[git.ipfire.org] IPFire 2.x development tree branch, fifteen, updated. 2dcea58cc2faf39bd170cef7366f05e940c62751

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, fifteen has been updated via 2dcea58cc2faf39bd170cef7366f05e940c62751 (commit) via 1293811896219e090e48e1bc5a5a1dfdde1ee839 (commit) via 555637d15601156dcbd0eb20a2e77014c6b504ea (commit) via 2b875b3985b17e2fa316825dbd490a94e0de74d6 (commit) via 52e54c1c9a0f530edca461da31279113647fe787 (commit) via 42ec14cf2b98fd599fbeb16a67a1dd7f4fb3e558 (commit) via ab89cb2253f0a46cc05e239afbb62155dfd47fd1 (commit) from 6b6ef098ae40a7a2dc8df4b0ffd700cf0cf7527d (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit 2dcea58cc2faf39bd170cef7366f05e940c62751 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 18:47:16 2013 +0200

misc-progs: Re-indent setuid.c.

commit 1293811896219e090e48e1bc5a5a1dfdde1ee839 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 18:25:33 2013 +0200

misc-progs: Convert to right file encoding.

commit 555637d15601156dcbd0eb20a2e77014c6b504ea Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 18:25:14 2013 +0200

misc-progs: Sync STRING_SIZE.

commit 2b875b3985b17e2fa316825dbd490a94e0de74d6 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 18:23:40 2013 +0200

misc-progs: Remove own copy of strlcat.

Add compatibility define that uses strncat.

commit 52e54c1c9a0f530edca461da31279113647fe787 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 18:22:51 2013 +0200

misc-progs: Move network stuff to own header file.

commit 42ec14cf2b98fd599fbeb16a67a1dd7f4fb3e558 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 16:23:41 2013 +0200

misc-progs: Remove unused functions.

commit ab89cb2253f0a46cc05e239afbb62155dfd47fd1 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Oct 12 16:20:20 2013 +0200

misc-progs: Fix invalid command line argument parsing.

Fixes #10431.

-----------------------------------------------------------------------

Summary of changes: src/install+setup/libsmooth/libsmooth.h | 2 +- src/misc-progs/backupctrl.c | 39 ++-- src/misc-progs/fireinfoctrl.c | 46 ++-- src/misc-progs/getconntracktable.c | 62 +++--- src/misc-progs/iowrap.c | 88 ++++---- src/misc-progs/ipfiredeath.c | 50 ++--- src/misc-progs/ipfirerebirth.c | 50 ++--- src/misc-progs/ipfirereboot.c | 234 ++++++++++---------- src/misc-progs/ipsecctrl.c | 2 + src/misc-progs/netutil.h | 48 ++++ src/misc-progs/openvpnctrl.c | 1 + src/misc-progs/pakfire.c | 14 +- src/misc-progs/rebuildhosts.c | 2 + src/misc-progs/setaliases.c | 6 +- src/misc-progs/setuid.c | 373 +++++++++++++++----------------- src/misc-progs/setuid.h | 50 +---- src/misc-progs/smartctrl.c | 29 ++- src/misc-progs/syslogdctrl.c | 2 + src/misc-progs/wirelessctrl.c | 4 +- 19 files changed, 539 insertions(+), 563 deletions(-) create mode 100644 src/misc-progs/netutil.h

Difference in files: diff --git a/src/install+setup/libsmooth/libsmooth.h b/src/install+setup/libsmooth/libsmooth.h index fb38193..fc166b2 100644 --- a/src/install+setup/libsmooth/libsmooth.h +++ b/src/install+setup/libsmooth/libsmooth.h @@ -35,7 +35,7 @@

#include "langs.h"

-#define STRING_SIZE 1023 +#define STRING_SIZE 1024

#define ADDRESS 0 #define NETADDRESS 1 diff --git a/src/misc-progs/backupctrl.c b/src/misc-progs/backupctrl.c index 2941117..00c8d5b 100644 --- a/src/misc-progs/backupctrl.c +++ b/src/misc-progs/backupctrl.c @@ -15,31 +15,30 @@

int main(int argc, char *argv[]) { int i; - char command[1024]; - char add[STRING_SIZE]; - + char command[STRING_SIZE] = "/var/ipfire/backup/bin/backup.pl"; + char temp[STRING_SIZE]; + if (!(initsetuid())) exit(1);

- snprintf(command, STRING_SIZE, "/var/ipfire/backup/bin/backup.pl"); - for (i = 1; i < argc; i++) { - if (strstr(argv[i], "&&")){ - fprintf (stderr, "Bad Argument!\n"); - exit (1); - } - else if (strstr(argv[i], "|")){ - fprintf (stderr, "Bad Argument!\n"); - exit (1); - } - else if (argc > 3){ - fprintf (stderr, "Too Many Arguments!\n"); - exit (1); + if (strstr(argv[i], "&&")){ + fprintf (stderr, "Bad Argument!\n"); + exit (1); + + } else if (strstr(argv[i], "|")) { + fprintf (stderr, "Bad Argument!\n"); + exit (1); + + } else if (argc > 3) { + fprintf (stderr, "Too Many Arguments!\n"); + exit (1); + + } else { + snprintf(temp, STRING_SIZE, "%s %s", command, argv[i]); + snprintf(command, STRING_SIZE, "%s", temp); } - else{ - sprintf(add, " %s", argv[i]); - strcat(command, add); - } } + return safe_system(command); } diff --git a/src/misc-progs/fireinfoctrl.c b/src/misc-progs/fireinfoctrl.c index 963459a..a026ba0 100644 --- a/src/misc-progs/fireinfoctrl.c +++ b/src/misc-progs/fireinfoctrl.c @@ -1,23 +1,23 @@ -/* IPFire helper program - fireinfoctrl - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) IPFire Team, 2011 - * - * Simple program that calls "sendprofile" as the root user. - * - */ - -#include <stdlib.h> -#include "setuid.h" - -int main(void) -{ - if (!(initsetuid())) - exit(1); - - safe_system("/usr/bin/sendprofile"); - - return 0; -} +/* IPFire helper program - fireinfoctrl + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) IPFire Team, 2011 + * + * Simple program that calls "sendprofile" as the root user. + * + */ + +#include <stdlib.h> +#include "setuid.h" + +int main(void) +{ + if (!(initsetuid())) + exit(1); + + safe_system("/usr/bin/sendprofile"); + + return 0; +} diff --git a/src/misc-progs/getconntracktable.c b/src/misc-progs/getconntracktable.c index 674b211..78eb11a 100644 --- a/src/misc-progs/getconntracktable.c +++ b/src/misc-progs/getconntracktable.c @@ -1,31 +1,31 @@ -/* IPFire helper program - getconntracktable - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * The kernel's connection tracking table is not readable by - * non-root users. So this helper will just read and output it. - */ - -#include <stdio.h> -#include <stdlib.h> -#include "setuid.h" - -int main(void) { - if (!(initsetuid())) - exit(1); - - FILE *fp = fopen("/proc/net/nf_conntrack", "r"); - if (fp == NULL) { - exit(1); - } - - /* Read content line by line and write it to stdout. */ - char linebuf[STRING_SIZE]; - while (fgets(linebuf, STRING_SIZE, fp)) { - printf("%s", linebuf); - } - - fclose(fp); - return 0; -} +/* IPFire helper program - getconntracktable + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * The kernel's connection tracking table is not readable by + * non-root users. So this helper will just read and output it. + */ + +#include <stdio.h> +#include <stdlib.h> +#include "setuid.h" + +int main(void) { + if (!(initsetuid())) + exit(1); + + FILE *fp = fopen("/proc/net/nf_conntrack", "r"); + if (fp == NULL) { + exit(1); + } + + /* Read content line by line and write it to stdout. */ + char linebuf[STRING_SIZE]; + while (fgets(linebuf, STRING_SIZE, fp)) { + printf("%s", linebuf); + } + + fclose(fp); + return 0; +} diff --git a/src/misc-progs/iowrap.c b/src/misc-progs/iowrap.c index e56203e..115ec2a 100644 --- a/src/misc-progs/iowrap.c +++ b/src/misc-progs/iowrap.c @@ -1,44 +1,44 @@ -/* SmoothWall helper program - iowrap. - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Lawrence Manning, 2001 - * Installer helper for redirecting stdout/stderr to a file/terminal. - * init calls ash through this program to shove it on a tty. - * - * $Id: iowrap.c,v 1.2 2001/11/27 15:20:50 riddles Exp $ - * - */ - -#include <stdio.h> -#include <sys/types.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <unistd.h> - -int main(int argc, char *argv[]) -{ - /* Prog takes one argument. A device to run on (like a getty) */ - if (argc >= 2) - { - int fd; - - if ((fd = open(argv[1], O_RDWR)) == -1) - { - printf("Couldn't open device\n"); - return 0; - } - dup2(fd, 0); - dup2(fd, 1); - dup2(fd, 2); - /* Now its sending/reading on that device. */ - } - - if (argc >= 3) - execvp(argv[2], &argv[2]); - else - printf("No command\n"); - - return 0; -} +/* SmoothWall helper program - iowrap. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Lawrence Manning, 2001 + * Installer helper for redirecting stdout/stderr to a file/terminal. + * init calls ash through this program to shove it on a tty. + * + * $Id: iowrap.c,v 1.2 2001/11/27 15:20:50 riddles Exp $ + * + */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <unistd.h> + +int main(int argc, char *argv[]) +{ + /* Prog takes one argument. A device to run on (like a getty) */ + if (argc >= 2) + { + int fd; + + if ((fd = open(argv[1], O_RDWR)) == -1) + { + printf("Couldn't open device\n"); + return 0; + } + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + /* Now its sending/reading on that device. */ + } + + if (argc >= 3) + execvp(argv[2], &argv[2]); + else + printf("No command\n"); + + return 0; +} diff --git a/src/misc-progs/ipfiredeath.c b/src/misc-progs/ipfiredeath.c index 9115b4f..8a13fa6 100644 --- a/src/misc-progs/ipfiredeath.c +++ b/src/misc-progs/ipfiredeath.c @@ -1,25 +1,25 @@ -/* SmoothWall helper program - smoothiedeath - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Lawrence Manning, 2001 - * Simple program intended to be installed setuid(0) that can be used for - * starting shutdown. - * - * $Id: ipcopdeath.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ - * - */ - -#include <stdlib.h> -#include "setuid.h" - -int main(void) -{ - if (!(initsetuid())) - exit(1); - - safe_system("/sbin/shutdown -h now"); - - return 0; -} +/* SmoothWall helper program - smoothiedeath + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Lawrence Manning, 2001 + * Simple program intended to be installed setuid(0) that can be used for + * starting shutdown. + * + * $Id: ipcopdeath.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ + * + */ + +#include <stdlib.h> +#include "setuid.h" + +int main(void) +{ + if (!(initsetuid())) + exit(1); + + safe_system("/sbin/shutdown -h now"); + + return 0; +} diff --git a/src/misc-progs/ipfirerebirth.c b/src/misc-progs/ipfirerebirth.c index dd7988e..10230c3 100644 --- a/src/misc-progs/ipfirerebirth.c +++ b/src/misc-progs/ipfirerebirth.c @@ -1,25 +1,25 @@ -/* SmoothWall helper program - smoothierebirth - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Lawrence Manning, 2001 - * Simple program intended to be installed setuid(0) that can be used for - * starting reboot. - * - * $Id: ipcoprebirth.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ - * - */ - -#include <stdlib.h> -#include "setuid.h" - -int main(void) -{ - if (!(initsetuid())) - exit(1); - - safe_system("/sbin/shutdown -r now"); - - return 0; -} +/* SmoothWall helper program - smoothierebirth + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Lawrence Manning, 2001 + * Simple program intended to be installed setuid(0) that can be used for + * starting reboot. + * + * $Id: ipcoprebirth.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ + * + */ + +#include <stdlib.h> +#include "setuid.h" + +int main(void) +{ + if (!(initsetuid())) + exit(1); + + safe_system("/sbin/shutdown -r now"); + + return 0; +} diff --git a/src/misc-progs/ipfirereboot.c b/src/misc-progs/ipfirereboot.c index 05dddaf..5e75879 100644 --- a/src/misc-progs/ipfirereboot.c +++ b/src/misc-progs/ipfirereboot.c @@ -1,117 +1,117 @@ -/* - * This file is part of the IPCop Firewall. - * - * IPCop is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * IPCop is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with IPCop; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Copyright (C) 2005-10-25 Franck Bourdonnec - * - * $Id: ipcopreboot.c,v 1.1.2.2 2005/10/24 23:05:50 franck78 Exp $ - * - */ - -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include "setuid.h" - - -/* define operations */ -#define OP_REBOOT "boot" -#define OP_REBOOT_FS "bootfs" // add filesystem check option (not yet in GUI) -#define OP_SHUTDOWN "down" -#define OP_SCHEDULE_ADD "cron+" -#define OP_SCHEDULE_REM "cron-" -#define OP_SCHEDULE_GET "cron?" - -int main(int argc, char**argv) -{ - - if (!(initsetuid())) - return 1; - - // Check what command is asked - if (argc==1) - { - fprintf (stderr, "Missing reboot command!\n"); - return 1; - } - - if (argc==2 && strcmp(argv[1], OP_SHUTDOWN)==0) - { - safe_system("/sbin/shutdown -h now"); - return 0; - } - - if (argc==2 && strcmp(argv[1], OP_REBOOT)==0) - { - safe_system("/sbin/shutdown -r now"); - return 0; - } - - if (argc==2 && strcmp(argv[1], OP_REBOOT_FS)==0) - { - safe_system("/sbin/shutdown -F -r now"); - return 0; - } - - // output schedule to stdout - if (argc==2 && strcmp(argv[1], OP_SCHEDULE_GET)==0) - { - safe_system("/bin/grep /sbin/shutdown /var/spool/cron/root.orig"); - return 0; - } - - if (argc==2 && strcmp(argv[1], OP_SCHEDULE_REM)==0) - { - safe_system("/usr/bin/perl -i -p -e 's/^.*\/sbin\/shutdown.*$//s' /var/spool/cron/root.orig"); - safe_system("/usr/bin/fcrontab -u root -z"); - return 0; - } - - if (argc==6 && strcmp(argv[1], OP_SCHEDULE_ADD)==0) - { - // check args - if (!( strlen(argv[2])<3 && - strspn(argv[2], "0123456789") == strlen (argv[2]) && - strlen(argv[3])<3 && - strspn(argv[3], "0123456789") == strlen (argv[3]) && - strlen(argv[4])<14 && - strspn(argv[4], "1234567,*") == strlen (argv[4]) && - ((strcmp(argv[5], "-r")==0) || //reboot - (strcmp(argv[5], "-h")==0)) ) //hangup - ) { - fprintf (stderr, "Bad cron+ parameters!\n"); - return 1; - } - - // remove old entry - safe_system("/usr/bin/perl -i -p -e 's/^.*\/sbin\/shutdown.*$//s' /var/spool/cron/root.orig"); - - // add new entry - FILE *fd = NULL; - if ((fd = fopen("/var/spool/cron/root.orig", "a"))) - { - fprintf (fd,"%s %s * * %s /sbin/shutdown %s 1\n",argv[2],argv[3],argv[4],argv[5]); - fclose (fd); - } - - // inform cron - safe_system("/usr/bin/fcrontab -u root -z"); - return 0; - } - - fprintf (stderr, "Bad reboot command!\n"); - return 1; -} +/* + * This file is part of the IPCop Firewall. + * + * IPCop is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * IPCop is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with IPCop; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright (C) 2005-10-25 Franck Bourdonnec + * + * $Id: ipcopreboot.c,v 1.1.2.2 2005/10/24 23:05:50 franck78 Exp $ + * + */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include "setuid.h" + + +/* define operations */ +#define OP_REBOOT "boot" +#define OP_REBOOT_FS "bootfs" // add filesystem check option (not yet in GUI) +#define OP_SHUTDOWN "down" +#define OP_SCHEDULE_ADD "cron+" +#define OP_SCHEDULE_REM "cron-" +#define OP_SCHEDULE_GET "cron?" + +int main(int argc, char**argv) +{ + + if (!(initsetuid())) + return 1; + + // Check what command is asked + if (argc==1) + { + fprintf (stderr, "Missing reboot command!\n"); + return 1; + } + + if (argc==2 && strcmp(argv[1], OP_SHUTDOWN)==0) + { + safe_system("/sbin/shutdown -h now"); + return 0; + } + + if (argc==2 && strcmp(argv[1], OP_REBOOT)==0) + { + safe_system("/sbin/shutdown -r now"); + return 0; + } + + if (argc==2 && strcmp(argv[1], OP_REBOOT_FS)==0) + { + safe_system("/sbin/shutdown -F -r now"); + return 0; + } + + // output schedule to stdout + if (argc==2 && strcmp(argv[1], OP_SCHEDULE_GET)==0) + { + safe_system("/bin/grep /sbin/shutdown /var/spool/cron/root.orig"); + return 0; + } + + if (argc==2 && strcmp(argv[1], OP_SCHEDULE_REM)==0) + { + safe_system("/usr/bin/perl -i -p -e 's/^.*\/sbin\/shutdown.*$//s' /var/spool/cron/root.orig"); + safe_system("/usr/bin/fcrontab -u root -z"); + return 0; + } + + if (argc==6 && strcmp(argv[1], OP_SCHEDULE_ADD)==0) + { + // check args + if (!( strlen(argv[2])<3 && + strspn(argv[2], "0123456789") == strlen (argv[2]) && + strlen(argv[3])<3 && + strspn(argv[3], "0123456789") == strlen (argv[3]) && + strlen(argv[4])<14 && + strspn(argv[4], "1234567,*") == strlen (argv[4]) && + ((strcmp(argv[5], "-r")==0) || //reboot + (strcmp(argv[5], "-h")==0)) ) //hangup + ) { + fprintf (stderr, "Bad cron+ parameters!\n"); + return 1; + } + + // remove old entry + safe_system("/usr/bin/perl -i -p -e 's/^.*\/sbin\/shutdown.*$//s' /var/spool/cron/root.orig"); + + // add new entry + FILE *fd = NULL; + if ((fd = fopen("/var/spool/cron/root.orig", "a"))) + { + fprintf (fd,"%s %s * * %s /sbin/shutdown %s 1\n",argv[2],argv[3],argv[4],argv[5]); + fclose (fd); + } + + // inform cron + safe_system("/usr/bin/fcrontab -u root -z"); + return 0; + } + + fprintf (stderr, "Bad reboot command!\n"); + return 1; +} diff --git a/src/misc-progs/ipsecctrl.c b/src/misc-progs/ipsecctrl.c index 365807c..570fdeb 100644 --- a/src/misc-progs/ipsecctrl.c +++ b/src/misc-progs/ipsecctrl.c @@ -13,7 +13,9 @@ #include <sys/types.h> #include <sys/stat.h> #include <signal.h> + #include "setuid.h" +#include "netutil.h"

/* This module is responsible for start stop of the vpn system. diff --git a/src/misc-progs/netutil.h b/src/misc-progs/netutil.h new file mode 100644 index 0000000..e96eb5d --- /dev/null +++ b/src/misc-progs/netutil.h @@ -0,0 +1,48 @@ + +#ifndef NETUTIL_H +#define NETUTIL_H 1 + +#include <stdlib.h> + +#define LETTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" +#define NUMBERS "0123456789" +#define LETTERS_NUMBERS LETTERS NUMBERS +#define IP_NUMBERS "./" NUMBERS +#define PORT_NUMBERS ":-" NUMBERS +#define VALID_FQDN LETTERS_NUMBERS ".-" + +#define VALID_IP(ip) (strlen(ip) > 6 \ + && strlen(ip) < 16 \ + && strspn(ip, NUMBERS ".") == strlen(ip)) + +#define VALID_IP_AND_MASK(ip) (strlen(ip) > 6 \ + && strlen(ip) < 32 \ + && strspn(ip, IP_NUMBERS) == strlen(ip)) + +#define VALID_PORT(port) (strlen(port) \ + && strlen(port) < 6 \ + && strspn(port, NUMBERS) == strlen(port)) + +#define VALID_PORT_RANGE(port) (strlen(port) \ + && strlen(port) < 12 \ + && strspn(port, PORT_NUMBERS) == strlen(port)) + +#define VALID_SHORT_MASK(ip) (strlen(ip) > 1 \ + && strlen(ip) < 3 \ + && strspn(ip, NUMBERS) == strlen(ip)) + +/* Can't find any info on valid characters/length hopefully these are + * reasonable guesses */ +#define VALID_DEVICE(dev) (strlen(dev) \ + && strlen(dev) < 16 \ + && strspn(dev, LETTERS_NUMBERS ":.") == strlen(dev)) + +/* Again, can't find any hard and fast rules for protocol names, these + * restrictions are based on the keywords currently listed in + * http://www.iana.org/assignments/protocol-numbers + * though currently the ipcop cgis will only pass tcp, udp or gre anyway */ +#define VALID_PROTOCOL(prot) (strlen(prot) \ + && strlen(prot) <16 \ + && strspn(prot, LETTERS_NUMBERS "-") == strlen(prot)) + +#endif diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index 4c1d1c3..2577788 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -8,6 +8,7 @@ #include <netinet/in.h> #include <fcntl.h> #include "setuid.h" +#include "netutil.h" #include "libsmooth.h"

#define noovpndebug diff --git a/src/misc-progs/pakfire.c b/src/misc-progs/pakfire.c index 113216f..fe6edfc 100644 --- a/src/misc-progs/pakfire.c +++ b/src/misc-progs/pakfire.c @@ -15,18 +15,16 @@

int main(int argc, char *argv[]) { int i; - char command[1024]; - char add[STRING_SIZE]; - + char command[STRING_SIZE] = "/opt/pakfire/pakfire"; + char temp[STRING_SIZE]; + if (!(initsetuid())) exit(1);

- snprintf(command, STRING_SIZE, "/opt/pakfire/pakfire"); - for (i = 1; i < argc; i++) { - sprintf(add, " %s", argv[i]); - strcat(command, add); + snprintf(temp, STRING_SIZE, "%s %s", command, argv[i]); + snprintf(command, STRING_SIZE, "%s", temp); } - + return safe_system(command); } diff --git a/src/misc-progs/rebuildhosts.c b/src/misc-progs/rebuildhosts.c index e831858..21c5236 100644 --- a/src/misc-progs/rebuildhosts.c +++ b/src/misc-progs/rebuildhosts.c @@ -19,7 +19,9 @@ #include <sys/types.h> #include <sys/stat.h> #include <signal.h> + #include "setuid.h" +#include "netutil.h"

FILE *fd = NULL; FILE *hosts = NULL; diff --git a/src/misc-progs/setaliases.c b/src/misc-progs/setaliases.c index ea4bc11..93af1cb 100644 --- a/src/misc-progs/setaliases.c +++ b/src/misc-progs/setaliases.c @@ -13,8 +13,6 @@ * */

-#include "libsmooth.h" -#include "setuid.h" #include <stdio.h> #include <stdlib.h> #include <string.h> @@ -23,6 +21,10 @@ #include <sys/stat.h> #include <fcntl.h>

+#include "libsmooth.h" +#include "setuid.h" +#include "netutil.h" + struct keyvalue *kv = NULL; FILE *file = NULL;

diff --git a/src/misc-progs/setuid.c b/src/misc-progs/setuid.c index d7fabd4..e54b5d3 100644 --- a/src/misc-progs/setuid.c +++ b/src/misc-progs/setuid.c @@ -1,204 +1,169 @@ -/* This file is part of the IPCop Firewall. - * - * IPCop is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * IPCop is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with IPCop; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Copyright (C) 2003-04-22 Robert Kerr rkerr@go.to - * - * $Id: setuid.c,v 1.2.2.1 2005/11/18 14:51:43 franck78 Exp $ - * - */ - -#include <stdio.h> -#include <string.h> -#include <errno.h> -#include <unistd.h> -#include <stdlib.h> -#include <sys/types.h> -#include <limits.h> -#include <sys/time.h> -#include <sys/resource.h> -#include <sys/stat.h> -#include <fcntl.h> -#include <grp.h> -#include <signal.h> -#include <sys/wait.h> -#include <glob.h> -#include "setuid.h" - -#ifndef OPEN_MAX -#define OPEN_MAX 256 -#endif - -/* Trusted environment for executing commands */ -char * trusted_env[4]={ - "PATH=/usr/bin:/usr/sbin:/sbin:/bin", - "SHELL=/bin/sh", - "TERM=dumb", - NULL}; - -/* Spawns a child process that uses /bin/sh to interpret a command. - * This is much the same in use and purpose as system(), yet as it uses execve - * to pass a trusted environment it's immune to attacks based upon changing - * IFS, ENV, BASH_ENV and other such variables. - * Note this does NOT guard against any other attacks, inparticular you MUST - * validate the command you are passing. If the command is formed from user - * input be sure to check this input is what you expect. Nasty things can - * happen if a user can inject ; or `` into your command for example */ -int safe_system(char* command) -{ - return system_core( command, 0, 0, "safe_system" ); -} - -/* Much like safe_system but lets you specify a non-root uid and gid to run - * the command as */ -int unpriv_system(char* command, uid_t uid, gid_t gid) -{ - return system_core(command, uid, gid, "unpriv_system" ); -} - -int system_core(char* command, uid_t uid, gid_t gid, char *error) -{ - int pid, status; - - if(!command) - return 1; - - switch( pid = fork() ) - { - case -1: - return -1; - case 0: /* child */ - { - char * argv[4]; - if (gid && setgid(gid)) - { - fprintf(stderr, "%s: ", error); - perror("Couldn't setgid"); - exit(127); - } - if (uid && setuid(uid)) - { - fprintf(stderr, "%s: ", error); - perror("Couldn't setuid"); - exit(127); - } - argv[0] = "sh"; - argv[1] = "-c"; - argv[2] = command; - argv[3] = NULL; - execve("/bin/sh", argv, trusted_env); - fprintf(stderr, "%s: ", error); - perror("execve failed"); - exit(127); - } - default: /* parent */ - do { - if( waitpid(pid, &status, 0) == -1 ) { - if( errno != EINTR ) - return -1; - } else - return status; - } while (1); - } - -} - -/* BSD style safe strcat; from the secure programming cookbook */ -size_t strlcat(char *dst, const char *src, size_t len) { - char *dstptr = dst; - size_t dstlen, tocopy = len; - const char *srcptr = src; - - while (tocopy-- && *dstptr) dstptr++; - dstlen = dstptr - dst; - if (!(tocopy = len - dstlen)) return (dstlen + strlen(src)); - while (*srcptr) { - if (tocopy != 1) { - *dstptr++ = *srcptr; - tocopy--; - } - srcptr++; - } - *dstptr = 0; - - return (dstlen + (srcptr - src)); -} - -/* General routine to initialise a setuid root program, and put the - * environment in a known state. Returns 1 on success, if initsetuid() returns - * 0 then you should exit(1) immediately, DON'T attempt to recover from the - * error */ -int initsetuid(void) -{ - int fds,i; - struct stat st; - struct rlimit rlim; - - /* Prevent signal tricks by ignoring all except SIGKILL and SIGCHILD */ - for( i = 0; i < NSIG; i++ ) { - if( i != SIGKILL && i != SIGCHLD ) - signal(i, SIG_IGN); - } - - /* dump all non-standard file descriptors (a full descriptor table could - * lead to DoS by preventing us opening files) */ - if ((fds = getdtablesize()) == -1) fds = OPEN_MAX; - for( i = 3; i < fds; i++ ) close(i); - - /* check stdin, stdout & stderr are open before going any further */ - for( i = 0; i < 3; i++ ) - if( fstat(i, &st) == -1 && ((errno != EBADF) || (close(i), open("/dev/null", O_RDWR, 0)) != i )) - return 0; - - /* disable core dumps in case we're processing sensitive information */ - rlim.rlim_cur = rlim.rlim_max = 0; - if(setrlimit(RLIMIT_CORE, &rlim)) - { perror("Couldn't disable core dumps"); return 0; } - - /* drop any supplementary groups, set uid & gid to root */ - if (setgroups(0, NULL)) { perror("Couldn't clear group list"); return 0; } - if (setgid(0)) { perror("Couldn't setgid(0)"); return 0; } - if (setuid(0)) { perror("Couldn't setuid(0)"); return 0; } - - return 1; -} - -/* check whether a file exists */ -int file_exists(const char *fname) { - struct stat st; - stat(fname, &st); - return S_ISREG(st.st_mode) ? 1 : 0; -} - -/* check whether a file exists. fname is wildcard eg: file_exists (/tmp/foo*) */ -int file_exists_w(const char *fname) -{ - /* do a quick check first */ - struct stat st; - stat(fname, &st); - if (S_ISREG(st.st_mode)) - return 1; - - /* check for possible wild cards in name */ - glob_t globbuf; - int retval=0; - if (glob(fname, GLOB_ERR, NULL, &globbuf)==0) { - if (globbuf.gl_pathc>0) { - retval=1; - } - } - globfree(&globbuf); - return retval; -} +/* This file is part of the IPCop Firewall. + * + * IPCop is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * IPCop is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with IPCop; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright (C) 2003-04-22 Robert Kerr rkerr@go.to + * + * $Id: setuid.c,v 1.2.2.1 2005/11/18 14:51:43 franck78 Exp $ + * + */ + +#include <stdio.h> +#include <string.h> +#include <errno.h> +#include <unistd.h> +#include <stdlib.h> +#include <sys/types.h> +#include <limits.h> +#include <sys/time.h> +#include <sys/resource.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <grp.h> +#include <signal.h> +#include <sys/wait.h> +#include <glob.h> +#include "setuid.h" + +#ifndef OPEN_MAX +#define OPEN_MAX 256 +#endif + +/* Trusted environment for executing commands */ +char * trusted_env[4] = { + "PATH=/usr/bin:/usr/sbin:/sbin:/bin", + "SHELL=/bin/sh", + "TERM=dumb", + NULL +}; + +/* Spawns a child process that uses /bin/sh to interpret a command. + * This is much the same in use and purpose as system(), yet as it uses execve + * to pass a trusted environment it's immune to attacks based upon changing + * IFS, ENV, BASH_ENV and other such variables. + * Note this does NOT guard against any other attacks, inparticular you MUST + * validate the command you are passing. If the command is formed from user + * input be sure to check this input is what you expect. Nasty things can + * happen if a user can inject ; or `` into your command for example */ +int safe_system(char* command) { + return system_core(command, 0, 0, "safe_system"); +} + +/* Much like safe_system but lets you specify a non-root uid and gid to run + * the command as */ +int unpriv_system(char* command, uid_t uid, gid_t gid) { + return system_core(command, uid, gid, "unpriv_system"); +} + +int system_core(char* command, uid_t uid, gid_t gid, char *error) { + int pid, status; + + if(!command) + return 1; + + switch(pid = fork()) { + case -1: + return -1; + + case 0: /* child */ { + char *argv[4]; + + if (gid && setgid(gid)) { + fprintf(stderr, "%s: ", error); + perror("Couldn't setgid"); + exit(127); + } + + if (uid && setuid(uid)) { + fprintf(stderr, "%s: ", error); + perror("Couldn't setuid"); + exit(127); + } + + argv[0] = "sh"; + argv[1] = "-c"; + argv[2] = command; + argv[3] = NULL; + execve("/bin/sh", argv, trusted_env); + fprintf(stderr, "%s: ", error); + perror("execve failed"); + exit(127); + } + + default: /* parent */ + do { + if (waitpid(pid, &status, 0) == -1) { + if (errno != EINTR) + return -1; + } else { + return status; + } + } while (1); + } + +} + +/* General routine to initialise a setuid root program, and put the + * environment in a known state. Returns 1 on success, if initsetuid() returns + * 0 then you should exit(1) immediately, DON'T attempt to recover from the + * error */ +int initsetuid(void) { + int fds, i; + struct stat st; + struct rlimit rlim; + + /* Prevent signal tricks by ignoring all except SIGKILL and SIGCHILD */ + for (i = 0; i < NSIG; i++) { + if (i != SIGKILL && i != SIGCHLD) + signal(i, SIG_IGN); + } + + /* dump all non-standard file descriptors (a full descriptor table could + * lead to DoS by preventing us opening files) */ + if ((fds = getdtablesize()) == -1) + fds = OPEN_MAX; + for (i = 3; i < fds; i++) + close(i); + + /* check stdin, stdout & stderr are open before going any further */ + for (i = 0; i < 3; i++) + if( fstat(i, &st) == -1 && ((errno != EBADF) || (close(i), open("/dev/null", O_RDWR, 0)) != i)) + return 0; + + /* disable core dumps in case we're processing sensitive information */ + rlim.rlim_cur = rlim.rlim_max = 0; + if (setrlimit(RLIMIT_CORE, &rlim)) { + perror("Couldn't disable core dumps"); + return 0; + } + + /* drop any supplementary groups, set uid & gid to root */ + if (setgroups(0, NULL)) { + perror("Couldn't clear group list"); + return 0; + } + + if (setgid(0)) { + perror("Couldn't setgid(0)"); + return 0; + } + + if (setuid(0)) { + perror("Couldn't setuid(0)"); + return 0; + } + + return 1; +} diff --git a/src/misc-progs/setuid.h b/src/misc-progs/setuid.h index e253a76..2e90537 100644 --- a/src/misc-progs/setuid.h +++ b/src/misc-progs/setuid.h @@ -15,60 +15,18 @@ /* As nothing in setuid.c uses STRING_SIZE specifically there's no real reason * to redefine it if it already is set */ #ifndef STRING_SIZE -#define STRING_SIZE 256 +#define STRING_SIZE 1024 #endif -#define LETTERS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" -#define NUMBERS "0123456789" -#define LETTERS_NUMBERS LETTERS NUMBERS -#define IP_NUMBERS "./" NUMBERS -#define PORT_NUMBERS ":-" NUMBERS -#define VALID_FQDN LETTERS_NUMBERS ".-" - - -#define VALID_IP(ip) (strlen(ip) > 6 \ - && strlen(ip) < 16 \ - && strspn(ip, NUMBERS ".") == strlen(ip)) - -#define VALID_IP_AND_MASK(ip) (strlen(ip) > 6 \ - && strlen(ip) < 32 \ - && strspn(ip, IP_NUMBERS) == strlen(ip)) - -#define VALID_PORT(port) (strlen(port) \ - && strlen(port) < 6 \ - && strspn(port, NUMBERS) == strlen(port)) - -#define VALID_PORT_RANGE(port) (strlen(port) \ - && strlen(port) < 12 \ - && strspn(port, PORT_NUMBERS) == strlen(port)) - -#define VALID_SHORT_MASK(ip) (strlen(ip) > 1 \ - && strlen(ip) < 3 \ - && strspn(ip, NUMBERS) == strlen(ip)) - -/* Can't find any info on valid characters/length hopefully these are - * reasonable guesses */ -#define VALID_DEVICE(dev) (strlen(dev) \ - && strlen(dev) < 16 \ - && strspn(dev, LETTERS_NUMBERS ":.") == strlen(dev)) - -/* Again, can't find any hard and fast rules for protocol names, these - * restrictions are based on the keywords currently listed in - * http://www.iana.org/assignments/protocol-numbers - * though currently the ipcop cgis will only pass tcp, udp or gre anyway */ -#define VALID_PROTOCOL(prot) (strlen(prot) \ - && strlen(prot) <16 \ - && strspn(prot, LETTERS_NUMBERS "-") == strlen(prot))

extern char * trusted_env[4];

int system_core(char* command, uid_t uid, gid_t gid, char *error); int safe_system(char* command); int unpriv_system(char* command, uid_t uid, gid_t gid); -size_t strlcat(char *dst, const char *src, size_t len); int initsetuid(void);

-/* check whether a file exists */ -int file_exists(const char *fname); -int file_exists_w(const char *fname); //wildcard filename test +/* Compatibility for the local copy of strlcat, + * which has been removed. */ +#define strlcat(src, dst, size) strncat(src, dst, size)

#endif diff --git a/src/misc-progs/smartctrl.c b/src/misc-progs/smartctrl.c index d9dd846..c6451ac 100644 --- a/src/misc-progs/smartctrl.c +++ b/src/misc-progs/smartctrl.c @@ -13,31 +13,28 @@ #include <fcntl.h> #include "setuid.h"

-#define BUFFER_SIZE 1024 - -char command[BUFFER_SIZE]; - int main(int argc, char *argv[]) { - if (!(initsetuid())) - exit(1); + exit(1);

- if (argc < 2) { - fprintf(stderr, "\nNo argument given.\n\nsmartctrl <device>\n\n"); - exit(1); - } + if (argc < 2) { + fprintf(stderr, "\nNo argument given.\n\nsmartctrl <device>\n\n"); + exit(1); + }

+ char command[STRING_SIZE]; + snprintf(command, STRING_SIZE, "/var/run/hddshutdown-%s", argv[1]);

- sprintf(command, "/var/run/hddshutdown-%s", argv[1]); - FILE *fp = fopen(command,"r"); - if( fp ) { + FILE *fp = fopen(command, "r"); + if (fp != NULL) { fclose(fp); + printf("\nDisk %s is in Standby. Do nothing because we won't wakeup\n",argv[1]); - exit(1); + exit(1); }

- sprintf(command, "smartctl -iHA /dev/%s", argv[1]); - safe_system(command); + snprintf(command, STRING_SIZE, "smartctl -iHA /dev/%s", argv[1]); + safe_system(command);

return 0; } diff --git a/src/misc-progs/syslogdctrl.c b/src/misc-progs/syslogdctrl.c index 993cc93..8111c84 100644 --- a/src/misc-progs/syslogdctrl.c +++ b/src/misc-progs/syslogdctrl.c @@ -19,8 +19,10 @@ #include <fcntl.h> #include <signal.h> #include <errno.h> + #include "libsmooth.h" #include "setuid.h" +#include "netutil.h"

#define ERR_ANY 1 #define ERR_SETTINGS 2 /* error in settings file */ diff --git a/src/misc-progs/wirelessctrl.c b/src/misc-progs/wirelessctrl.c index 8ca7a81..e3a1107 100644 --- a/src/misc-progs/wirelessctrl.c +++ b/src/misc-progs/wirelessctrl.c @@ -16,9 +16,11 @@ #include <sys/types.h> #include <sys/stat.h> #include <signal.h> -#include "setuid.h" #include <errno.h>

+#include "setuid.h" +#include "netutil.h" + FILE *fd = NULL; char blue_dev[STRING_SIZE] = ""; char command[STRING_SIZE];

hooks/post-receive -- IPFire 2.x development tree