Changeset 16 for trunk/software/tty/readtty_command.c

Timestamp:

Nov 21, 2024, 12:09:38 PM (7 weeks ago)

Author:

bouyer

Message:

For the 'P' command, check that the user is in group wheel or sudo

File:

• trunk/software/tty/readtty_command.c (modified) (2 diffs)

trunk/software/tty/readtty_command.c

@@ -10 +10 @@
 #include <sys/ioctl.h>
 #include <sys/select.h>
+#include <pwd.h>
+#include <grp.h>
 
 volatile int quit;
@@ -79 +81 @@
         if (argc != 2)
                 usage();
+        if (*argv[1] == 'P') {
+                /* check if user is in group wheel or sudo */
+                gid_t mygroups[64];
+                int ngroups = 64;
+                struct passwd *pwp = getpwuid(getuid());
+                if (pwp == NULL) {
+                        err(1, "getpwuid(%d)", getuid());
+                }
+                if ((i = getgrouplist(pwp->pw_name, pwp->pw_gid, mygroups, &ngroups))
+                    != 0) {
+                        fprintf(stderr, "getgrouplist(%s,%d) fail: %d %d\n",
+                            pwp->pw_name, pwp->pw_gid, i, ngroups);
+                        exit(1);
+                }
+                for (i = 0; i < ngroups; i++) {
+                        struct group *grpp = getgrgid(mygroups[i]);
+                        if (grpp == NULL) {
+                                err(1, "getgrgid(%d)", mygroups[i]);
+                        }
+                        if (strcmp(grpp->gr_name, "wheel") == 0 ||
+                            strcmp(grpp->gr_name, "sudo") == 0) {
+                                break;
+                        }
+                }
+                if (i == ngroups) {
+                        errx(1, "command %s: permission denied", argv[1]);
+                }
+        }
 
         d = open(argv[0], O_RDWR | O_NOCTTY | O_NONBLOCK, 0);