[unix-pc.sources] sudo.c

lenny@icus.UUCP (11/20/87)

** PLEASE NO FLAMES **

Use this program as a responsible person.  If you are not, have some
sort of security problem, or don't want to give out root access to
anyone but root, *DON'T* use this program.  

This program was intended to be like the sudo command developed
at SUNY at Buffalo (sunybcs).  It gives root access to a user without
using the root password.  As a security measure the list of users are
located in a file called: /usr/adm/su.allow which should be protected
with a 400 mode.  The file should contain a list of users separated by
a carriage return <CR>.   

sudo should be protected with a 4511 mode and owned by root.

sudo LOGS ALL attempts, whether successful or non-successful to
/usr/adm/sulog.    Only the 1st argument of the command gets logged
to the file (argv[0] = program name) but this can be changed to
fit your needs.

Usage:  sudo [-r] command

[-r]     gives sets the uid to 0, and group to 1 (really root)
default  sets the effective uid of the command to root.

Examples:       Root shell can be gotten with the command:  
		sudo sh		(effective uid is root)
		sudo -r sh	(really root)

WARNING:  Be careful in giving out root access to just anyone.

I'm sure this could be written better, but it does the job.

---- cut here ---- cut here ---- cut here ---- cut here ----

/***********************************************************************
 *	Program Name:	sudo
 *	Author:		Lenny Tropiano
 *			(c)1986 ICUS Computer Group
 *	Date:		December 20, 1986 
 *
 *
 *		Will check /usr/adm/su.allow for your logname and
 *	will give you "root" permissions for a given command on line.
 *
 **********************************************************************/

#include <stdio.h>
#include <time.h>

extern	char	**environ;

main(argc,argv,envp)
	int	argc;
	char	*argv[];
	char	*envp[];
{
	FILE	*fp, *logfp;
	register int	i, x;
	short	rootid;
	struct	tm	*today;
	long	*clock, tresult;
	char	username[L_cuserid + 1], 
		buffer[L_cuserid + 1], 
		tty[L_ctermid + 1];
	char	runprog[25], program[25], *fgets(), *ttyname(), *getlogin();

	tresult = time((long *) 0);
	clock = &tresult;
	today = localtime(clock);
	today->tm_mon++;

	if (argc < 2) {
		fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
		exit(1);
	}

	if (strncmp(argv[1],"-r",2) == 0) {
		if (argc < 3) {
			fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
			exit(1);
		}
		rootid = 1;
	} else
		rootid = 0;

	if ((logfp = fopen("/usr/adm/sulog","a")) == NULL) {
		fprintf(stderr,"error: cannot open /usr/adm/sulog file\n");
		perror("sudo");
		exit(1);
	}

	if ((fp = fopen("/usr/adm/su.allow","r")) == NULL) {
		fprintf(stderr,"error: cannot open /usr/adm/su.allow file\n");
		perror("sudo");
		exit(1);
	}


	x=0;
	for (i=(rootid + 1);i<argc+1;i++)  
		argv[x++] = argv[i];

	sscanf(ttyname(0),"%*c%*c%*c%*c%*c%s", tty);
	sprintf(username,"%s",getlogin());

	while (fgets(buffer,L_cuserid,fp) != NULL) {
		if (strncmp(buffer,username,strlen(username)) == 0) {
			fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d + %s %s %c(%s)\n",
				today->tm_mon, today->tm_mday,
				today->tm_hour, today->tm_min,
				tty, username, (!rootid) ? ' ' : '*', argv[0]);
			fclose(logfp);
			fclose(fp);
			sprintf(program,"(sudo) %s",argv[0]);
			sprintf(runprog,"%s",argv[0]);
			if (rootid) {
				setuid(0);
				setgid(1);
			}
			argv[0] = program;
			execvp(runprog,argv);
			perror("sudo");
			exit(1);
		}				/* End if */
	}					/* End while */

	fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d - %s %s %c(%s)\n",
		today->tm_mon, today->tm_mday,
		today->tm_hour, today->tm_min,
		tty, username, (!rootid) ? ' ' : '*', argv[0]);
	fclose(logfp);

	fprintf(stderr,"sudo: Sorry.\n");
	fclose(fp);
	exit(0);

}						/* End main() */
-- 
============================ US MAIL:   Lenny Tropiano, ICUS Computer Group
 IIIII   CCC   U   U   SSSS             PO Box 1
   I    C   C  U   U  S                 Islip Terrace, New York  11752
   I    C      U   U   SSS   PHONE:     (516) 968-8576 [H] (516) 582-5525 [W] 
   I    C   C  U   U      S  AT&T MAIL: ...attmail!icus!lenny  TELEX: 154232428
 IIIII   CCC    UUU   SSSS   UUCP:
============================       ...{uunet!godfre, mtune!quincy}!\
               ...{ihnp4, boulder, harvard!talcott, skeeve, ptsfa}! >icus!lenny 
"Usenet the final frontier"        ...{cmcl2!phri, hoptoad}!dasys1!/

lenny@icus.UUCP (11/20/87)

** PLEASE NO FLAMES **

Use this program as a responsible person.  If you are not, have some
sort of security problem, or don't want to give out root access to
anyone but root, *DON'T* use this program.  

This program was intended to be like the sudo command developed
at SUNY at Buffalo (sunybcs).  It gives root access to a user without
using the root password.  As a security measure the list of users are
located in a file called: /usr/adm/su.allow which should be protected
with a 400 mode.  The file should contain a list of users separated by
a carriage return <CR>.   

sudo should be protected with a 4511 mode and owned by root.

sudo LOGS ALL attempts, whether successful or non-successful to
/usr/adm/sulog.    Only the 1st argument of the command gets logged
to the file (argv[0] = program name) but this can be changed to
fit your needs.

Usage:  sudo [-r] command

[-r]     gives sets the uid to 0, and group to 1 (really root)
default  sets the effective uid of the command to root.

Examples:       Root shell can be gotten with the command:  
		sudo sh		(effective uid is root)
		sudo -r sh	(really root)

WARNING:  Be careful in giving out root access to just anyone.

I'm sure this could be written better, but it does the job.

---- cut here ---- cut here ---- cut here ---- cut here ----

/***********************************************************************
 *	Program Name:	sudo
 *	Author:		Lenny Tropiano
 *			(c)1986 ICUS Computer Group
 *	Date:		December 20, 1986 
 *
 *
 *		Will check /usr/adm/su.allow for your logname and
 *	will give you "root" permissions for a given command on line.
 *
 **********************************************************************/

#include <stdio.h>
#include <time.h>

extern	char	**environ;

main(argc,argv,envp)
	int	argc;
	char	*argv[];
	char	*envp[];
{
	FILE	*fp, *logfp;
	register int	i, x;
	short	rootid;
	struct	tm	*today;
	long	*clock, tresult;
	char	username[L_cuserid + 1], 
		buffer[L_cuserid + 1], 
		tty[L_ctermid + 1];
	char	runprog[25], program[25], *fgets(), *ttyname(), *getlogin();

	tresult = time((long *) 0);
	clock = &tresult;
	today = localtime(clock);
	today->tm_mon++;

	if (argc < 2) {
		fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
		exit(1);
	}

	if (strncmp(argv[1],"-r",2) == 0) {
		if (argc < 3) {
			fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
			exit(1);
		}
		rootid = 1;
	} else
		rootid = 0;

	if ((logfp = fopen("/usr/adm/sulog","a")) == NULL) {
		fprintf(stderr,"error: cannot open /usr/adm/sulog file\n");
		perror("sudo");
		exit(1);
	}

	if ((fp = fopen("/usr/adm/su.allow","r")) == NULL) {
		fprintf(stderr,"error: cannot open /usr/adm/su.allow file\n");
		perror("sudo");
		exit(1);
	}


	x=0;
	for (i=(rootid + 1);i<argc+1;i++)  
		argv[x++] = argv[i];

	sscanf(ttyname(0),"%*c%*c%*c%*c%*c%s", tty);
	sprintf(username,"%s",getlogin());

	while (fgets(buffer,L_cuserid,fp) != NULL) {
		if (strncmp(buffer,username,strlen(username)) == 0) {
			fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d + %s %s %c(%s)\n",
				today->tm_mon, today->tm_mday,
				today->tm_hour, today->tm_min,
				tty, username, (!rootid) ? ' ' : '*', argv[0]);
			fclose(logfp);
			fclose(fp);
			sprintf(program,"(sudo) %s",argv[0]);
			sprintf(runprog,"%s",argv[0]);
			if (rootid) {
				setuid(0);
				setgid(1);
			}
			argv[0] = program;
			execvp(runprog,argv);
			perror("sudo");
			exit(1);
		}				/* End if */
	}					/* End while */

	fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d - %s %s %c(%s)\n",
		today->tm_mon, today->tm_mday,
		today->tm_hour, today->tm_m