From: Thomas Walker Lynch Date: Wed, 13 Feb 2019 16:16:02 +0000 (+0100) Subject: adds ss_cache_probs X-Git-Url: https://git.reasoningtechnology.com/style/static/git-favicon.png?a=commitdiff_plain;h=8e2987ed5313c84f2b323fc0ede2d25e0717bbe4;p=subu adds ss_cache_probs --- diff --git a/try/sss_cache_probs/example.txt b/try/sss_cache_probs/example.txt new file mode 100644 index 0000000..d40b0be --- /dev/null +++ b/try/sss_cache_probs/example.txt @@ -0,0 +1,12 @@ +> ./sss_cache +Checking we are running from a user and are setuid root. +uid 49972, gid 49972, euid 0 egid 49972 +yes, uid is not zero, and euid is zero, so we are setuid to the root user. +dispatching sss_cache -U to clear users +dispatching: +arg: 0x7ffdbebdf6f0 /usr/sbin/sss_cache +arg: 0x7ffdbebdf6f8 -U + +/usr/sbin/sss_cache must be run as root +sss_cache failed + diff --git a/try/sss_cache_probs/sss_cache b/try/sss_cache_probs/sss_cache new file mode 100755 index 0000000..39fd5b8 Binary files /dev/null and b/try/sss_cache_probs/sss_cache differ diff --git a/try/sss_cache_probs/sss_cache.cli.c b/try/sss_cache_probs/sss_cache.cli.c index 6d0e934..39fee15 100644 --- a/try/sss_cache_probs/sss_cache.cli.c +++ b/try/sss_cache_probs/sss_cache.cli.c @@ -7,8 +7,8 @@ int main(int argc, char **argv, char **env){ char *command = argv[0]; - if( argc != 2 ){ - fprintf(stderr, "usage: %s subu", command); + if( argc != 1 ){ + fprintf(stderr, "usage: %s", command); return 1; } return user_mk(argv[1]); diff --git a/try/sss_cache_probs/sss_cache.cli.o b/try/sss_cache_probs/sss_cache.cli.o new file mode 100644 index 0000000..16f9c8f Binary files /dev/null and b/try/sss_cache_probs/sss_cache.cli.o differ diff --git a/try/sss_cache_probs/sss_cache.lib.c b/try/sss_cache_probs/sss_cache.lib.c index 109a99f..0db485a 100644 --- a/try/sss_cache_probs/sss_cache.lib.c +++ b/try/sss_cache_probs/sss_cache.lib.c @@ -44,81 +44,28 @@ int user_mk(char *username){ dbprintf("yes, uid is not zero, and euid is zero, so we are setuid to the root user.\n"); #endif - //-------------------------------------------------------------------------------- - char *home; - size_t home_len; - { - #ifdef DEBUG - dbprintf("making the home dir path\n"); - #endif - char *prefix = "/home/"; - home_len = strlen(prefix) + strlen(username); - home = (char *)malloc(home_len + 1); - if( !home ){ - perror("sss_cache"); - return -1; - } - strcpy (home, prefix); - strcpy (home + strlen(prefix), username); - } - #ifdef DEBUG - dbprintf("home dir path: \"%s\"\n", home); - #endif - /*-------------------------------------------------------------------------------- - note this from the man page: - - -d, --home-dir HOME_DIR The new user will be created using HOME_DIR - as the value for the user's login directory. ... The directory HOME_DIR - does not have to exist but will not be created if it is missing. */ uid_t useruid; gid_t usergid; { #ifdef DEBUG - dbprintf("dispatching useradd to create the user\n"); + dbprintf("dispatching sss_cache -U to clear users\n"); #endif - char *command = "/usr/sbin/useradd"; - char *argv[5]; + char *command = "/usr/sbin/sss_cache"; + char *argv[3]; argv[0] = command; - argv[1] = username; - argv[2] = "-d"; - argv[3] = home; - argv[4] = (char *) NULL; + argv[1] = "-U"; + argv[2] = (char *) NULL; char *envp[1]; envp[0] = (char *) NULL; int ret = dispatch(argv, envp); if(ret == -1){ - fprintf(stderr, "useradd failed\n"); + fprintf(stderr, "sss_cache failed\n"); return -1; } - struct passwd *pw_record = getpwnam(username); - if( pw_record == NULL ){ - fprintf(stderr,"getpwnam failed after useradd for username, %s\n", username); - } - useruid = pw_record->pw_uid; - usergid = pw_record->pw_gid; } - //-------------------------------------------------------------------------------- - // create home directory - // we have our reasons for doing this second (setting facls in different places) - { - #ifdef DEBUG - dbprintf("mkdir(%s, 0x0700)\n", home); - #endif - int ret = mkdir(home, 0x0700); - if( ret == -1 ){ - perror("sss_cache"); - return -1; - } - ret = chown(home, useruid, usergid); - if( ret == -1 ){ - perror("sss_cache"); - return -1; - } - } - #ifdef DEBUG dbprintf("finished sss_cache without errors\n", username); #endif diff --git a/try/sss_cache_probs/sss_cache.lib.o b/try/sss_cache_probs/sss_cache.lib.o index edb0d0f..97c8584 100644 Binary files a/try/sss_cache_probs/sss_cache.lib.o and b/try/sss_cache_probs/sss_cache.lib.o differ