]> git.saurik.com Git - apple/system_cmds.git/blob - newgrp.tproj/newgrp.c
projects / apple / system_cmds.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
system_cmds-790.tar.gz
[apple/system_cmds.git] / newgrp.tproj / newgrp.c
1 /*-
2 * Copyright (c) 2002 Tim J. Robbins.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 *
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24 * SUCH DAMAGE.
25 */
26
27 /*
28 * newgrp -- change to a new group
29 */
30
31 #include <sys/cdefs.h>
32 __FBSDID("$FreeBSD: src/usr.bin/newgrp/newgrp.c,v 1.5 2009/12/13 03:14:06 delphij Exp $");
33
34 #include <sys/types.h>
35
36 #include <err.h>
37 #include <errno.h>
38 #include <grp.h>
39 #include <libgen.h>
40 #include <limits.h>
41 #ifndef __APPLE__
42 #include <login_cap.h>
43 #endif /* !__APPLE__ */
44 #ifdef __APPLE__
45 #include <membership.h>
46 #endif /* __APPLE__ */
47 #include <pwd.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <unistd.h>
52 #ifdef __APPLE__
53 #include <paths.h>
54 #endif /* __APPLE__ */
55 static void addgroup(const char *grpname);
56 static void doshell(void);
57 static int inarray(gid_t, const gid_t[], int);
58 static void loginshell(void);
59 static void restoregrps(void);
60 static void usage(void);
61
62 static struct passwd *pwd;
63 static uid_t euid;
64
65 extern char **environ;
66
67 /* Manipulate effective user ID. */
68 #define PRIV_START do { \
69 if (seteuid(euid) < 0) \
70 err(1, "seteuid"); \
71 } while (0)
72 #define PRIV_END do { \
73 if (seteuid(getuid()) < 0) \
74 err(1, "seteuid"); \
75 } while (0)
76
77 int
78 main(int argc, char *argv[])
79 {
80 int ch, login;
81
82 euid = geteuid();
83 if (seteuid(getuid()) < 0)
84 err(1, "seteuid");
85
86 if ((pwd = getpwuid(getuid())) == NULL)
87 errx(1, "unknown user");
88
89 login = 0;
90 while ((ch = getopt(argc, argv, "-l")) != -1) {
91 switch (ch) {
92 case '-': /* Obsolescent */
93 case 'l':
94 login = 1;
95 break;
96 default:
97 usage();
98 }
99 }
100 argc -= optind;
101 argv += optind;
102
103 switch (argc) {
104 case 0:
105 restoregrps();
106 break;
107 case 1:
108 addgroup(*argv);
109 break;
110 default:
111 usage();
112 }
113
114 if (seteuid(euid) < 0)
115 err(1, "seteuid");
116 if (setuid(getuid()) < 0)
117 err(1, "setuid");
118
119 if (login)
120 loginshell();
121 else
122 doshell();
123
124 /*NOTREACHED*/
125 exit(1);
126 }
127
128 static void
129 usage(void)
130 {
131
132 fprintf(stderr, "usage: newgrp [-l] [group]\n");
133 exit(1);
134 }
135
136 static void
137 restoregrps(void)
138 {
139 int initres, setres;
140
141 PRIV_START;
142 initres = initgroups(pwd->pw_name, pwd->pw_gid);
143 setres = setgid(pwd->pw_gid);
144 PRIV_END;
145
146 if (initres < 0)
147 warn("initgroups");
148 if (setres < 0)
149 warn("setgid");
150 }
151
152 static void
153 addgroup(const char *grpname)
154 {
155 gid_t *grps;
156 long lgid, ngrps_max;
157 int dbmember, i, ngrps;
158 gid_t egid;
159 struct group *grp;
160 char *ep, *pass;
161 #ifndef __APPLE__
162 char **p;
163 #endif
164 char *grp_passwd;
165 #ifdef __APPLE__
166 uuid_t user_uuid;
167 uuid_t group_uuid;
168 int status;
169 #endif
170
171 egid = getegid();
172
173 /* Try it as a group name, then a group id. */
174 if ((grp = getgrnam(grpname)) == NULL)
175 if ((lgid = strtol(grpname, &ep, 10)) <= 0 || *ep != '\0' ||
176 (grp = getgrgid((gid_t)lgid)) == NULL ) {
177 warnx("%s: bad group name", grpname);
178 return;
179 }
180
181 #ifdef __APPLE__
182 status = mbr_uid_to_uuid(pwd->pw_uid, user_uuid);
183 if (status)
184 errc(1, status, "mbr_uid_to_uuid");
185
186 status = mbr_gid_to_uuid(grp->gr_gid, group_uuid);
187 if (status)
188 errc(1, status, "mbr_gid_to_uuid");
189
190 status = mbr_check_membership(user_uuid, group_uuid, &dbmember);
191 if (status)
192 errc(1, status, "mbr_check_membership");
193 #else
194 /*
195 * If the user is not a member of the requested group and the group
196 * has a password, prompt and check it.
197 */
198 dbmember = 0;
199 if (pwd->pw_gid == grp->gr_gid)
200 dbmember = 1;
201 for (p = grp->gr_mem; *p != NULL; p++)
202 if (strcmp(*p, pwd->pw_name) == 0) {
203 dbmember = 1;
204 break;
205 }
206 #endif
207
208 grp_passwd = grp->gr_passwd;
209 if ((grp_passwd == NULL) || (grp_passwd[0] == '\0'))
210 grp_passwd = "*";
211 if (!dbmember && getuid() != 0) {
212 pass = getpass("Password:");
213 if (pass == NULL ||
214 strcmp(grp_passwd, crypt(pass, grp_passwd)) != 0) {
215 fprintf(stderr, "Sorry\n");
216 return;
217 }
218 }
219
220 ngrps_max = sysconf(_SC_NGROUPS_MAX) + 1;
221 if ((grps = malloc(sizeof(gid_t) * ngrps_max)) == NULL)
222 err(1, "malloc");
223 if ((ngrps = getgroups((int)ngrps_max, (gid_t *)grps)) < 0) {
224 warn("getgroups");
225 goto end;
226 }
227
228 /* Remove requested gid from supp. list if it exists. */
229 if (grp->gr_gid != egid && inarray(grp->gr_gid, grps, ngrps)) {
230 for (i = 0; i < ngrps; i++)
231 if (grps[i] == grp->gr_gid)
232 break;
233 ngrps--;
234 memmove(&grps[i], &grps[i + 1], (ngrps - i) * sizeof(gid_t));
235 PRIV_START;
236 if (setgroups(ngrps, (const gid_t *)grps) < 0) {
237 PRIV_END;
238 warn("setgroups");
239 goto end;
240 }
241 PRIV_END;
242 }
243
244 PRIV_START;
245 if (setgid(grp->gr_gid)) {
246 PRIV_END;
247 warn("setgid");
248 goto end;
249 }
250 PRIV_END;
251 grps[0] = grp->gr_gid;
252
253 /* Add old effective gid to supp. list if it does not exist. */
254 if (egid != grp->gr_gid && !inarray(egid, grps, ngrps)) {
255 if (ngrps + 1 >= ngrps_max)
256 warnx("too many groups");
257 else {
258 grps[ngrps++] = egid;
259 PRIV_START;
260 if (setgroups(ngrps, (const gid_t *)grps)) {
261 PRIV_END;
262 warn("setgroups");
263 goto end;
264 }
265 PRIV_END;
266 }
267 }
268
269 end:
270 free(grps);
271 }
272
273 static int
274 inarray(gid_t gid, const gid_t grps[], int ngrps)
275 {
276 int i;
277
278 for (i = 0; i < ngrps; i++)
279 if (grps[i] == gid)
280 return (1);
281 return (0);
282 }
283
284 /*
285 * Set the environment to what would be expected if the user logged in
286 * again; this performs the same steps as su(1)'s -l option.
287 */
288 static void
289 loginshell(void)
290 {
291 char *args[2], **cleanenv, *term, *ticket;
292 const char *shell;
293 char *prog, progbuf[PATH_MAX];
294 #ifndef __APPLE__
295 login_cap_t *lc;
296 #endif /* !__APPLE__ */
297 shell = pwd->pw_shell;
298 if (*shell == '\0')
299 shell = _PATH_BSHELL;
300 if (chdir(pwd->pw_dir) < 0) {
301 warn("%s", pwd->pw_dir);
302 chdir("/");
303 }
304
305 term = getenv("TERM");
306 ticket = getenv("KRBTKFILE");
307
308 if ((cleanenv = calloc(20, sizeof(char *))) == NULL)
309 err(1, "calloc");
310 *cleanenv = NULL;
311 environ = cleanenv;
312 #ifndef __APPLE__
313 lc = login_getpwclass(pwd);
314 setusercontext(lc, pwd, pwd->pw_uid,
315 LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV);
316 login_close(lc);
317 #endif /* !__APPLE__ */
318 setenv("USER", pwd->pw_name, 1);
319 setenv("SHELL", shell, 1);
320 setenv("HOME", pwd->pw_dir, 1);
321 if (term != NULL)
322 setenv("TERM", term, 1);
323 if (ticket != NULL)
324 setenv("KRBTKFILE", ticket, 1);
325
326 strlcpy(progbuf, shell, sizeof(progbuf));
327 prog = basename(progbuf);
328
329 if (asprintf(args, "-%s", prog) < 0)
330 err(1, "asprintf");
331 args[1] = NULL;
332
333 execv(shell, args);
334 err(1, "%s", shell);
335 }
336
337 static void
338 doshell(void)
339 {
340 const char *shell;
341 char *prog, progbuf[PATH_MAX];
342
343 shell = pwd->pw_shell;
344 if (*shell == '\0')
345 shell = _PATH_BSHELL;
346
347 strlcpy(progbuf, shell, sizeof(progbuf));
348 prog = basename(progbuf);
349
350 execl(shell, prog, (char *)NULL);
351 err(1, "%s", shell);
352 }
mirror of system_cmds