diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2016-05-17 23:36:30 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2016-05-17 23:36:30 +0000 |
| commit | f6d7c6228385c58b410a1dfba605b82cc416c339 (patch) | |
| tree | fe4ab77023e6b8c2f671b4c4347983512afd7704 /usr.bin/skeyinit | |
| parent | 7ea1fc8d50313ece3562a9695b3ad570dc67db7c (diff) | |
Refactor the handling of pledge and the optional user string: The three
way pledge introduced by millert@ in -r1.70 is now a two way pledge, one
for non-root and one for root. This also ensures that root drops the
id promise in all cases early on.
This disentangling of the bits for root and non-root simplifies the code
paths in all cases.
ok millert@
Diffstat (limited to 'usr.bin/skeyinit')
| -rw-r--r-- | usr.bin/skeyinit/skeyinit.c | 57 |
1 files changed, 28 insertions, 29 deletions
diff --git a/usr.bin/skeyinit/skeyinit.c b/usr.bin/skeyinit/skeyinit.c index 63ee781c290..a61c3ddcf86 100644 --- a/usr.bin/skeyinit/skeyinit.c +++ b/usr.bin/skeyinit/skeyinit.c @@ -1,4 +1,4 @@ -/* $OpenBSD: skeyinit.c,v 1.71 2016/05/17 23:07:47 tb Exp $ */ +/* $OpenBSD: skeyinit.c,v 1.72 2016/05/17 23:36:29 tb Exp $ */ /* OpenBSD S/Key (skeyinit.c) * @@ -50,7 +50,7 @@ main(int argc, char **argv) char hostname[HOST_NAME_MAX+1]; char seed[SKEY_MAX_SEED_LEN + 1]; char buf[256], key[SKEY_BINKEY_SIZE], filename[PATH_MAX], *ht; - char lastc, me[UT_NAMESIZE + 1], *p, *auth_type; + char lastc, *p, *auth_type; const char *errstr; struct skey skey; struct passwd *pp; @@ -121,44 +121,43 @@ main(int argc, char **argv) if (pledge("stdio rpath wpath cpath fattr flock tty proc exec " "getpw", NULL) == -1) err(1, "pledge"); - } else if (argc == 1) { - if (pledge("stdio rpath wpath cpath fattr flock tty getpw id", - NULL) == -1) - err(1, "pledge"); + + if ((pp = getpwuid(getuid())) == NULL) + err(1, "no user with uid %u", getuid()); + + if (argc == 1) { + char me[UT_NAMESIZE + 1]; + + (void)strlcpy(me, pp->pw_name, sizeof me); + if ((pp = getpwnam(argv[0])) == NULL) + errx(1, "User unknown: %s", argv[0]); + if (strcmp(pp->pw_name, me) != 0) + errx(1, "Permission denied."); + } } else { - if (pledge("stdio rpath wpath cpath fattr flock tty getpw", + if (pledge("stdio rpath wpath cpath fattr flock tty getpw id", NULL) == -1) err(1, "pledge"); - } - - if ((pp = getpwuid(getuid())) == NULL) - err(1, "no user with uid %u", getuid()); - (void)strlcpy(me, pp->pw_name, sizeof me); - /* Check for optional user string. */ - if (argc == 1) { - if ((pp = getpwnam(argv[0])) == NULL) { - if (getuid() == 0) { + if (argc == 1) { + if ((pp = getpwnam(argv[0])) == NULL) { static struct passwd _pp; _pp.pw_name = argv[0]; pp = &_pp; warnx("Warning, user unknown: %s", argv[0]); } else { - errx(1, "User unknown: %s", argv[0]); + /* So the file ends up owned by the proper ID */ + if (setresuid(-1, pp->pw_uid, -1) != 0) + errx(1, "unable to change uid to %u", + pp->pw_uid); } - } else if (getuid() == 0) { - /* So the file ends up owned by the proper ID. */ - if (setresuid(-1, pp->pw_uid, -1) != 0) - errx(1, "unable to change user ID to %u", - pp->pw_uid); - if (pledge("stdio rpath wpath cpath fattr flock tty", - NULL) == -1) - err(1, "pledge"); - } else { - if (strcmp(pp->pw_name, me) != 0) - errx(1, "Permission denied."); - } + } else if ((pp = getpwuid(0)) == NULL) + err(1, "no user with uid 0"); + + if (pledge("stdio rpath wpath cpath fattr flock tty", NULL) + == -1) + err(1, "pledge"); } switch (skey_haskey(pp->pw_name)) { |