From 8e2987ed5313c84f2b323fc0ede2d25e0717bbe4 Mon Sep 17 00:00:00 2001 From: Thomas Walker Lynch Date: Wed, 13 Feb 2019 17:16:02 +0100 Subject: [PATCH] adds ss_cache_probs --- try/sss_cache_probs/example.txt | 12 +++++ try/sss_cache_probs/sss_cache | Bin 0 -> 19200 bytes try/sss_cache_probs/sss_cache.cli.c | 4 +- try/sss_cache_probs/sss_cache.cli.o | Bin 0 -> 1688 bytes try/sss_cache_probs/sss_cache.lib.c | 65 +++------------------------- try/sss_cache_probs/sss_cache.lib.o | Bin 4288 -> 2880 bytes 6 files changed, 20 insertions(+), 61 deletions(-) create mode 100644 try/sss_cache_probs/example.txt create mode 100755 try/sss_cache_probs/sss_cache create mode 100644 try/sss_cache_probs/sss_cache.cli.o diff --git a/try/sss_cache_probs/example.txt b/try/sss_cache_probs/example.txt new file mode 100644 index 0000000..d40b0be --- /dev/null +++ b/try/sss_cache_probs/example.txt @@ -0,0 +1,12 @@ +> ./sss_cache +Checking we are running from a user and are setuid root. +uid 49972, gid 49972, euid 0 egid 49972 +yes, uid is not zero, and euid is zero, so we are setuid to the root user. +dispatching sss_cache -U to clear users +dispatching: +arg: 0x7ffdbebdf6f0 /usr/sbin/sss_cache +arg: 0x7ffdbebdf6f8 -U + +/usr/sbin/sss_cache must be run as root +sss_cache failed + diff --git a/try/sss_cache_probs/sss_cache b/try/sss_cache_probs/sss_cache new file mode 100755 index 0000000000000000000000000000000000000000..39fd5b88f4f2082fbd0870a43ebe25ac2360f832 GIT binary patch literal 19200 zcmeHPe{2-joqxNFu|vYz4*B5%DH95nP4L)o}zu->(H zXTe0_;?yD6jpH7@ORB1BPZp|9D7`

RKU`26G^s=Bmm?rpXI??%;Kd(xfu!Or)6Ki?nkz3;qvGjHBJKObn{;&!)?pjiHObeI7dmB(ym`v zVahL9DOpfmW|;1^VZoH`o`jtWnbP=p!eQU7$}1I@8Pz_fiWN<4L%k^JvM@v{?aH>^*OoNWHi(D%=N z>(=!bNVgh4@*&$r8CQ*)F!J4S-z&=>{@pNlOCb5_QLuOBLy{w`82)4lJXiv^O5lG5 zT*I$0H3BGB?(HS;wi5W$CGe#s@Kg!>GbQl*OW>adUMuRvpsph)1o!g|$P+$VfD81G z5Os%*qPshmPW6h&KqPdiKO*`g$z&oax)aHRB4vdWX-o7(te$9?ILL@gg9C{W+I=_~ zwIY%w_;4_4^@Exwm0+fka5Z#G zk)DI|xhH{8$;7o#&E?{6CSUQjalyOgfVoX>bz`9_Q9V6&aS?SWAzFh zIpTXsHgzS7wEA7*>Ctd%Lh_f0cN0G*`L~IuN5QF6lK%(d=}~oRRPtwtr$@r6%`Ne;M6Y3|0VJC2soun{$=9n(Qm35Jhivw z*V{5be#XfB+!(q#vup3R@v)h^bzzL38{ae8O;DG=6-`s&zb6 zDi4MBRQ}*&H|cFadP#?o`Nib3XvM{fYd~E4&d)24^sl{4ia4wLjm*)LXKOTF$Z{s@ zaGE9`xs}ak0yidiOFBDwK++E;zbNU)6~;@Mq}{bkf*=;#e$ zEgU*JE3A5SnlGRpM&{g^haq~CdcoNNs86Qh>@I7k@9T%?=TXjFz=q0emcwn*x zh%p?PG%|rP@NWf(9}i4GOwP`$X=MfLIq~NUyrIAneTQ=@)~tCBQw$q z(w;d+-LO3~G63@8n59)W1O}@cwjZx<=oqbT*mtVBAu?9o&^J-tkiJsgaCBz;81*~q zu;a%zAlFPKj09?o%&}Im#>g@1x8SI|q8-0lOY+yq$QT~6EAk_1a4lMrIo57#T_7!h zZ`{achb5?*Ff`qavwqpgq;VA=y)3Ld(Co{`F!j?kow3)Y<+(HKQ4c##U!pjjha>xp zWg$5Gh7+TI$ElPqGJ)A^8<3l&7{2Yu&)f1@DguH_j^K3?3n=`;lT76I7E>@g7BLVqTAsTuC#S3a=Qa!nK?R*P+l=I9pwLt zY-C^-1-q0-FHL>di^AqFI#459Kr$Q@7Udi8&9 zTjnSJr?zE2@^|<%H~o9tM^;<)LUb4-jYRjfH_+8wHM#RTnsx4`$6C?yFV!mssTu8= z>+PA3HfP@RXYcx{F?8N#Jp8ltuW0=K{67B|{QLaR_|4ogMUH2%BPz#zXQU@@>z%g1XjSTfUAr`Kv&Ns}~U0~#%@0bn&@^+r=#e=^aN4EAY#>6E2) z$-=Z8r}>43LWy+TVh2YeskIvUhMRc8(w>bZ6KiG7WQjm+B$eQnD92VpvwBe!DlJ>1 zY95ZJ`h!-em)e?2rOZ$;1g*vn4f>&2B$$-SsYRkGok}*Px}xzWM@=+#2#3+SgV9(d z%=PS!#-pj;NI1vo;i%P%RY*;)OTwc}!DP>&&o}SW;^|n-r|rN|3nlvcDAfJIR0l;*UV4QE7P6c}+P^aZu;acW-bQdVS zL|OiuZ1z>qY0wz)?`5-tpqD`30Im3KHv3c1w?J=z-t~SqyBt%U=Rp4ibQ<(UP+D)N zpoL``{AlV@x;)~Jcy)`enH!WW1@wrf>l)nP_{+Vp{Jg6gg zze!>#|69NpAaBpJ-|E=^5b_zccVC`;r?jU!PUF}5yKFW>@-5z)zi zN1z;mas zb(veHcv}CWMBj~4s#9`$ey7Cp4{v1?lK1FD>~FR~-&&v(Yk!*y+N|U}&!S~UO8kvq zoz0576=mY#jIPTZ&we%4K%Teow}|&DeQlww&-hq{&2zo?D?R=uk;}&#mu$~*rH|D+ z$#Xn0?U4KdC0B0#*9d=CURdBpb$+)f`jn#GiXKw*B}Kog=-(*%Jw-1n`i`Q%RFulw zx@prRT0OqVZqQnN_GZb>mNDi2p~|Z0355z8BQP0PN!Dl0)}5adYXX3r z?{aNicE##E-3Rcwap<5KiUsjOvsjWRTNCOw@dCw)gsf;HPK~}NPyT@XEV;AO^zYdd z*u8h#&K-Lo=j+w3@0u+;A=&b@pf%sZ`c%@j;><;59q*@*2xkni>%H(!V6{ML4%wYDLTOT=UW*WvGTEfrk9m1OuwyDK3|(5{CIMRAX~S`=R(syxN~R54WHkK<`0=YGaA55_{RD8AUa53w#$kMIiTddm@b zsCR364q|6LxN|L7Sq!fgokj6Go#!#zgMIYij>6Aj`S@L;*mHpgPgA_#Bwrs_i>~KF zGVc-hih-i|+`gV%Baid+n2S<;mWosR^*j)_7_mV7R^GRA1&0d9#lBr zhgkoJ!g(BJoW5TxR_-WpH}0-HCbIqsh3{8mB;(&z_-FzCkHB5n-*i&NjoL}+UHn`{ z&KGUnq;mPWT`J?S7`RK!KksXS7pp(LyDx@+wgmpCCGZ0!@I%1qyzu>i>-n<6c|2ph zRGd#h-z93rH$J7aszZy_{}lO0918pSIq7G9KYv^4^ZbRK|4icZue%xPXMX=*=%!L} zy{r2k-xuxyUTk06C~&RF^|D6!;d`uH<3Od>0k47nbGpt|l=NYxf7=opmunu7)DZ5T zKhCsC{X7?vd8!0{palMW3H+~tQ#}jEf#-4azH@%D;@i;Iir{B}*J3wjm8R!O#|h6F zCl@H`JHRRaKU8s$YdetrtHkqMNalT|&;2u^R6Hf>c^vW@T&JgWU1{3nUeZTD=kbKk z`?r*T-dEkEteQ&r-wd4m7oOi;Qh%|aZOI;|VOunpkYLe4#?#jKsrp7^WpwG-M_tu|z0WHy@WaaG$c$ z_@X-`uu~LE*eNTLG_5{N$P)2L3OhW*39~1b=nBTnu$4%r%wT#zVBNMqhRvj5-$UzK zA1bb7(z>u2OeTXzP?D8ABD%2<9x=n|zP=+c$>C(9@>HF*W*?$Jb?dS>qWVxev1%z> zN$0dfu_(lmSa+k0Q)16tPyo&g-W(=_VVYZZ`?m+oz>dwPi7Jv0r&`z_yZPxI{_Wc~ z-m5DMmerNJdke)>mc5l1 zmCW1Mi%yVAn7vr3k41#JZ6~zC=!&Rj*f|wcC_aEFbm}ygVyX5m7wCjzc25mj5h|W~ zZhzF?om|9W7rtDuLoRnHtG&zlF75r$`513y&PVN?(D|5Y?%lpg^#R&aoiDX_ROe&D zmpamC1-n44q)mG{hi@7p$$sI(7aS3vzinHi73@)5Pdx4GN=LEbADgdz#P!lk5MTI6 z9R6%-C2h%}NHRt5K%|;tOvrGJ2gyL?`eT;x$x!>O$N=(m5ki)b9myBzRhM0F7`DvW z7IsIsEjSOy!M-R)o1O%G;oy@6*v@b!gpa=9z}0QnOE$(Aw5(*bD{W!)_=6;Rze#8Q{@L_dWez0+iSo~K<F1ysrxP2}<=gapu*|{X*e8KRZ~4JLbfCsJttWniS@ybIxZuY9>G z1i$}>icBi3%!&+hx%Qf}*OdK)qiJUpjAtV|y$X_R&(BvgN}+-quJqYXvEu6m_B;=t zRSO5sJ0fLJSpQLF&+&KW>zZxgas)Qd@v}Mny&Ghx{;alOr4A0~bfqND-(9ge`&@IL z==bo;wdeVNr?NLln3D?2AA`(`pSoO}_XPa+Sqk-;XG-5j(K|S{=XqA04}n>X5ArwSC^haSR@hZ+*o(yN=Ea0|6WO+! zJb>v=q5xa^)Gvi@36>!ZH7odT4aT`(Z)^pSuSrFYnxAN>qgNmn0cd+ z%NO&7{2gPh${L1c`w^bKyG~i*a<~F$Z>pg6Guldeap^slx`sF@$#YsBp3l5Xm6sP% zTNpt=vd}G0!SCawQ$4X`06Kn>M8`}?qC?oHnIjz*XD|YENWQQR3p4Q-5V@$_GyLv| zT|v#vL<3x(gRjoPfpcDWY^TLcXSZ!S;M(mDaKFJk51OyMcE@i*k2A0C?ohc~w4kI= z&!YZ0jwDAQ3SnwD?uRJN0N@;|jDM!!X$3a~PWeeEV)ECnZ*POieJ`>t>3M9|HhtFj z!ED&R4dyoIV0ztX<8)n@b?~gy^_ht;G0T11*}(v!u~xn5*)E&ZIiX`9pWa-2k|o4Q z*{HDO;FZhEvj~mLN%5B_G&j01-kxM!M znH}zBeY&?Q@%s1hkTCh4Wb8-bWF;W1ZH1XT(K|!qRW)Oah;<`0Nk@OVpp&KZ+rt|C=QKFTuCN LsOciEGXeerkVTIN literal 0 HcmV?d00001 diff --git a/try/sss_cache_probs/sss_cache.lib.c b/try/sss_cache_probs/sss_cache.lib.c index 109a99f..0db485a 100644 --- a/try/sss_cache_probs/sss_cache.lib.c +++ b/try/sss_cache_probs/sss_cache.lib.c @@ -44,81 +44,28 @@ int user_mk(char *username){ dbprintf("yes, uid is not zero, and euid is zero, so we are setuid to the root user.\n"); #endif - //-------------------------------------------------------------------------------- - char *home; - size_t home_len; - { - #ifdef DEBUG - dbprintf("making the home dir path\n"); - #endif - char *prefix = "/home/"; - home_len = strlen(prefix) + strlen(username); - home = (char *)malloc(home_len + 1); - if( !home ){ - perror("sss_cache"); - return -1; - } - strcpy (home, prefix); - strcpy (home + strlen(prefix), username); - } - #ifdef DEBUG - dbprintf("home dir path: \"%s\"\n", home); - #endif - /*-------------------------------------------------------------------------------- - note this from the man page: - - -d, --home-dir HOME_DIR The new user will be created using HOME_DIR - as the value for the user's login directory. ... The directory HOME_DIR - does not have to exist but will not be created if it is missing. */ uid_t useruid; gid_t usergid; { #ifdef DEBUG - dbprintf("dispatching useradd to create the user\n"); + dbprintf("dispatching sss_cache -U to clear users\n"); #endif - char *command = "/usr/sbin/useradd"; - char *argv[5]; + char *command = "/usr/sbin/sss_cache"; + char *argv[3]; argv[0] = command; - argv[1] = username; - argv[2] = "-d"; - argv[3] = home; - argv[4] = (char *) NULL; + argv[1] = "-U"; + argv[2] = (char *) NULL; char *envp[1]; envp[0] = (char *) NULL; int ret = dispatch(argv, envp); if(ret == -1){ - fprintf(stderr, "useradd failed\n"); + fprintf(stderr, "sss_cache failed\n"); return -1; } - struct passwd *pw_record = getpwnam(username); - if( pw_record == NULL ){ - fprintf(stderr,"getpwnam failed after useradd for username, %s\n", username); - } - useruid = pw_record->pw_uid; - usergid = pw_record->pw_gid; } - //-------------------------------------------------------------------------------- - // create home directory - // we have our reasons for doing this second (setting facls in different places) - { - #ifdef DEBUG - dbprintf("mkdir(%s, 0x0700)\n", home); - #endif - int ret = mkdir(home, 0x0700); - if( ret == -1 ){ - perror("sss_cache"); - return -1; - } - ret = chown(home, useruid, usergid); - if( ret == -1 ){ - perror("sss_cache"); - return -1; - } - } - #ifdef DEBUG dbprintf("finished sss_cache without errors\n", username); #endif diff --git a/try/sss_cache_probs/sss_cache.lib.o b/try/sss_cache_probs/sss_cache.lib.o index edb0d0f45cd7af982d91d4750eb1d6ffd5b3f653..97c858430e3e8b1069931c9105b480ad29a9da65 100644 GIT binary patch delta 851 zcmZ8fO=uHA6rSDu?k3sYB4iV-c3TzqU=7;Zcq)Xlu$M|NvEFn|qe&^TW)tvW&=3%o zrPBB=B7)RY#DncEc+eD~Rq)_JJa{YQP+AWWg60sYGn+{$c`)n8dI*FxqD7GoK>|)EF@7T$1)ZlzJ_`0r*7?1?`EacJSv{oZI2_h zwm*#E!$$^hPLqzTeuU%j6uzLQTRTI|V{b1)Uq2%Rr(OSU5Syi}xoQ+rnQZQ!Vw&cy zl#$A$mC2-1xUZyE(nek>n(4gBqgc_*$ILs~Tx=jilSwp4l)FZDCB4KWIB@62MzJ+n zB&JA*2|;?w&V{_LOH9z`hjJ(itAZO|dA_kz3@m$hpyj(B=y!uq2+Dq$kzs?AnNisC z%h7X=8A5K1LA<(TQXCgy53|$9Sm78u4;v&0({4AAkq&qKP8z?d^5f-rb(NvuPnT zmYf*Y3kfd-UQN&t<3k@CgII;o#s@=Uf+WU-2S}>c1f!3d`hBxA*Xi^&n)s2qneR8> z_xry2W@mQG`^LUkJ2Dv}B|}~&OPWLpnOwIt&hufOtRrhl!Hn-5GEXd=2h5DWbQc#F zzryKh{F!h4#KrD-to1CU;+%)4^?rX+Z%;rfP6zFHTK5O6}5%YB6ym>ltT*@&vE;S}DEkpD$^DNC1SFuuW9=-yGG6uE(><}-TC3H)B38IK5Pf`qZ)F#2GRc286 zmZ6`F!NBRIT_LPt6teE_f}-?~_dnm?-y;fD_G(_}Iwjg#10D02>qm?_LEs1AN`{Aq z_R#L(1BD(snA@Ejpu77A1_yQzJWIO|f~RS*1n+yUhip!^nPiR~B$@Hf%(k_w?>htc zz*B%fD&~HI8;R^)-}zz3(7IJ-Bb&Y60aju%rNf);9`gHQyXkD(8=8 z!f(?RQ&~K7Z6r(DC!Hm$R#KFnkzUNL9$vv#C9N=n6g;MG`}z)6F91UtMr zu!pOPtJsIE1m}d5#{!Qzpam7D1{X%9;@hOoPY{B3{V0()0J`#{OUfbwKbypM{jpl> z{NV9apT_N=qu`T^bAQ3R1m#HtK@ficn#6Y^2!i-pXcB)0K@i086Gq}MA_#)`dT0`V z4M7l@Po8Upye)dPSMzyK;CRIGg(-O&0+&3l&`*gTdGH)a`*Q-9_7{czvFP={td-m zt*58pTNR!$jYmEY#}#|^c{r!w_>Pe4`Xq(tGsRxznbGX8i~PS;?A81!#6rPoVZwEi z3y)TrRfL`eN$<*0;8d&}bH*9Tl`LkFTrmtuF7Ok@_N!H=26ONk=H%cjqAz5YJqiZs z=D0`7@QLRnLH_?Q1qxiE{sztih9cj)iI&*PG4|V_;j@&7rplyv)lcFi2-Xba2$8b`kW)ARum1QQfSk+r4s