ifndef ARG0
> #define ARG0               "sitrcmd"
> #endif

> #ifndef EXEC_AS_USER
> #define EXEC_AS_USER       "root"
> #endif

> #ifndef EXEC_AS_GROUP
> #define EXEC_AS_GROUP      "other"
> #endif

> int main(int argc, char **argv) {
>    char *arg[3];
>    char *env[1];

>    struct passwd *pwd, *auth_usr, *exec_usr;
>    struct group *grp, *auth_grp, *exec_grp;

>         setpwent();
>         if((auth_usr = getpwnam(ALLOWED_USER)) == NULL) {
>                 perror("Problem getting user info");
>            exit(errno);
>         }

>         if((auth_grp = getgrnam(ALLOWED_GROUP)) == NULL) {
>                 perror("Problem getting group info");
>            exit(errno);
>         }

>    setpwent();
>    if((pwd = getpwuid(getuid())) == NULL) {
>            perror("Problem getting user info");
>            exit(errno);
>    }

>    if((grp = getgrgid(getgid())) == NULL) {
>            perror("Problem getting group info");
>            exit(errno)
>    }

>    if((strcmp(pwd->pw_name, ALLOWED_USER) != 0) ||
>       (strcmp(grp->gr_name, ALLOWED_GROUP) != 0) ||
>        pwd->pw_uid != auth_usr->pw_uid ||
>        grp->gr_gid != auth_grp->gr_gid) {
>            printf("Authorization denied for user %s\n", pwd-
> >pw_name);
>            exit(1);
>    }

>    setpwent();
>    if((exec_usr = getpwnam(EXEC_AS_USER)) == NULL) {
>            perror("Problem getting user info");
>            exit(errno);
>    }

>    if((exec_grp = getgrnam(EXEC_AS_GROUP)) == NULL) {
>            perror("Problem getting group info");
>            exit(errno)
>    }

>    setuid(exec_usr->pw_uid);
>    setgid(exec_grp->gr_gid);
>    endpwent();

>         arg[0] = ARG0;
>         arg[1] = CMD_ARGS;
>         arg[2] = NULL;
>         env[0] = NULL;
>    execve(CMD, arg, env);

>    return 0;
> }

> Sent via Deja.com http://www.deja.com/
> Before you buy.

--
There is no TRUTH. There is no REALITY. There is no CONSISTENCY. There
are no ABSOLUTE STATEMENTS. I'm very probably wrong. -- BSD fortune(6)
 
 
 

1. Shutdown problems...am I doing it right?

Hello,

  I finally got (RedHat) Linux set up and running, for the most part, on
an
AMD586-133.  However, shutdown is giving me problems.  If I do "shutdown
-h now", all activity stops with the message "INIT: No more processes in
the runlevel" or something like that...no "system halted" or anything
like that.  Of course, when I reboot, I get all sorts of errors about
disks not be unmounted properly, etc etc.  

  I did a somewhat minimal install...is it possible I left something
out?  Should I be doing another command before shutdown?

 TIA

p

2. bash RE *(-|--)fred

3. ipchains filter - am i doing this right? (Sorry)

4. unzip and crypt

5. ipchains filter - am i doing this right?

6. .plan Function?

7. RedHat 5.2 dialler - am i doing it right ?

8. ip sourcerouting dont work

9. LVM...am I doing this right?

10. SetEnvIf-Am I doing this right?

11. This clone thing...am I stupid, or am I right?

12. Am I touchy? Or am I right?