lenny@icus.UUCP (11/20/87)
** PLEASE NO FLAMES **
Use this program as a responsible person. If you are not, have some
sort of security problem, or don't want to give out root access to
anyone but root, *DON'T* use this program.
This program was intended to be like the sudo command developed
at SUNY at Buffalo (sunybcs). It gives root access to a user without
using the root password. As a security measure the list of users are
located in a file called: /usr/adm/su.allow which should be protected
with a 400 mode. The file should contain a list of users separated by
a carriage return <CR>.
sudo should be protected with a 4511 mode and owned by root.
sudo LOGS ALL attempts, whether successful or non-successful to
/usr/adm/sulog. Only the 1st argument of the command gets logged
to the file (argv[0] = program name) but this can be changed to
fit your needs.
Usage: sudo [-r] command
[-r] gives sets the uid to 0, and group to 1 (really root)
default sets the effective uid of the command to root.
Examples: Root shell can be gotten with the command:
sudo sh (effective uid is root)
sudo -r sh (really root)
WARNING: Be careful in giving out root access to just anyone.
I'm sure this could be written better, but it does the job.
---- cut here ---- cut here ---- cut here ---- cut here ----
/***********************************************************************
* Program Name: sudo
* Author: Lenny Tropiano
* (c)1986 ICUS Computer Group
* Date: December 20, 1986
*
*
* Will check /usr/adm/su.allow for your logname and
* will give you "root" permissions for a given command on line.
*
**********************************************************************/
#include <stdio.h>
#include <time.h>
extern char **environ;
main(argc,argv,envp)
int argc;
char *argv[];
char *envp[];
{
FILE *fp, *logfp;
register int i, x;
short rootid;
struct tm *today;
long *clock, tresult;
char username[L_cuserid + 1],
buffer[L_cuserid + 1],
tty[L_ctermid + 1];
char runprog[25], program[25], *fgets(), *ttyname(), *getlogin();
tresult = time((long *) 0);
clock = &tresult;
today = localtime(clock);
today->tm_mon++;
if (argc < 2) {
fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
exit(1);
}
if (strncmp(argv[1],"-r",2) == 0) {
if (argc < 3) {
fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
exit(1);
}
rootid = 1;
} else
rootid = 0;
if ((logfp = fopen("/usr/adm/sulog","a")) == NULL) {
fprintf(stderr,"error: cannot open /usr/adm/sulog file\n");
perror("sudo");
exit(1);
}
if ((fp = fopen("/usr/adm/su.allow","r")) == NULL) {
fprintf(stderr,"error: cannot open /usr/adm/su.allow file\n");
perror("sudo");
exit(1);
}
x=0;
for (i=(rootid + 1);i<argc+1;i++)
argv[x++] = argv[i];
sscanf(ttyname(0),"%*c%*c%*c%*c%*c%s", tty);
sprintf(username,"%s",getlogin());
while (fgets(buffer,L_cuserid,fp) != NULL) {
if (strncmp(buffer,username,strlen(username)) == 0) {
fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d + %s %s %c(%s)\n",
today->tm_mon, today->tm_mday,
today->tm_hour, today->tm_min,
tty, username, (!rootid) ? ' ' : '*', argv[0]);
fclose(logfp);
fclose(fp);
sprintf(program,"(sudo) %s",argv[0]);
sprintf(runprog,"%s",argv[0]);
if (rootid) {
setuid(0);
setgid(1);
}
argv[0] = program;
execvp(runprog,argv);
perror("sudo");
exit(1);
} /* End if */
} /* End while */
fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d - %s %s %c(%s)\n",
today->tm_mon, today->tm_mday,
today->tm_hour, today->tm_min,
tty, username, (!rootid) ? ' ' : '*', argv[0]);
fclose(logfp);
fprintf(stderr,"sudo: Sorry.\n");
fclose(fp);
exit(0);
} /* End main() */
--
============================ US MAIL: Lenny Tropiano, ICUS Computer Group
IIIII CCC U U SSSS PO Box 1
I C C U U S Islip Terrace, New York 11752
I C U U SSS PHONE: (516) 968-8576 [H] (516) 582-5525 [W]
I C C U U S AT&T MAIL: ...attmail!icus!lenny TELEX: 154232428
IIIII CCC UUU SSSS UUCP:
============================ ...{uunet!godfre, mtune!quincy}!\
...{ihnp4, boulder, harvard!talcott, skeeve, ptsfa}! >icus!lenny
"Usenet the final frontier" ...{cmcl2!phri, hoptoad}!dasys1!/lenny@icus.UUCP (11/20/87)
** PLEASE NO FLAMES **
Use this program as a responsible person. If you are not, have some
sort of security problem, or don't want to give out root access to
anyone but root, *DON'T* use this program.
This program was intended to be like the sudo command developed
at SUNY at Buffalo (sunybcs). It gives root access to a user without
using the root password. As a security measure the list of users are
located in a file called: /usr/adm/su.allow which should be protected
with a 400 mode. The file should contain a list of users separated by
a carriage return <CR>.
sudo should be protected with a 4511 mode and owned by root.
sudo LOGS ALL attempts, whether successful or non-successful to
/usr/adm/sulog. Only the 1st argument of the command gets logged
to the file (argv[0] = program name) but this can be changed to
fit your needs.
Usage: sudo [-r] command
[-r] gives sets the uid to 0, and group to 1 (really root)
default sets the effective uid of the command to root.
Examples: Root shell can be gotten with the command:
sudo sh (effective uid is root)
sudo -r sh (really root)
WARNING: Be careful in giving out root access to just anyone.
I'm sure this could be written better, but it does the job.
---- cut here ---- cut here ---- cut here ---- cut here ----
/***********************************************************************
* Program Name: sudo
* Author: Lenny Tropiano
* (c)1986 ICUS Computer Group
* Date: December 20, 1986
*
*
* Will check /usr/adm/su.allow for your logname and
* will give you "root" permissions for a given command on line.
*
**********************************************************************/
#include <stdio.h>
#include <time.h>
extern char **environ;
main(argc,argv,envp)
int argc;
char *argv[];
char *envp[];
{
FILE *fp, *logfp;
register int i, x;
short rootid;
struct tm *today;
long *clock, tresult;
char username[L_cuserid + 1],
buffer[L_cuserid + 1],
tty[L_ctermid + 1];
char runprog[25], program[25], *fgets(), *ttyname(), *getlogin();
tresult = time((long *) 0);
clock = &tresult;
today = localtime(clock);
today->tm_mon++;
if (argc < 2) {
fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
exit(1);
}
if (strncmp(argv[1],"-r",2) == 0) {
if (argc < 3) {
fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
exit(1);
}
rootid = 1;
} else
rootid = 0;
if ((logfp = fopen("/usr/adm/sulog","a")) == NULL) {
fprintf(stderr,"error: cannot open /usr/adm/sulog file\n");
perror("sudo");
exit(1);
}
if ((fp = fopen("/usr/adm/su.allow","r")) == NULL) {
fprintf(stderr,"error: cannot open /usr/adm/su.allow file\n");
perror("sudo");
exit(1);
}
x=0;
for (i=(rootid + 1);i<argc+1;i++)
argv[x++] = argv[i];
sscanf(ttyname(0),"%*c%*c%*c%*c%*c%s", tty);
sprintf(username,"%s",getlogin());
while (fgets(buffer,L_cuserid,fp) != NULL) {
if (strncmp(buffer,username,strlen(username)) == 0) {
fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d + %s %s %c(%s)\n",
today->tm_mon, today->tm_mday,
today->tm_hour, today->tm_min,
tty, username, (!rootid) ? ' ' : '*', argv[0]);
fclose(logfp);
fclose(fp);
sprintf(program,"(sudo) %s",argv[0]);
sprintf(runprog,"%s",argv[0]);
if (rootid) {
setuid(0);
setgid(1);
}
argv[0] = program;
execvp(runprog,argv);
perror("sudo");
exit(1);
} /* End if */
} /* End while */
fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d - %s %s %c(%s)\n",
today->tm_mon, today->tm_mday,
today->tm_hour, today->tm_m