diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-02-17 13:28:22 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-02-17 13:28:22 +0000 |
commit | 442e804291b54a2ff4a8b9fcbec20be4c759289c (patch) | |
tree | 749cbbfe8f7c1c5d56ee72d856a2befca612df71 /abuild-sudo.c | |
parent | 52d6af779e82ef9ca1ef154a1aca6a7b7f25b418 (diff) | |
download | abuild-442e804291b54a2ff4a8b9fcbec20be4c759289c.tar.gz abuild-442e804291b54a2ff4a8b9fcbec20be4c759289c.tar.bz2 abuild-442e804291b54a2ff4a8b9fcbec20be4c759289c.tar.xz abuild-442e804291b54a2ff4a8b9fcbec20be4c759289c.zip |
abuild-sudo: new tool
mini sudo that checks if user is in "abuild" group and allows it to
run apk, adduser adn addgroup as root
ref #951
Diffstat (limited to 'abuild-sudo.c')
-rw-r--r-- | abuild-sudo.c | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/abuild-sudo.c b/abuild-sudo.c new file mode 100644 index 0000000..8c61ad0 --- /dev/null +++ b/abuild-sudo.c @@ -0,0 +1,81 @@ + +#include <sys/types.h> + +#include <err.h> +#include <grp.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#ifndef ABUILD_GROUP +#define ABUILD_GROUP "abuild" +#endif + +static const char* valid_cmds[] = { + "/bin/adduser", + "/bin/addgroup", + "/sbin/apk", + NULL +}; + +const char *get_command_path(const char *cmd) +{ + const char *p; + int i; + for (i = 0; valid_cmds[i] != NULL; i++) { + p = strrchr(valid_cmds[i], '/') + 1; + if (strcmp(p, cmd) == 0) + return valid_cmds[i]; + } + return NULL; +} + +int is_in_group(gid_t group) +{ + int ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; + gid_t *buf = malloc(ngroups_max * sizeof(gid_t)); + int ngroups, ret = 0; + int i; + if (buf == NULL) { + perror("malloc"); + return 0; + } + ngroups = getgroups(ngroups_max, buf); + for (i = 0; i < ngroups; i++) { + if (buf[i] == group) + break; + } + free(buf); + return i < ngroups; +} + + +int main(int argc, const char *argv[]) +{ + struct group *grent; + const char *cmd; + const char *path; + + grent = getgrnam(ABUILD_GROUP); + if (grent == NULL) + errx(1, "%s: Group not found", ABUILD_GROUP); + + if (!is_in_group(grent->gr_gid)) + errx(1, "Not a member of group %s\n", ABUILD_GROUP); + + cmd = strrchr(argv[0], '-'); + if (cmd == NULL) + errx(1, "Calling command has no '-'"); + cmd++; + + path = get_command_path(cmd); + if (path == NULL) + errx(1, "%s: Not a valid subcommand", cmd); + + argv[0] = path; + /* set our uid to root soo bbsuid --install works */ + setuid(0); + execv(path, (char * const*)argv); + return 1; +} |