stjohn@oswego.Oswego.EDU (Dave St. John) (04/12/89)
The patch I posted previously didn't work correctly with exempt users. This patch fixes that problem. The reason I put this into the program is that if you have two groups of trusted people that are separate you can give them separate privileges. Dave St. John --------------------------------------------------------------------------- UUCP: {your favorite backbone}!oswego!stjohn INTERNET: stjohn@oswego.oswego.edu (129.3.1.1) US Mail: Dave St. John Instructional Computing Center SUNY College at Oswego Oswego, N.Y. 13126 Armadillo: to provide weapons to Spanish pickles --------------------------------------------------------------------------- --------cut here----------cut here------------cut here--------------------- *** gone.c.orig Tue Apr 11 16:23:13 1989 --- gone.c Tue Apr 11 16:24:03 1989 *************** *** 109,118 register i = 1; int intprint(); char *obuf = (char *) malloc (80L*25L);/** stdout buffer/one full screen**/ char *term = getenv("TERM"); /** Terminal type **/ char *liberator = NULL; /** Who liberated this terminal? **/ for (i = SIGHUP; i <= SIGUSR2; i++) signal(i, intprint); (void) signal(SIGINT, SIG_IGN); --- 109,119 ----- register i = 1; int intprint(); char *obuf = (char *) malloc (80L*25L);/** stdout buffer/one full screen**/ char *term = getenv("TERM"); /** Terminal type **/ char *liberator = NULL; /** Who liberated this terminal? **/ + int wiz,exempt; if (exemptuser()) timeouttime = 0; while ((i <= argc-1) && (argv[i++][0] == '-')) { *************** *** 110,119 int intprint(); char *obuf = (char *) malloc (80L*25L);/** stdout buffer/one full screen**/ char *term = getenv("TERM"); /** Terminal type **/ char *liberator = NULL; /** Who liberated this terminal? **/ for (i = SIGHUP; i <= SIGUSR2; i++) signal(i, intprint); (void) signal(SIGINT, SIG_IGN); (void) signal(SIGQUIT, SIG_IGN); --- 111,174 ----- char *obuf = (char *) malloc (80L*25L);/** stdout buffer/one full screen**/ char *term = getenv("TERM"); /** Terminal type **/ char *liberator = NULL; /** Who liberated this terminal? **/ int wiz,exempt; + if (exemptuser()) + timeouttime = 0; + + while ((i <= argc-1) && (argv[i++][0] == '-')) { + switch (argv[i-1][1]) { + case 'p': + ++pflag; + break; + #ifdef TIMEOUT + case 't': + timeouttime = atoi(argv[i++]); + break; + #endif + case 'd': + ++dflag; + break; + case 'c': { /** Change the password in the ~/.passwd file or create one **/ + struct passwd *pwd; + FILE *pwdfile; + char path[80], *chpasswd(); + char oldpw[12], newpw[12]; + + if ((pwd = getpwuid(getuid())) == NULL) { + printf("Intruder alert!?\n"); + printf("Your account appears to be GONE.\n"); + exit(1); + } + sprintf(path, "%s/.passwd", pwd->pw_dir); + if ((pwdfile = fopen(path, "r")) == NULL) { + strcpy(oldpw, ""); + } else { + fscanf(pwdfile, "%s", oldpw); + fclose(pwdfile); + } + + strcpy(newpw, chpasswd(oldpw)); + sprintf(path, "%s/.passwd", pwd->pw_dir); + if ((pwdfile = fopen(path, "w+")) == NULL) { + fprintf(stderr, + "cannot change passwd, open of .passwd file failed.\n"); + perror(path); + exit(1); + } + fprintf(pwdfile, "%s\n", newpw); + fclose(pwdfile); + exit(1); + } + default: + fprintf(stderr, "%s: Can\'t grok a %c\n", argv[0], argv[i-1][1]); + sleep (1); + break; + } + } + for (i = SIGHUP; i <= SIGUSR2; i++) signal(i, intprint); (void) signal(SIGINT, SIG_IGN); (void) signal(SIGQUIT, SIG_IGN); *************** *** 126,136 (void) signal(SIGTERM, die); (void) signal(SIGCHLD, SIG_DFL); #ifdef TIMEOUT (void) signal(SIGALRM, timeout); #endif ! if (!isatty(0)) { /** pipes? ICK **/ fprintf(stderr, "%s: Without a terminal? What\'s the point\?\n", argv[0]); exit(-1); } else if (!strcmp(term, "emacs")) { /** In emacs window **/ --- 181,192 ----- (void) signal(SIGTERM, die); (void) signal(SIGCHLD, SIG_DFL); #ifdef TIMEOUT (void) signal(SIGALRM, timeout); #endif ! ! if (!isatty(0)) { /** pipes? ICK **/ fprintf(stderr, "%s: Without a terminal? What\'s the point\?\n", argv[0]); exit(-1); } else if (!strcmp(term, "emacs")) { /** In emacs window **/ *************** *** 169,183 #ifdef UENT muent = getuent(getuid()); #endif - while ((i <= argc-1) && (argv[i++][0] == '-')) { - switch (argv[i-1][1]) { - case 'p': - ++pflag; - break; #ifdef TIMEOUT case 't': timeouttime = atoi(argv[i++]); break; #endif --- 225,234 ----- #ifdef UENT muent = getuent(getuid()); #endif #ifdef TIMEOUT wiz = wizuser(); exempt = exemptuser(); if (!wiz) if (!exempt) *************** *** 175,187 switch (argv[i-1][1]) { case 'p': ++pflag; break; #ifdef TIMEOUT ! case 't': ! timeouttime = atoi(argv[i++]); ! break; #endif case 'd': ++dflag; break; case 'c': { /** Change the password in the ~/.passwd file or create one **/ --- 226,248 ----- #ifdef UENT muent = getuent(getuid()); #endif #ifdef TIMEOUT ! wiz = wizuser(); ! exempt = exemptuser(); ! if (!wiz) ! if (!exempt) ! if (timeouttime > MAXTIMEOUT) { ! timeouttime = MAXTIMEOUT; ! fprintf(stderr, "Maximum time out is %d.\n", MAXTIMEOUT); ! fprintf(stderr, "You request has been degraded to that amount.\n"); ! } else ! if (timeouttime < 1) { ! timeouttime = TIMEOUT; ! fprintf(stderr, "Timeout times must be greater and not equal to 0 minutes.\n"); ! } #endif if (pflag && dflag) fprintf(stderr, "%s: p option can not be specified with d.\n", argv[0]); { char buf[80]; *************** *** 179,240 #ifdef TIMEOUT case 't': timeouttime = atoi(argv[i++]); break; #endif - case 'd': - ++dflag; - break; - case 'c': { /** Change the password in the ~/.passwd file or create one **/ - struct passwd *pwd; - FILE *pwdfile; - char path[80], *chpasswd(); - char oldpw[12], newpw[12]; - - if ((pwd = getpwuid(getuid())) == NULL) { - printf("Intruder alert!?\n"); - printf("Your account appears to be GONE.\n"); - exit(1); - } - sprintf(path, "%s/.passwd", pwd->pw_dir); - if ((pwdfile = fopen(path, "r")) == NULL) { - strcpy(oldpw, ""); - } else { - fscanf(pwdfile, "%s", oldpw); - fclose(pwdfile); - } - - strcpy(newpw, chpasswd(oldpw)); - sprintf(path, "%s/.passwd", pwd->pw_dir); - if ((pwdfile = fopen(path, "w+")) == NULL) { - fprintf(stderr, - "cannot change passwd, open of .passwd file failed.\n"); - perror(path); - exit(1); - } - fprintf(pwdfile, "%s\n", newpw); - fclose(pwdfile); - exit(1); - } - default: - fprintf(stderr, "%s: Can\'t grok a %c\n", argv[0], argv[i-1][1]); - sleep (1); - break; - } - } - #ifdef TIMEOUT - if (!wizuser()) - if (timeouttime > MAXTIMEOUT) { - timeouttime = MAXTIMEOUT; - fprintf(stderr, "Maximum time out is %d.\n", MAXTIMEOUT); - fprintf(stderr, "You request has been degraded to that amount.\n"); - } else - if (timeouttime < 1) { - timeouttime = TIMEOUT; - fprintf(stderr, "Timeout times must be greater and not equal to 0 minutes.\n"); - } - #endif if (pflag && dflag) fprintf(stderr, "%s: p option can not be specified with d.\n", argv[0]); { char buf[80]; --- 240,249 ----- if (timeouttime < 1) { timeouttime = TIMEOUT; fprintf(stderr, "Timeout times must be greater and not equal to 0 minutes.\n"); } #endif if (pflag && dflag) fprintf(stderr, "%s: p option can not be specified with d.\n", argv[0]); { char buf[80]; *************** *** 347,357 } else { printf("\nWelcome, %s, to this account%s.\n", liberator, foo ? ", Oh Mighty Wizard" : ""); if (invalid) printf("There were %d invalid before this sucessful one.\n", invalid); ! } #ifndef dgux restore_utmp(); #endif --- 356,366 ----- } else { printf("\nWelcome, %s, to this account%s.\n", liberator, foo ? ", Oh Mighty Wizard" : ""); if (invalid) printf("There were %d invalid before this sucessful one.\n", invalid); ! } #ifndef dgux restore_utmp(); #endif *************** *** 361,371 fflush (stdout); } dodate () { - #ifdef TIMEOUT long foo[2]; #endif #ifdef dgux char *obuf = (char *) malloc(80*5); #endif --- 370,379 ----- fflush (stdout); } dodate () { long foo[2]; #ifdef dgux char *obuf = (char *) malloc(80*5); #endif char *tty = ttyname(0); *************** *** 363,373 dodate () { #ifdef TIMEOUT long foo[2]; - #endif #ifdef dgux char *obuf = (char *) malloc(80*5); #endif char *tty = ttyname(0); int count = 0, update(); --- 371,380 ----- } dodate () { long foo[2]; #ifdef dgux char *obuf = (char *) malloc(80*5); #endif char *tty = ttyname(0); int count = 0, update(); *************** *** 384,393 #ifdef dgux setbuf(stdout, obuf); #endif if (timeouttime) --timeouttime; nice(10); signal (SIGTERM, die); --- 391,401 ----- #ifdef dgux setbuf(stdout, obuf); #endif + #ifdef TIMEOUT if (timeouttime) --timeouttime; #endif nice(10); *************** *** 386,395 setbuf(stdout, obuf); #endif if (timeouttime) --timeouttime; nice(10); signal (SIGTERM, die); for (;;) { if (pflag) { /* Touch the terminal every soo often */ --- 394,404 ----- #endif #ifdef TIMEOUT if (timeouttime) --timeouttime; + #endif nice(10); signal (SIGTERM, die); for (;;) { if (pflag) { /* Touch the terminal every soo often */ *************** *** 398,408 } if (++count > 5) { count = 0; do_screen(); } ! if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); /** Have to put all this in one printf for DG/UX **/ printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); --- 407,418 ----- } if (++count > 5) { count = 0; do_screen(); } ! ! #ifdef TIMEOUT if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); #endif /** Have to put all this in one printf for DG/UX **/ *************** *** 401,410 do_screen(); } if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); /** Have to put all this in one printf for DG/UX **/ printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); fflush (stdout); /** Moves cursor to Password: prompt **/ --- 411,421 ----- } #ifdef TIMEOUT if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); + #endif /** Have to put all this in one printf for DG/UX **/ printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); fflush (stdout); /** Moves cursor to Password: prompt **/ *************** *** 407,416 /** Have to put all this in one printf for DG/UX **/ printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); fflush (stdout); /** Moves cursor to Password: prompt **/ sleep (60); if (timeouttime) --timeouttime; } } die () { --- 418,428 ----- /** Have to put all this in one printf for DG/UX **/ printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); fflush (stdout); /** Moves cursor to Password: prompt **/ sleep (60); + #ifdef TIMEOUT if (timeouttime) --timeouttime; #endif } } *************** *** 409,418 fflush (stdout); /** Moves cursor to Password: prompt **/ sleep (60); if (timeouttime) --timeouttime; } } die () { exit (1); } --- 421,431 ----- fflush (stdout); /** Moves cursor to Password: prompt **/ sleep (60); #ifdef TIMEOUT if (timeouttime) --timeouttime; + #endif } } die () { exit (1); } *************** *** 415,424 } die () { exit (1); } update () { if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); --- 428,438 ----- } die () { exit (1); } update () { + #ifdef TIMEOUT if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); #endif printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); *************** *** 417,426 exit (1); } update () { if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); fflush (stdout); /** Moves cursor to Password: prompt **/ signal(SIGHUP, update); --- 431,441 ----- } update () { #ifdef TIMEOUT if (timeouttime) printf("\033[17;25HTimeout in \033[1m%d\033[0m minutes.", timeouttime); + #endif printf ("\033[22;24Hload: %.2f, and %d users.\033[K\033[23;18HStarted up at %26s\033[20;37H", load(), users(), ctime(&startup_time)); fflush (stdout); /** Moves cursor to Password: prompt **/ signal(SIGHUP, update); *************** *** 562,573 else { /* Less verbose... For terminals that can't do neat graphics.*/ #ifdef UENT printf("This terminal has been locked by %s\n", muent.fullname); #endif printf("Terminal is LOCKED, RESERVED!\n"); ! printf("NO TRESSPASSING. BEWARE OF DOG. NOBODY HOME.\n"); ! printf("OUT TO LUNCH. TRESSPASSERS WILL BE PROSECUTED.\n"); } fflush(stdout); } /** Do the crypt. **/ --- 577,588 ----- else { /* Less verbose... For terminals that can't do neat graphics.*/ #ifdef UENT printf("This terminal has been locked by %s\n", muent.fullname); #endif printf("Terminal is LOCKED, RESERVED!\n"); ! printf("NO TRESPASSING. BEWARE OF DOG. NOBODY HOME.\n"); ! printf("OUT TO LUNCH. TRESPASSERS WILL BE PROSECUTED.\n"); } fflush(stdout); } /** Do the crypt. **/ *************** *** 649,659 { FILE *altpwf; char pwf[40]; sprintf(pwf, "%s/.passwd", hisent->pw_dir); if ((altpwf = fopen(pwf, "r")) == NULL) ! strcpy(wizusers->passwd, hisent->pw_passwd); else { fscanf(altpwf, "%s", wizusers->passwd); fclose(altpwf); } } --- 664,674 ----- { FILE *altpwf; char pwf[40]; sprintf(pwf, "%s/.passwd", hisent->pw_dir); if ((altpwf = fopen(pwf, "r")) == NULL) ! strcpy(wizusers->passwd, hisent->pw_passwd); else { fscanf(altpwf, "%s", wizusers->passwd); fclose(altpwf); } } *************** *** 651,662 sprintf(pwf, "%s/.passwd", hisent->pw_dir); if ((altpwf = fopen(pwf, "r")) == NULL) strcpy(wizusers->passwd, hisent->pw_passwd); else { ! fscanf(altpwf, "%s", wizusers->passwd); ! fclose(altpwf); } } } #ifdef WIZGROUP --- 666,677 ----- sprintf(pwf, "%s/.passwd", hisent->pw_dir); if ((altpwf = fopen(pwf, "r")) == NULL) strcpy(wizusers->passwd, hisent->pw_passwd); else { ! fscanf(altpwf, "%s", wizusers->passwd); ! fclose(altpwf); } } } #ifdef WIZGROUP *************** *** 745,757 for (i = 0; gr->gr_mem[i] != NULL; i++)/* loop through each member */ if (!strcmp(gr->gr_mem[i], logname)) /* is he a valid member? */ return(1); /* user looks okay to me */ #endif ! /** Or if we are the author, then we are a wiz user **/ ! if (!strcmp(logname, "lavallee")) ! return(1); return(0); /* Not found */ } /** Change the guys passwd from the ~/.passwd file... We return the new --- 760,788 ----- for (i = 0; gr->gr_mem[i] != NULL; i++)/* loop through each member */ if (!strcmp(gr->gr_mem[i], logname)) /* is he a valid member? */ return(1); /* user looks okay to me */ #endif ! ! return(0); /* Not found */ ! } ! ! int exemptuser() ! { ! #ifdef EXEMPTGROUP ! register i; /* index */ ! char *group = EXEMPTGROUP; /* The name of the group */ ! struct group *gr; /* group file entry */ ! char *logname = (char *) getlogin (); /* login name of caller */ ! gr = getgrnam(group); /* get id of authorized group */ ! ! if (gr == NULL) return(0); /* groups does not exist */ ! ! for (i = 0; gr->gr_mem[i] != NULL; i++)/* loop through each member */ ! if (!strcmp(gr->gr_mem[i], logname)) /* is he a valid member? */ ! return(1); /* user looks okay to me */ ! #endif return(0); /* Not found */ } /** Change the guys passwd from the ~/.passwd file... We return the new *** conf.h.orig Tue Apr 11 16:21:03 1989 --- conf.h Tue Apr 11 16:24:08 1989 *************** *** 15,25 ** you don't have gethostname(2) **/ /** You may undefine this if you don't want it **/ ! #define WIZGROUP "wheel" /** Magic group: * If you type in the password of someone * in this group, you will get out. * * I think this is better than having a * global password like "hasta la vista" --- 15,25 ----- ** you don't have gethostname(2) **/ /** You may undefine this if you don't want it **/ ! #define WIZGROUP "sys" /** Magic group: * If you type in the password of someone * in this group, you will get out. * * I think this is better than having a * global password like "hasta la vista" *************** *** 23,32 * * I think this is better than having a * global password like "hasta la vista" * like some locks have. **/ /** #define FCRYPT **/ /** define if you are useing fcrypt **/ #define __CONF__ #endif --- 23,35 ----- * * I think this is better than having a * global password like "hasta la vista" * like some locks have. **/ + + #define EXEMPTGROUP "operator" /** Exempt group: + * if in this group TIMEOUT is not used **/ /** #define FCRYPT **/ /** define if you are useing fcrypt **/ #define __CONF__ #endif