diff options
| author | Julian Blake Kongslie <jblake@omgwallhack.org> | 2013-04-11 22:11:58 -0700 |
|---|---|---|
| committer | Julian Blake Kongslie <jblake@omgwallhack.org> | 2013-04-11 22:11:58 -0700 |
| commit | 09918cfe4f1f75bef96d5179e37d88f247baf781 (patch) | |
| tree | ab5a8be2536cc64452fe11cad8c44ead8bab8842 /main.cc | |
| parent | 06a19bdd081d1b81cbca7c7b675f5cf3637063a1 (diff) | |
| download | insecuresuexec-09918cfe4f1f75bef96d5179e37d88f247baf781.tar.gz insecuresuexec-09918cfe4f1f75bef96d5179e37d88f247baf781.zip | |
Adding a whole lot of debugging messages.
Diffstat (limited to 'main.cc')
| -rw-r--r-- | main.cc | 30 |
1 files changed, 30 insertions, 0 deletions
@@ -10,17 +10,30 @@ #include <utility> #include <vector> +#ifdef NOISY +# define DEBUG(...) fprintf( stderr, __VA_ARGS__ ) +#else +# define DEBUG(...) do { } while ( 0 ) +#endif + uid_t parse_user( const char *user ) { char *end; unsigned long tmp; + DEBUG( "insecuresuexec parse_user( %s )\n", user ); + tmp = strtoul( user, &end, 10 ); if ( end != user && ! *end ) { + DEBUG( " which is the uid %lu\n", tmp ); return tmp; } else { + DEBUG( " which is a username\n" ); + errno = 0; struct passwd *pw = getpwnam( user ); + assert_perror( errno ); assert( pw ); + DEBUG( " corresponding to the uid %u\n", pw->pw_uid ); return pw->pw_uid; }; @@ -31,12 +44,19 @@ gid_t parse_group( const char *group ) { char *end; unsigned long tmp; + DEBUG( "insecuresuexec parse_group( %s )\n", group ); + tmp = strtoul( group, &end, 10 ); if ( end != group && ! *end ) { + DEBUG( " which is the gid %lu\n", tmp ); return tmp; } else { + DEBUG( " which is a groupname\n" ); + errno = 0; struct group *gr = getgrnam( group ); + assert_perror( errno ); assert( gr ); + DEBUG( " corresponding to the gid %u\n", gr->gr_gid ); return gr->gr_gid; }; @@ -174,9 +194,13 @@ int main( int argc, char *argv[] ) { char *cmd = argv[3]; char **args = argv + 3; + DEBUG( "insecuresuexec user=%s group=%s cmd=%s\n", user, group, cmd ); + uid_t uid; gid_t gid; + DEBUG( "insecuresuexec is parsing the command-line user and group...\n" ); + uid = parse_user( user ); gid = parse_group( group ); @@ -186,8 +210,12 @@ int main( int argc, char *argv[] ) { _exit( 1 ); }; + DEBUG( "insecuresuexec is parsing the stored permissions...\n" ); + auto allowed = read_permissions( "/etc/insecuresuexec/permissions" ); + DEBUG( "insecuresuexec is running the configured security checks...\n" ); + // the configurable security checks bool ok = false; for ( auto i = allowed->begin( ); i != allowed->end( ); ++i ) { @@ -199,6 +227,8 @@ int main( int argc, char *argv[] ) { _exit( 1 ); }; + DEBUG( "insecuresuexec is going to go ahead with the exec...\n" ); + if ( setgroups( 0, NULL ) != 0 ) assert_perror( errno ); |