1*1de7b4b8SPedro F. Giffuni /*- 2b89321a5SAndrey A. Chernov * perm.c - check user permission for at(1) 3*1de7b4b8SPedro F. Giffuni * 4*1de7b4b8SPedro F. Giffuni * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 5*1de7b4b8SPedro F. Giffuni * 6b89321a5SAndrey A. Chernov * Copyright (C) 1994 Thomas Koenig 7b89321a5SAndrey A. Chernov * 8b89321a5SAndrey A. Chernov * Redistribution and use in source and binary forms, with or without 9b89321a5SAndrey A. Chernov * modification, are permitted provided that the following conditions 10b89321a5SAndrey A. Chernov * are met: 11b89321a5SAndrey A. Chernov * 1. Redistributions of source code must retain the above copyright 12b89321a5SAndrey A. Chernov * notice, this list of conditions and the following disclaimer. 13b89321a5SAndrey A. Chernov * 2. The name of the author(s) may not be used to endorse or promote 14b89321a5SAndrey A. Chernov * products derived from this software without specific prior written 15b89321a5SAndrey A. Chernov * permission. 16b89321a5SAndrey A. Chernov * 17b89321a5SAndrey A. Chernov * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 18b89321a5SAndrey A. Chernov * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19b89321a5SAndrey A. Chernov * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20ddcf8022SAndrey A. Chernov * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 21b89321a5SAndrey A. Chernov * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22b89321a5SAndrey A. Chernov * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23b89321a5SAndrey A. Chernov * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24b89321a5SAndrey A. Chernov * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25b89321a5SAndrey A. Chernov * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26b89321a5SAndrey A. Chernov * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27b89321a5SAndrey A. Chernov */ 28b89321a5SAndrey A. Chernov 2951e2220cSMark Murray #include <sys/cdefs.h> 3051e2220cSMark Murray __FBSDID("$FreeBSD$"); 3181c8c7a4SPhilippe Charnier 32b89321a5SAndrey A. Chernov /* System Headers */ 33b89321a5SAndrey A. Chernov 34b89321a5SAndrey A. Chernov #include <sys/types.h> 3581c8c7a4SPhilippe Charnier #include <err.h> 36b89321a5SAndrey A. Chernov #include <errno.h> 37b89321a5SAndrey A. Chernov #include <pwd.h> 38b89321a5SAndrey A. Chernov #include <stddef.h> 39b89321a5SAndrey A. Chernov #include <stdio.h> 40b89321a5SAndrey A. Chernov #include <stdlib.h> 41b89321a5SAndrey A. Chernov #include <string.h> 42b89321a5SAndrey A. Chernov #include <unistd.h> 43b89321a5SAndrey A. Chernov 44b89321a5SAndrey A. Chernov /* Local headers */ 45b89321a5SAndrey A. Chernov 46b89321a5SAndrey A. Chernov #include "at.h" 473ce6c357SMark Murray #include "perm.h" 483ce6c357SMark Murray #include "privs.h" 49b89321a5SAndrey A. Chernov 50b89321a5SAndrey A. Chernov /* Macros */ 51b89321a5SAndrey A. Chernov 52b89321a5SAndrey A. Chernov #define MAXUSERID 10 53b89321a5SAndrey A. Chernov 54b89321a5SAndrey A. Chernov /* Structures and unions */ 55b89321a5SAndrey A. Chernov 56b89321a5SAndrey A. Chernov /* Function declarations */ 57b89321a5SAndrey A. Chernov 58b89321a5SAndrey A. Chernov static int check_for_user(FILE *fp,const char *name); 59b89321a5SAndrey A. Chernov 60b89321a5SAndrey A. Chernov /* Local functions */ 61b89321a5SAndrey A. Chernov 62b89321a5SAndrey A. Chernov static int check_for_user(FILE *fp,const char *name) 63b89321a5SAndrey A. Chernov { 64b89321a5SAndrey A. Chernov char *buffer; 65b89321a5SAndrey A. Chernov size_t len; 66b89321a5SAndrey A. Chernov int found = 0; 67b89321a5SAndrey A. Chernov 68b89321a5SAndrey A. Chernov len = strlen(name); 69a9be9be8SDavid E. O'Brien if ((buffer = malloc(len+2)) == NULL) 70a9be9be8SDavid E. O'Brien errx(EXIT_FAILURE, "virtual memory exhausted"); 71b89321a5SAndrey A. Chernov 72b89321a5SAndrey A. Chernov while(fgets(buffer, len+2, fp) != NULL) 73b89321a5SAndrey A. Chernov { 74b89321a5SAndrey A. Chernov if ((strncmp(name, buffer, len) == 0) && 75b89321a5SAndrey A. Chernov (buffer[len] == '\n')) 76b89321a5SAndrey A. Chernov { 77b89321a5SAndrey A. Chernov found = 1; 78b89321a5SAndrey A. Chernov break; 79b89321a5SAndrey A. Chernov } 80b89321a5SAndrey A. Chernov } 81b89321a5SAndrey A. Chernov fclose(fp); 82b89321a5SAndrey A. Chernov free(buffer); 83b89321a5SAndrey A. Chernov return found; 84b89321a5SAndrey A. Chernov } 85b89321a5SAndrey A. Chernov /* Global functions */ 863ce6c357SMark Murray int check_permission(void) 87b89321a5SAndrey A. Chernov { 88b89321a5SAndrey A. Chernov FILE *fp; 89b89321a5SAndrey A. Chernov uid_t uid = geteuid(); 90b89321a5SAndrey A. Chernov struct passwd *pentry; 91b89321a5SAndrey A. Chernov 92b89321a5SAndrey A. Chernov if (uid==0) 93b89321a5SAndrey A. Chernov return 1; 94b89321a5SAndrey A. Chernov 95b89321a5SAndrey A. Chernov if ((pentry = getpwuid(uid)) == NULL) 9681c8c7a4SPhilippe Charnier err(EXIT_FAILURE, "cannot access user database"); 97b89321a5SAndrey A. Chernov 98b89321a5SAndrey A. Chernov PRIV_START 99b89321a5SAndrey A. Chernov 100b89321a5SAndrey A. Chernov fp=fopen(PERM_PATH "at.allow","r"); 101b89321a5SAndrey A. Chernov 102b89321a5SAndrey A. Chernov PRIV_END 103b89321a5SAndrey A. Chernov 104b89321a5SAndrey A. Chernov if (fp != NULL) 105b89321a5SAndrey A. Chernov { 106b89321a5SAndrey A. Chernov return check_for_user(fp, pentry->pw_name); 107b89321a5SAndrey A. Chernov } 1084d294cadSBill Fumerola else if (errno == ENOENT) 109b89321a5SAndrey A. Chernov { 110b89321a5SAndrey A. Chernov 111b89321a5SAndrey A. Chernov PRIV_START 112b89321a5SAndrey A. Chernov 113b89321a5SAndrey A. Chernov fp=fopen(PERM_PATH "at.deny", "r"); 114b89321a5SAndrey A. Chernov 115b89321a5SAndrey A. Chernov PRIV_END 116b89321a5SAndrey A. Chernov 117b89321a5SAndrey A. Chernov if (fp != NULL) 118b89321a5SAndrey A. Chernov { 119b89321a5SAndrey A. Chernov return !check_for_user(fp, pentry->pw_name); 120b89321a5SAndrey A. Chernov } 1214d294cadSBill Fumerola else if (errno != ENOENT) 12281c8c7a4SPhilippe Charnier warn("at.deny"); 123b89321a5SAndrey A. Chernov } 1244d294cadSBill Fumerola else 12581c8c7a4SPhilippe Charnier warn("at.allow"); 126b89321a5SAndrey A. Chernov return 0; 127b89321a5SAndrey A. Chernov } 128