move setuid revocation closer to the start (make it more obvious); miod ok

5 files changed, 39 insertions, 60 deletions

diff --git a/usr.sbin/timed/timedc/cmds.c b/usr.sbin/timed/timedc/cmds.c
index cc776ac82e9..fb79d13124b 100644
--- a/usr.sbin/timed/timedc/cmds.c
+++ b/usr.sbin/timed/timedc/cmds.c
@@ -1,4 +1,4 @@
-/*	$Id: cmds.c,v 1.13 2002/03/14 16:44:25 mpech Exp $	*/
+/*	$OpenBSD: cmds.c,v 1.14 2002/05/17 00:21:19 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1985, 1993 The Regents of the University of California.
@@ -38,7 +38,7 @@ static char sccsid[] = "@(#)cmds.c	5.1 (Berkeley) 5/11/93";
 #endif /* not lint */
 
 #ifdef sgi
-#ident "$Revision: 1.13 $"
+#ident "$Revision: 1.14 $"
 #endif
 
 #include "timedc.h"
@@ -571,36 +571,3 @@ tracing(int argc, char *argv[])
 bail:
 	siginterrupt(SIGINT, 0);
 }
-
-int
-priv_resources()
-{
-	struct sockaddr_in sin;
-
-	sock_raw = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
-	if (sock_raw < 0)  {
-		perror("opening raw socket");
-		return (-1);
-	}
-
-	(void) seteuid(getuid());
-	(void) setuid(getuid());
-
-	sock = socket(AF_INET, SOCK_DGRAM, 0);
-	if (sock < 0) {
-		perror("opening socket");
-		(void)close(sock_raw);
-		return (-1);
-	}
-
-	memset(&sin, 0, sizeof sin);
-	sin.sin_family = AF_INET;
-	sin.sin_addr.s_addr = INADDR_ANY;
-	if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
-		fprintf(stderr, "all reserved ports in use\n");
-		(void)close(sock_raw);
-		return (-1);
-	}
-
-	return (1);
-}
diff --git a/usr.sbin/timed/timedc/cmdtab.c b/usr.sbin/timed/timedc/cmdtab.c
index d36ff2810a4..b5b70e66cbb 100644
--- a/usr.sbin/timed/timedc/cmdtab.c
+++ b/usr.sbin/timed/timedc/cmdtab.c
@@ -1,4 +1,4 @@
-/*	$Id: cmdtab.c,v 1.2 2001/04/07 20:02:09 ho Exp $	*/
+/*	$OpenBSD: cmdtab.c,v 1.3 2002/05/17 00:21:19 deraadt Exp $	*/
 
 /*
  * Copyright (c) 1983 Regents of the University of California.
diff --git a/usr.sbin/timed/timedc/timedc-extern.h b/usr.sbin/timed/timedc/timedc-extern.h
index 3ebad669227..83bc9ea2e19 100644
--- a/usr.sbin/timed/timedc/timedc-extern.h
+++ b/usr.sbin/timed/timedc/timedc-extern.h
@@ -1,4 +1,4 @@
-/*	$Id: timedc-extern.h,v 1.3 2001/11/23 03:45:51 deraadt Exp $	*/
+/*	$OpenBSD: timedc-extern.h,v 1.4 2002/05/17 00:21:19 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1993 The Regents of the University of California.
@@ -43,7 +43,6 @@ void	clockdiff(int, char *[]);
 void	help(int, char *[]);
 void	makeargv(void);
 void	msite(int, char *[]);
-int	priv_resources(void);
 void	quit(void);
 void	testing(int, char *[]);
 void	tracing(int, char *[]);
diff --git a/usr.sbin/timed/timedc/timedc.c b/usr.sbin/timed/timedc/timedc.c
index ffe7a2d2e9c..8e9a8a50a45 100644
--- a/usr.sbin/timed/timedc/timedc.c
+++ b/usr.sbin/timed/timedc/timedc.c
@@ -1,4 +1,4 @@
-/*	$Id: timedc.c,v 1.7 2002/03/14 16:44:25 mpech Exp $	*/
+/*	$OpenBSD: timedc.c,v 1.8 2002/05/17 00:21:19 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1985, 1993 The Regents of the University of California.
@@ -43,10 +43,6 @@ char copyright[] =
 static char sccsid[] = "@(#)timedc.c	5.1 (Berkeley) 5/11/93";
 #endif /* not lint */
 
-#ifdef sgi
-#ident "$Revision: 1.7 $"
-#endif
-
 #include "timedc.h"
 #include <string.h>
 #include <signal.h>
@@ -55,32 +51,49 @@ static char sccsid[] = "@(#)timedc.c	5.1 (Berkeley) 5/11/93";
 #include <stdlib.h>
 #include <syslog.h>
 
-int trace = 0;
-FILE *fd = 0;
+int	trace = 0;
+FILE	*fd = NULL;
 int	margc;
 int	fromatty;
 char	*margv[20];
 char	cmdline[200];
 
 static struct cmd *getcmd(char *);
-
 volatile sig_atomic_t gotintr;
 
 int
 main(int argc, char *argv[])
 {
+	extern int sock_raw, sock;
+	struct sockaddr_in sin;
 	struct cmd *c;
 
+	sock_raw = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+	if (sock_raw < 0) {
+		perror("opening raw socket");
+		exit(1);
+	}
+
+	(void) seteuid(getuid());
+	(void) setuid(getuid());
+
 	openlog("timedc", LOG_ODELAY, LOG_AUTH);
 
-	/*
-	 * security dictates!
-	 */
-	if (priv_resources() < 0) {
-		fprintf(stderr, "Could not get privileged resources\n");
+	sock = socket(AF_INET, SOCK_DGRAM, 0);
+	if (sock < 0) {
+		perror("opening socket");
+		(void)close(sock_raw);
+		return (-1);
+	}
+
+	memset(&sin, 0, sizeof sin);
+	sin.sin_family = AF_INET;
+	sin.sin_addr.s_addr = INADDR_ANY;
+	if (bind(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
+		fprintf(stderr, "all reserved ports in use\n");
+		(void)close(sock_raw);
 		exit(1);
 	}
-	/* privs revoked above */
 
 	if (--argc > 0) {
 		c = getcmd(*++argv);
@@ -170,7 +183,7 @@ getcmd(char *name)
 		p = c->c_name;
 		for (q = name; *q == *p++; q++)
 			if (*q == 0)		/* exact match? */
-				return(c);
+				return (c);
 		if (!*q) {			/* the name was a prefix */
 			if (q - name > longest) {
 				longest = q - name;
@@ -181,8 +194,8 @@ getcmd(char *name)
 		}
 	}
 	if (nmatches > 1)
-		return((struct cmd *)-1);
-	return(found);
+		return ((struct cmd *)-1);
+	return (found);
 }
 
 /*
@@ -191,8 +204,8 @@ getcmd(char *name)
 void
 makeargv()
 {
-	char *cp;
 	char **argp = margv;
+	char *cp;
 
 	margc = 0;
 	for (cp = cmdline; *cp;) {
@@ -221,13 +234,13 @@ help(argc, argv)
 	int argc;
 	char *argv[];
 {
-	struct cmd *c;
 	extern struct cmd cmdtab[];
+	struct cmd *c;
 
 	if (argc == 1) {
-		int i, j, w;
 		int columns, width = 0, lines;
 		extern int NCMDS;
+		int i, j, w;
 
 		printf("Commands may be abbreviated.  Commands are:\n\n");
 		for (c = cmdtab; c < &cmdtab[NCMDS]; c++) {
@@ -268,6 +281,6 @@ help(argc, argv)
 			printf("?Invalid help command %s\n", arg);
 		else
 			printf("%-*s\t%s\n", (int)HELPINDENT,
-				c->c_name, c->c_help);
+			    c->c_name, c->c_help);
 	}
 }
diff --git a/usr.sbin/timed/timedc/timedc.h b/usr.sbin/timed/timedc/timedc.h
index fd9e20ebb36..827cf289e0f 100644
--- a/usr.sbin/timed/timedc/timedc.h
+++ b/usr.sbin/timed/timedc/timedc.h
@@ -1,4 +1,4 @@
-/*	$Id: timedc.h,v 1.2 2001/04/07 20:02:09 ho Exp $	*/
+/*	$OpenBSD: timedc.h,v 1.3 2002/05/17 00:21:19 deraadt Exp $	*/
 
 /*-
  * Copyright (c) 1985, 1993 The Regents of the University of California.