Add full support for determining if a user

is restricted from running a given program.
This commit is contained in:
Brian Somers 1997-08-27 20:06:20 +00:00
parent bc151cdc8c
commit fbbe016b64
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=28839
5 changed files with 101 additions and 5 deletions

View File

@ -7,10 +7,10 @@ CFLAGS+=-Wall -DLIBC_SCCS -I${.CURDIR} -I${.CURDIR}/../../sys
#CFLAGS+=LOGIN_CAP_AUTH
SRCS= login.c login_tty.c logout.c logwtmp.c pty.c setproctitle.c \
login_cap.c login_class.c login_auth.c login_times.c login_ok.c \
_secure_path.c uucplock.c
_secure_path.c uucplock.c login_progok.c
MAN3+= login.3 login_tty.3 logout.3 logwtmp.3 pty.3 setproctitle.3 \
login_cap.3 login_class.3 login_times.3 login_ok.3 \
_secure_path.3 uucplock.3
_secure_path.3 uucplock.3 login_progok.3
MAN5+= login.conf.5
MLINKS+= pty.3 openpty.3 pty.3 forkpty.3
MLINKS+=login_cap.3 login_getclassbyname.3 login_cap.3 login_close.3 \

View File

@ -18,7 +18,7 @@
* 5. Modifications may be freely made to this file providing the above
* conditions are met.
*
* $Id: libutil.h,v 1.9 1997/05/19 10:04:15 peter Exp $
* $Id: libutil.h,v 1.10 1997/08/10 18:42:38 ache Exp $
*/
#ifndef _LIBUTIL_H_
@ -45,6 +45,7 @@ const char *uu_lockerr __P((int _uu_lockresult));
int uu_lock __P((const char *_ttyname));
int uu_unlock __P((const char *_ttyname));
int _secure_path __P((const char *_path, uid_t _uid, gid_t _gid));
int login_progok __P((uid_t _uid, const char *prog));
__END_DECLS
#define UU_LOCK_INUSE (1)

View File

@ -17,7 +17,7 @@
.\" 5. Modifications may be freely made to this file providing the above
.\" conditions are met.
.\"
.\" $Id: login.conf.5,v 1.9 1997/05/22 07:02:01 tg Exp $
.\" $Id: login.conf.5,v 1.10 1997/08/26 23:15:57 brian Exp $
.\"
.Dd November 22, 1996
.Dt LOGIN.CONF 5
@ -217,6 +217,9 @@ disallowed.
in the class may use for access.
.It tty.deny list List of ttys and ttygroups which users
in the class may not use for access.
.It prog.allow list List of programs which users in the class
may run irrespective of the contents of prog.deny. Support for this option
must be built into each program.
.It prog.deny list List of programs which users in the class
may not run. Support for this option must be built into each program.
.El
@ -363,4 +366,5 @@ lists.
.Xr getttyent 3 ,
.Xr login_cap 3 ,
.Xr login_class 3 ,
.Xr ttys 5
.Xr ttys 5 ,
.Xr login_progok 3

View File

@ -0,0 +1,52 @@
.\"
.\" $Id: login_ok.3,v 1.4 1997/02/22 15:08:22 peter Exp $
.\"
.Dd August 27, 1997
.Os FreeBSD
.Dt LOGIN_PROGOK 3
.Sh NAME
.Nm login_progok
.Nd Check if the given program may be run.
.Sh SYNOPSIS
.Fd #include <sys/types.h>
.Fd #include <libutil.h>
.Ft int
.Fn login_progok "uid_t uid" "const char *prog"
.Pp
Link with
.Va -lutil
on the
.Xr cc 1
command line.
.Sh DESCRIPTION
This function determines if the user has permission to run the given
program, returning zero if permission is denied and one if permission
is granted. It should be used by programs that are setuid or for some
reason cannot be easily rebuilt or modified by an ordinary user, allowing
the system administrator to restrict access to certain programs in a
generic fashion.
.Pp
Access to a program is granted by default. In order to deny access,
the users login class entry in
.Xr login.conf 5
must be set with a
.Em prog.deny
capability that contains the program name. Most programs will use an
absolute path name to avoid conflicts. No special matching is done. The
passed
.Ar prog
must match a list entry in
.Xr login.conf 5
exactly.
.Pp
The
.Em prog.allow
capability will override the
.Em prog.deny
capability, granting access to the program. This allows flexability in
setting up a hierarchical login class structure.
.Pp
.Sh RETURN VALUES
The function returns 1 if the program may be run and 0 if it may not.
.Sh SEE ALSO
.Xr login.conf 5

View File

@ -0,0 +1,39 @@
#include <sys/types.h>
#include <login_cap.h>
#include <pwd.h>
#include <string.h>
int
login_progok(uid_t uid, const char *prog)
{
login_cap_t *lc;
const struct passwd *pwd;
char **data;
pwd = getpwuid(uid);
if (!pwd)
return 0; /* How did that happen ? - we can't run */
lc = login_getpwclass(pwd);
if (!lc)
return 1; /* We're missing login.conf ? - we can run */
data = login_getcaplist(lc, "prog.allow", NULL);
if (data)
for (; *data; data++)
if (!strcmp(*data, prog)) {
login_close(lc);
return 1; /* We're in prog.allow - we can run */
}
data = login_getcaplist(lc, "prog.deny", NULL);
if (data)
for (; *data; data++)
if (!strcmp(*data, prog)) {
login_close(lc);
return 0; /* We're in prog.deny - we can't run */
}
login_close(lc);
return 1; /* We're not mentioned anywhere - we can run */
}