From f764db2c8ec6d8f230048f83cdb59e9bc11bef5f Mon Sep 17 00:00:00 2001
From: Thomas Walker Lynch <thomas.lynch@reasoningtechnology.com>
Date: Wed, 13 Feb 2019 17:05:33 +0100
Subject: [PATCH] error return on user-mk appears today, ran before see
 example.txt

---
 try/sss_cache_probs/dbprintf.aux.c  |  13 +++
 try/sss_cache_probs/dbprintf.aux.h  |   6 ++
 try/sss_cache_probs/dbprintf.aux.o  | Bin 0 -> 1680 bytes
 try/sss_cache_probs/dispatch.lib.c  |  69 +++++++++++++++
 try/sss_cache_probs/dispatch.lib.h  |   9 ++
 try/sss_cache_probs/dispatch.lib.o  | Bin 0 -> 2496 bytes
 try/sss_cache_probs/local_common.h  |  12 +++
 try/sss_cache_probs/makefile        |  17 ++++
 try/sss_cache_probs/setuid_root.sh  |   8 ++
 try/sss_cache_probs/sss_cache.cli.c |  15 ++++
 try/sss_cache_probs/sss_cache.lib.c | 126 ++++++++++++++++++++++++++++
 try/sss_cache_probs/sss_cache.lib.h |   6 ++
 try/sss_cache_probs/sss_cache.lib.o | Bin 0 -> 4288 bytes
 try/useradd_probs/user-mk.cli.c     |   2 +-
 14 files changed, 282 insertions(+), 1 deletion(-)
 create mode 100644 try/sss_cache_probs/dbprintf.aux.c
 create mode 100644 try/sss_cache_probs/dbprintf.aux.h
 create mode 100644 try/sss_cache_probs/dbprintf.aux.o
 create mode 100644 try/sss_cache_probs/dispatch.lib.c
 create mode 100644 try/sss_cache_probs/dispatch.lib.h
 create mode 100644 try/sss_cache_probs/dispatch.lib.o
 create mode 100644 try/sss_cache_probs/local_common.h
 create mode 100644 try/sss_cache_probs/makefile
 create mode 100755 try/sss_cache_probs/setuid_root.sh
 create mode 100644 try/sss_cache_probs/sss_cache.cli.c
 create mode 100644 try/sss_cache_probs/sss_cache.lib.c
 create mode 100644 try/sss_cache_probs/sss_cache.lib.h
 create mode 100644 try/sss_cache_probs/sss_cache.lib.o

diff --git a/try/sss_cache_probs/dbprintf.aux.c b/try/sss_cache_probs/dbprintf.aux.c
new file mode 100644
index 0000000..edea747
--- /dev/null
+++ b/try/sss_cache_probs/dbprintf.aux.c
@@ -0,0 +1,13 @@
+
+#include <stdarg.h>
+#include <stdio.h>
+#include "dbprintf.aux.h"
+
+int dbprintf(const char *format, ...){
+  va_list args;
+  va_start(args,format);  
+  int ret = vfprintf(stdout, format, args);
+  fflush(stdout);
+  va_end(args);
+  return ret;
+}
diff --git a/try/sss_cache_probs/dbprintf.aux.h b/try/sss_cache_probs/dbprintf.aux.h
new file mode 100644
index 0000000..967fdae
--- /dev/null
+++ b/try/sss_cache_probs/dbprintf.aux.h
@@ -0,0 +1,6 @@
+#ifndef DBPRINTF_AUX_H
+#define DBPRINTF_AUX_H
+
+int dbprintf(const char *format, ...);
+
+#endif
diff --git a/try/sss_cache_probs/dbprintf.aux.o b/try/sss_cache_probs/dbprintf.aux.o
new file mode 100644
index 0000000000000000000000000000000000000000..0b30dabab6ba550d98e6df3ece7ffd326e665b75
GIT binary patch
literal 1680
zcmbu9&ubGw6vy9YwXL?gQ9M-YVNa3;GbBMJ^dONCyGZ;&A)p7bn`A@8CMnsCL_t(=
z#U%uC>0SH>^dfpu3Oxib;-Aoq;K765h4|j?OgddQm-@owz4^?0Z#LhV&9hSZT0&7k
zm;zT|e<movNZpSML0Et#ScHn{|1e+t+CyaepHq{`#PmPh3EcKZ;D$|fW#8Kh+^~=C
z<&LXsM(Md`+!$#_<&9?Cd#@Sxj%KvJYesKRGoJn)dl}4Jz`kSeB1Re7VOUC<zL&?T
zIrMIm^SuJO!BJes^=&FL2gC3|zM1~`CoTA1S<2#Y5WugyuvRRt>Z!Gx6+_Rn9Lwst
zOg5j*WiRQeb-S*cmK*Z)WdqJoJ2d6VIw<|5va&S4Fhar3A)`UIOJ7${CSN6rC*~4g
zFoQt6k=94x&m?YDjXenf6+dyNVy8G$VJ;41m-!hyQ1ifA5@)BS=Lvozva>j7EowS~
zIBv|~P_J%vAGF;DvwD42n@+)T>z$qpj~d}JG#Z;drwKmaFoFIUj=y-mWN$eqC5}t{
z9p};fk5c}kl&?$qR5LZ^JZ`yG6`138L*Eop*WR?4YxiAXb<4GYRUHRdt<!4RZDj3^
zYcsrMX~(r{4}k^gcJqFtYqjiY|NjhhtfxB_J@EoEGI4I<EX)-#`4t?bT>*z|pSTDc
z9Fpd=kGR^)oS)}BdP7x8j<G1dfH~Cju=QE2rJnS6A)DAgEklgO{=%<HOis;+1R2KU
z-s0@Qok1q*^O1U?pTO5Kh|_<W3nFwT{psx$^@7u5M)yVpP5%5k_w;U1ZM2^HMzu!-
XuX)p`u2ES|&8W}trgy2CWYPM6rnAsv

literal 0
HcmV?d00001

diff --git a/try/sss_cache_probs/dispatch.lib.c b/try/sss_cache_probs/dispatch.lib.c
new file mode 100644
index 0000000..fcad514
--- /dev/null
+++ b/try/sss_cache_probs/dispatch.lib.c
@@ -0,0 +1,69 @@
+/*
+fork/exec/wait a command
+
+if the error values returned by the exec'd program
+are less than 1 << 16, then 
+
+*/
+
+// without this #define execvpe is undefined
+#define _GNU_SOURCE   
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <wait.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "local_common.h"
+#include "dispatch.lib.h"
+
+
+
+/*
+ Execs the command passed in argv[0];
+ Returns -1 upon failure.
+
+ The wstatus returned from wait() might be either the error we returned when
+ exec failed, or the return value from the command.  An arbitary command is
+ passed in, so we don't know what its return values might be. Consquently, we
+ have no way of multiplexing a unique exec error code with the command return
+ value within wstatus.  If the prorgrammer knows the return values of the command
+ passed in, and wants better behavior, he or she can spin a special version of 
+ dispatch for that command.
+*/
+int dispatch(char **argv, char **envp){
+  if( !argv || !argv[0] ){
+    fprintf(stderr, "argv[0] null. Null command passed into dispatch().\n");
+    return -1;
+  }
+  #ifdef DEBUG
+    dbprintf("dispatching:\n");
+    char **arg = argv;
+    while( *arg ){
+      dbprintf("arg: %p", arg);
+      dbprintf(" %s\n",*arg);
+    arg++;
+    }
+    dbprintf("\n");
+  #endif
+  char *command = argv[0];
+  pid_t pid = fork();
+  if( pid == -1 ){
+    fprintf(stderr, "fork() failed in dispatch().\n");
+    return -1;
+  }
+  if( pid == 0 ){ // we are the child
+    execvpe(command, argv, envp);
+    // exec will only return if it has an error ..
+    perror(command);
+    return -1;
+  }else{ // we are the parent
+    int wstatus;
+    waitpid(pid, &wstatus, 0);
+    if(wstatus)
+      return -1;
+    else
+      return 0;
+  }
+}
diff --git a/try/sss_cache_probs/dispatch.lib.h b/try/sss_cache_probs/dispatch.lib.h
new file mode 100644
index 0000000..620c6f9
--- /dev/null
+++ b/try/sss_cache_probs/dispatch.lib.h
@@ -0,0 +1,9 @@
+#ifndef DISPATCH_LIB_H
+#define DISPATCH_LIB_H
+#include "local_common.h"
+
+int dispatch(char **argv, char **envp);
+
+#endif
+
+
diff --git a/try/sss_cache_probs/dispatch.lib.o b/try/sss_cache_probs/dispatch.lib.o
new file mode 100644
index 0000000000000000000000000000000000000000..a6a471a0a2f625e9ef6f213e635c7377908aaefe
GIT binary patch
literal 2496
zcmbtUK~EDw6n>=wS^?1*gHe;cpsj&T3u=%=gW$@<04fO@V~knatu&Oj+1&z~5KRas
zn`-pvAMmV4<3TYd8ZXL`s|O7R4tnEYg73}Flx4cT=xb))d*A!s%$vU1d0>oOYKTNY
zN(9cswkJ`5hfUk|05=Dq6<T0|dEeRMMv{38tIR8}u*HQ{a9dc#SY;JpOUvart29yq
z^WMMdMg5kRe@Dm~O|Q35er}<~vDbw00AIp0HrG#~waL7Xwed~bqBgK-Z0_bcegVt1
ziM%$?_{BH!jE%*GjjeKLpwMGjMOdNhH<1eEldLka!YZS<j`53mUzqnv){L%i^MkD?
z*ptz<im~yA&V@`7tQc!c%WkvJY2=6g{DCN@eRuX&^0rne=kvNYhO?F~&divFj8-xo
z$I58Af?L!wIj3a0>8W@^kAZY@g}ePRTA^R-EP>YP#2^OQqCFi?XjwCt=gB)$VR&e$
zUyBcqO(e8Fy+==JJ;_vGswZ_?i;p9pnXZp_pGi=8aFEXck^AEinQxCAX=&d53_E%h
zaT+8e)Zq(l?T;FUTAQN75u|WDY$EC|_)Yz<k!a{m1c>4<Orp3_m_&hJz?x7Lnrkou
zq7Yth6apWC$ZSV_AW$biJ7R}%P)rpKfiV0;9XweFKV1huR|mgX2d`cpJ)fJ@(^VH7
zH)Gj0WasRhYe8nRWaGul^6LcFyp^6USx`bo(S|uQ=azCA+yUS?p8*<B$8h|i&l{yr
z;DiOcLG_YQ=l0@|{1F0CB>$A}!gZmE--1K(^8%OrLE+B|t@4)?{$=4mt;2tz@UIB}
zWgR|$b1+8xw&IX=eieN6|M@0xS^qWR{}5XJe`56Epb*}ML#}@)fbR?7y#bu=pX6(3
zlTbZ0s-iphW?XX;bjP)QJtZyM%A2}t&AXsyOxFZ`(s4kyi@rn8l~ur4q3BvVzAW92
zYo@1>Kxx+0ovdxnSk-<0)6g)Vj;4N@1Bj8x@6q>suCz%X!9oAw0FIzsB@pG6_}{26
zWXhMJgMuh@-w9V=q{kwUI6+b2E)3F||C*n|Tv~HS@6e|=nWX5e>MZM*z*#hiO7Bci
zwnTn+5JX$RRXrHMg48axAQ6=Ll6ynstMsG*<hvpHYW?FF2<xA`5VB9yKgyN)5~q69
vy%B;b0X`Q6)7!KMhni2A+B<~&qEN|qjAJ;d=iiT5Sbm4N(56fjTFw6pTq$ID

literal 0
HcmV?d00001

diff --git a/try/sss_cache_probs/local_common.h b/try/sss_cache_probs/local_common.h
new file mode 100644
index 0000000..4df5bcf
--- /dev/null
+++ b/try/sss_cache_probs/local_common.h
@@ -0,0 +1,12 @@
+#ifndef LOCAL_COMMON_H
+#define LOCAL_COMMON_H
+
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include "dbprintf.aux.h"
+
+#define DEBUG
+typedef unsigned int uint;
+
+#endif
diff --git a/try/sss_cache_probs/makefile b/try/sss_cache_probs/makefile
new file mode 100644
index 0000000..233007a
--- /dev/null
+++ b/try/sss_cache_probs/makefile
@@ -0,0 +1,17 @@
+
+src = $(wildcard *.c)
+obj = $(src:.c=.o)
+CC=gcc
+
+all: sss_cache
+
+sss_cache: $(obj)
+	$(CC) -o $@ $^
+
+.PHONY: clean
+clean:
+	rm -rf $(obj) sss_cache
+
+
+
+
diff --git a/try/sss_cache_probs/setuid_root.sh b/try/sss_cache_probs/setuid_root.sh
new file mode 100755
index 0000000..436fa79
--- /dev/null
+++ b/try/sss_cache_probs/setuid_root.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+# type these things from a sudo prompt:
+#
+
+chown root sss_cache
+chmod u+rsx,u-w,go+rx-s-w sss_cache
+
+
diff --git a/try/sss_cache_probs/sss_cache.cli.c b/try/sss_cache_probs/sss_cache.cli.c
new file mode 100644
index 0000000..6d0e934
--- /dev/null
+++ b/try/sss_cache_probs/sss_cache.cli.c
@@ -0,0 +1,15 @@
+/*
+
+*/
+
+#include <stdio.h>
+#include "sss_cache.lib.h"
+
+int main(int argc, char **argv, char **env){
+  char *command = argv[0];
+  if( argc != 2 ){
+    fprintf(stderr, "usage: %s subu", command);
+    return 1;
+  }
+  return user_mk(argv[1]);
+}
diff --git a/try/sss_cache_probs/sss_cache.lib.c b/try/sss_cache_probs/sss_cache.lib.c
new file mode 100644
index 0000000..109a99f
--- /dev/null
+++ b/try/sss_cache_probs/sss_cache.lib.c
@@ -0,0 +1,126 @@
+/*
+  Makes a new subu user.
+
+  According to the man page, we are not alloed to free the memory allocated by getpwid().
+
+
+setfacl -m d:u:masteru:rwX,u:masteru:rwX subuname
+
+*/
+// without this #define we get the warning: implicit declaration of function âseteuidâ/âsetegidâ
+#define _GNU_SOURCE   
+#include <sys/types.h>
+#include <unistd.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <pwd.h>
+#include <string.h>
+#include <sys/stat.h>
+#include "dispatch.lib.h"
+#include "sss_cache.lib.h"
+
+typedef unsigned int uint;
+
+int user_mk(char *username){
+
+  //--------------------------------------------------------------------------------
+  #ifdef DEBUG
+  dbprintf("Checking we are running from a user and are setuid root.\n");
+  #endif
+  uid_t uid = getuid();
+  uid_t euid = geteuid();
+  gid_t gid = getgid();
+  gid_t egid = getegid();
+  #ifdef DEBUG
+  dbprintf("uid %u, gid %u, euid %u egid %u\n", uid, gid, euid, egid);
+  #endif
+  if( uid == 0 || euid != 0 ){
+    fprintf(stderr, "this program must be run setuid root from a user account\n");
+    return -1;
+  }
+  #ifdef DEBUG
+  dbprintf("yes, uid is not zero, and euid is zero, so we are setuid to the root user.\n");
+  #endif
+
+  //--------------------------------------------------------------------------------
+  char *home;
+  size_t home_len;
+  {
+    #ifdef DEBUG
+    dbprintf("making the home dir path\n");
+    #endif
+    char *prefix = "/home/";
+    home_len = strlen(prefix) + strlen(username);
+    home = (char *)malloc(home_len + 1);
+    if( !home ){
+      perror("sss_cache");
+      return -1;
+    }
+    strcpy (home, prefix);
+    strcpy (home + strlen(prefix), username);
+  }
+  #ifdef DEBUG
+  dbprintf("home dir path: \"%s\"\n", home);
+  #endif
+
+  /*--------------------------------------------------------------------------------
+    note this from the man page:
+
+           -d, --home-dir HOME_DIR The new user will be created using HOME_DIR
+           as the value for the user's login directory. ... The directory HOME_DIR
+           does not have to exist but will not be created if it is missing.
+  */
+  uid_t useruid;
+  gid_t usergid;
+  {
+    #ifdef DEBUG
+    dbprintf("dispatching useradd to create the user\n");
+    #endif
+    char *command = "/usr/sbin/useradd";
+    char *argv[5];
+    argv[0] = command;
+    argv[1] = username;
+    argv[2] = "-d";
+    argv[3] = home;
+    argv[4] = (char *) NULL;
+    char *envp[1];
+    envp[0] = (char *) NULL;
+    int ret = dispatch(argv, envp);
+    if(ret == -1){
+      fprintf(stderr, "useradd failed\n");
+      return -1;
+    }
+    struct passwd *pw_record = getpwnam(username);
+    if( pw_record == NULL ){
+      fprintf(stderr,"getpwnam failed after useradd for username, %s\n", username);
+    }
+    useruid = pw_record->pw_uid;
+    usergid = pw_record->pw_gid;
+  }  
+
+  //--------------------------------------------------------------------------------
+  // create home directory
+  //   we have our reasons for doing this second (setting facls in different places)
+  {
+    #ifdef DEBUG
+    dbprintf("mkdir(%s, 0x0700)\n", home);
+    #endif
+    int ret = mkdir(home, 0x0700);
+    if( ret == -1 ){
+      perror("sss_cache");
+      return -1;
+    }
+    ret = chown(home, useruid, usergid);
+    if( ret == -1 ){
+      perror("sss_cache");
+      return -1;
+    }
+  }
+
+  #ifdef DEBUG
+  dbprintf("finished sss_cache without errors\n", username);
+  #endif
+  return 0;
+}
diff --git a/try/sss_cache_probs/sss_cache.lib.h b/try/sss_cache_probs/sss_cache.lib.h
new file mode 100644
index 0000000..11ab8ee
--- /dev/null
+++ b/try/sss_cache_probs/sss_cache.lib.h
@@ -0,0 +1,6 @@
+#ifndef SUBU_MK_0_LIB_H
+#define SUBU_MK_0_LIB_H
+
+int user_mk(char *subuname);
+
+#endif
diff --git a/try/sss_cache_probs/sss_cache.lib.o b/try/sss_cache_probs/sss_cache.lib.o
new file mode 100644
index 0000000000000000000000000000000000000000..edb0d0f45cd7af982d91d4750eb1d6ffd5b3f653
GIT binary patch
literal 4288
zcmbtYUu+ab7@zAYC<2y$ia~KiYueBrEk>;v&0({4AAkq&qKP8z?d^5f-rb(NvuPnT
zmYf*Y3kfd-UQN&t<3k@CgII;o#s@=Uf+WU-2S}>c1f!3d`hBxA*Xi^&n)s2qneR8>
z_xry2W@mQG`^LUkJ2Dv}B|}~&OPWLpnOwIt&hufOtRrhl!Hn-5GEXd=2h5DWbQc#F
zzryKh{F!h4#Kr<wVq;$Pw?%)e8Qp5`pKlg!H;sk8@!j~E=HHlDAZ%4*VxF*Wvw1I4
zn(^0Pya4@W%#@pRvS|pu`14C00$WN!V>D-to1CU;+%)4^?rX+Z%;rf<zlCIA(ztFm
zp*3bQEjTvj%*MnVi8kwzuRuCxvv3n!=FIp;%VSxXZ}@BmIuY%f8UK)^z}@uaugrZ$
z<UV7@C+nE7WI8#H+N?1t3?K>P6zFHTK5O6}5%YB6ym>ltT*@&vE;S}DEk<gE9|Y^R
z75))vWKdZ?V+yJ=MItKqsCgEvd6~zIXO}hu)<4zEcgDu&$!K$IT;w%bvGa&tCaZD3
zlPIxqp)qk`G1{P2{?~oY!o}u(B%F)C`&aAjt>pD$^DNC1SFuuW9=-y<L#|_wdbJTc
z=1?neXb{zEsFnl2N-Y|NPC%_%iO+=&i@XvIe4pjk;JQH&=!$yji0GXJpiTlvGs0Xi
zr1iib39KruMj@j`9*ioa%Y)jsAJv#7IO>GG6uE(><}-TC3H)B38IK5Pf`q<Yi6CY^
zWiEt*r1@$f^Qy&HjIirh9a{1NTDO?HhU`Lp7YW1gh;7-fLzd0&p*y<59Z5zdF9a9c
z#adyJtWt?WC_8X0=J1G!0%H^gyTYPZg8{c9eI+6t%9dAgN}O=SVfC>Z)F#2GRc286
zmZ6`F!NBRIT_LPt6teE_f}-?~_dnm?-y;fD_G(_}Iwjg#10D02>qm?_LEs1AN`{Aq
z_R#L(1BD(snA@Ejpu77A1_yQzJWIO|f~RS*1n+yUhip!^nPiR~B$@Hf%(k_w?>htc
zz*B%fD&~HI8;R^)-}zz3(7IJ-Bb&Y60aju%rNf);9`gHQyXkD(8=8<T{A(v!U}`5>
z!f(?RQ&~K7Z6r(DC!Hm$R#<NUWTTQNuK{3>K<iv#O~{TEye9=8NWlkF@O%nBoPr-n
z!3!z)TPe7mg1?)Bhbj2+6#Rn}{G$|n>FnkzUNL9$vv#C9N=n6g;MG`}z)6F91UtMr
zu!pOPtJsIE1m}d5#{!Qzpam7D1{X%9;@hOoPY{B3{V0()0J`#{OUfbwKbypM{jpl>
z{NV9apT_N=qu`T^bAQ3R1m#HtK@ficn#6Y^2!i-pXcB)0K@i086Gq}MA_#)`dT0`V
z4M7l@Po8Upye)dPSMzyK;CRIGg(-O&0+&3l&`*gTdGH)a`*Q-9_7{czvFP=<pKA7h
z3VkZYp1;{(4r_*WUXK?H$kn9db-*(#^SP0N|EAy@75l#hF7w|a_&Y?8`EOF}A6Ia^
zLuK5Z3a;ietl+BsA%V-dlJ~G;k8_g0sM!w+y^><j1TO3Lj?m9)cp!BA21LR2Zh<D_
zelKwSIk_WnnSUhoUlbnoImsdc2=YG!P4aIMxX%BCz$O1F!JAWf9#(h`X!g^>{td-m
zt*58pTNR!$jYmEY#}#|^c{r!w_>Pe4`Xq(tGsRxznbGX8i~PS;?A81!#6rPoVZwEi
z3y)TrRfL`eN$<*0;8d&}bH*9Tl`LkFTrmtuF7Ok@_N!H=26ONk=H%cjqAz5YJqiZs
z=D0`7@QLRnLH_?Q1qxiE{sztih9cj)iI&*PG4|V_;j@&7rplyv)lcFi2-Xba2$<kr
zqdW}_asA8VF&#i-5V0MJ0>8b`kW)ARum1QQfSk+r4s<FA|Ih-;{K13^{uzlT{fXN8
z-6UQ{eJvyzNIKcS0<avbrg`;crcCIzuM2-Yf9aoBd~vAfe-N;C`^R5)Femp3_YZxg
zzr-;gJvKmOQsiG3lX(B#4^8(+Oy4_z$X)RXc?K0l^!4K%-_C!l`2Pk=@x`I;{|}Ol
BJ;49~

literal 0
HcmV?d00001

diff --git a/try/useradd_probs/user-mk.cli.c b/try/useradd_probs/user-mk.cli.c
index a2748f3..ff595f5 100644
--- a/try/useradd_probs/user-mk.cli.c
+++ b/try/useradd_probs/user-mk.cli.c
@@ -9,7 +9,7 @@ int main(int argc, char **argv, char **env){
   char *command = argv[0];
   if( argc != 2 ){
     fprintf(stderr, "usage: %s subu", command);
-    return ERR_ARG_CNT;
+    return 1;
   }
   return user_mk(argv[1]);
 }
-- 
2.20.1