|
|
|
@ -1,4 +1,4 @@
|
|
|
|
//Copyright 2007 Calculate Pack, http://www.calculate-linux.ru
|
|
|
|
// Copyright 2007-2010 Mir Calculate Ltd. http://www.calculate-linux.org
|
|
|
|
//
|
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
@ -16,33 +16,33 @@
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
|
|
|
|
// для пароля
|
|
|
|
// for password
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
|
|
|
|
|
|
|
|
// для strcpy strlen
|
|
|
|
// for strcpy strlen
|
|
|
|
#include <string.h>
|
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
|
|
// для работы с ключами
|
|
|
|
// for keystore kernel
|
|
|
|
#include <keyutils.h>
|
|
|
|
#include <keyutils.h>
|
|
|
|
|
|
|
|
|
|
|
|
//Статистика файла
|
|
|
|
// for statistics file
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
|
|
|
|
|
|
|
int main( int argc, const char* argv[] )
|
|
|
|
int main( int argc, const char* argv[] )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
// идентификатор пользователя
|
|
|
|
// user id and gid
|
|
|
|
uid_t uid, gid;
|
|
|
|
uid_t uid, gid;
|
|
|
|
int ret;
|
|
|
|
int ret;
|
|
|
|
int rez1,rez2;
|
|
|
|
int rez1,rez2;
|
|
|
|
void *buffer;
|
|
|
|
void *buffer;
|
|
|
|
if (argc==1)
|
|
|
|
if (argc==1)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
// получаем id и группу пользователя
|
|
|
|
// get user id and gid
|
|
|
|
uid = getuid();
|
|
|
|
uid = getuid();
|
|
|
|
gid = getgid();
|
|
|
|
gid = getgid();
|
|
|
|
//Устанавливаем права пользователя на этот процесс
|
|
|
|
// set user id and gid for the process
|
|
|
|
rez1 = setgid(gid);
|
|
|
|
rez1 = setgid(gid);
|
|
|
|
rez2 = setuid(uid);
|
|
|
|
rez2 = setuid(uid);
|
|
|
|
if (rez1==-1||rez2==-1)
|
|
|
|
if (rez1==-1||rez2==-1)
|
|
|
|
@ -50,14 +50,14 @@ int main( int argc, const char* argv[] )
|
|
|
|
printf ("exec not SUID root\n");
|
|
|
|
printf ("exec not SUID root\n");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
// ищем номер пользовательского ключа
|
|
|
|
// find user key in keystore
|
|
|
|
ret = request_key("user", "tmp", NULL, 0);
|
|
|
|
ret = request_key("user", "tmp", NULL, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
if (ret < 0)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
printf ("id_key not found\n");
|
|
|
|
printf ("id_key not found\n");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
// Возвращаем значение ключа
|
|
|
|
// get user key
|
|
|
|
int retf;
|
|
|
|
int retf;
|
|
|
|
retf = keyctl_read_alloc(ret, &buffer);
|
|
|
|
retf = keyctl_read_alloc(ret, &buffer);
|
|
|
|
if (retf < 0)
|
|
|
|
if (retf < 0)
|
|
|
|
@ -65,12 +65,12 @@ int main( int argc, const char* argv[] )
|
|
|
|
printf("error keyctl_read_alloc\n");
|
|
|
|
printf("error keyctl_read_alloc\n");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
printf ("%s",buffer);
|
|
|
|
printf ("%s", (char*) buffer);
|
|
|
|
buffer = "XXXXXXXX";
|
|
|
|
buffer = "XXXXXXXX";
|
|
|
|
key_serial_t dest;
|
|
|
|
key_serial_t dest;
|
|
|
|
// Получаем id пользовательског ключа
|
|
|
|
// get id user key
|
|
|
|
dest = KEY_SPEC_USER_SESSION_KEYRING;
|
|
|
|
dest = KEY_SPEC_USER_SESSION_KEYRING;
|
|
|
|
// записываем ключ в пространство user
|
|
|
|
// write key in user space
|
|
|
|
ret = add_key("user", "tmp", buffer, strlen(buffer), dest);
|
|
|
|
ret = add_key("user", "tmp", buffer, strlen(buffer), dest);
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
exit(EXIT_SUCCESS);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
@ -80,7 +80,7 @@ int main( int argc, const char* argv[] )
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// получаем id и группу пользователя
|
|
|
|
// get user id and gid
|
|
|
|
uid = getuid();
|
|
|
|
uid = getuid();
|
|
|
|
gid = getgid();
|
|
|
|
gid = getgid();
|
|
|
|
|
|
|
|
|
|
|
|
@ -89,7 +89,7 @@ int main( int argc, const char* argv[] )
|
|
|
|
char * prog_sring[10];
|
|
|
|
char * prog_sring[10];
|
|
|
|
int count_prog =10;
|
|
|
|
int count_prog =10;
|
|
|
|
|
|
|
|
|
|
|
|
// идентификатор и путь к программе
|
|
|
|
// identifiers and paths to programs
|
|
|
|
prog_name[0] = "rdesktop";
|
|
|
|
prog_name[0] = "rdesktop";
|
|
|
|
prog_path[0] = "/usr/bin/rdesktop";
|
|
|
|
prog_path[0] = "/usr/bin/rdesktop";
|
|
|
|
prog_sring[0] = "";
|
|
|
|
prog_sring[0] = "";
|
|
|
|
@ -120,9 +120,9 @@ int main( int argc, const char* argv[] )
|
|
|
|
prog_name[9] = "rdesktop9";
|
|
|
|
prog_name[9] = "rdesktop9";
|
|
|
|
prog_path[9] = "/usr/bin/rdesktop";
|
|
|
|
prog_path[9] = "/usr/bin/rdesktop";
|
|
|
|
prog_sring[9] = "/usr/bin/kstart --window=.* --desktop=9";
|
|
|
|
prog_sring[9] = "/usr/bin/kstart --window=.* --desktop=9";
|
|
|
|
// путь к выполняемой программе
|
|
|
|
// path to the running program
|
|
|
|
char * str_prog = NULL;
|
|
|
|
char * str_prog = NULL;
|
|
|
|
// В случае kstart
|
|
|
|
// if kstart
|
|
|
|
char * str_prog_ks = NULL;
|
|
|
|
char * str_prog_ks = NULL;
|
|
|
|
|
|
|
|
|
|
|
|
int i;
|
|
|
|
int i;
|
|
|
|
@ -145,7 +145,7 @@ int main( int argc, const char* argv[] )
|
|
|
|
struct stat bufS;
|
|
|
|
struct stat bufS;
|
|
|
|
int res;
|
|
|
|
int res;
|
|
|
|
int fd;
|
|
|
|
int fd;
|
|
|
|
// Права файла на которые его проверяем
|
|
|
|
// file permissions for check
|
|
|
|
int mode_file = 33261;
|
|
|
|
int mode_file = 33261;
|
|
|
|
fd = open(str_prog, O_RDONLY);
|
|
|
|
fd = open(str_prog, O_RDONLY);
|
|
|
|
res = fstat(fd,&bufS);
|
|
|
|
res = fstat(fd,&bufS);
|
|
|
|
@ -158,7 +158,7 @@ int main( int argc, const char* argv[] )
|
|
|
|
printf("No open file %s\n",str_prog);
|
|
|
|
printf("No open file %s\n",str_prog);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
// Сравнение прав и владельца исполняемого файла с образцом
|
|
|
|
// comparison of permissions and owner of the executable file with the sample
|
|
|
|
if (bufS.st_mode == mode_file && bufS.st_uid == 0 && bufS.st_gid == 0)
|
|
|
|
if (bufS.st_mode == mode_file && bufS.st_uid == 0 && bufS.st_gid == 0)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
struct passwd *pwd = getpwuid (uid);
|
|
|
|
struct passwd *pwd = getpwuid (uid);
|
|
|
|
@ -166,12 +166,12 @@ int main( int argc, const char* argv[] )
|
|
|
|
{
|
|
|
|
{
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
// Получение имени пользователя
|
|
|
|
// get user name
|
|
|
|
char *login;
|
|
|
|
char *login;
|
|
|
|
login = (char*) malloc (strlen(pwd->pw_name)+1);
|
|
|
|
login = (char*) malloc (strlen(pwd->pw_name)+1);
|
|
|
|
strcpy (login,pwd->pw_name);
|
|
|
|
strcpy (login,pwd->pw_name);
|
|
|
|
|
|
|
|
|
|
|
|
//устанавливаем права рута
|
|
|
|
// set permissions root
|
|
|
|
rez1 = setgid(0);
|
|
|
|
rez1 = setgid(0);
|
|
|
|
rez2 = setuid(0);
|
|
|
|
rez2 = setuid(0);
|
|
|
|
|
|
|
|
|
|
|
|
@ -182,7 +182,7 @@ int main( int argc, const char* argv[] )
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
int ret;
|
|
|
|
int ret;
|
|
|
|
// ищем номер пользовательского ключа
|
|
|
|
// find user key in keystore
|
|
|
|
ret = request_key("user", login, NULL, 0);
|
|
|
|
ret = request_key("user", login, NULL, 0);
|
|
|
|
if (ret < 0)
|
|
|
|
if (ret < 0)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@ -190,14 +190,14 @@ int main( int argc, const char* argv[] )
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// Возвращаем значение ключа
|
|
|
|
// get user key
|
|
|
|
ret = keyctl_read_alloc(ret, &buffer);
|
|
|
|
ret = keyctl_read_alloc(ret, &buffer);
|
|
|
|
if (ret < 0)
|
|
|
|
if (ret < 0)
|
|
|
|
{
|
|
|
|
{
|
|
|
|
printf("error keyctl_read_alloc\n");
|
|
|
|
printf("error keyctl_read_alloc\n");
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
//Устанавливаем права пользователя на этот процесс
|
|
|
|
// set user id and gid for the process
|
|
|
|
rez1 = setgid(gid);
|
|
|
|
rez1 = setgid(gid);
|
|
|
|
rez2 = setuid(uid);
|
|
|
|
rez2 = setuid(uid);
|
|
|
|
if (rez1==-1||rez2==-1)
|
|
|
|
if (rez1==-1||rez2==-1)
|
|
|
|
@ -206,14 +206,13 @@ int main( int argc, const char* argv[] )
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
exit(EXIT_FAILURE);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
key_serial_t dest;
|
|
|
|
key_serial_t dest;
|
|
|
|
// Получаем id пользовательског ключа
|
|
|
|
// get id user key
|
|
|
|
dest = KEY_SPEC_USER_SESSION_KEYRING;
|
|
|
|
dest = KEY_SPEC_USER_SESSION_KEYRING;
|
|
|
|
//printf("DEST=%d\n",dest);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// записываем ключ в пространство user
|
|
|
|
// write key in user space
|
|
|
|
ret = add_key("user", "tmp", buffer, strlen(buffer), dest);
|
|
|
|
ret = add_key("user", "tmp", buffer, strlen(buffer), dest);
|
|
|
|
//printf("RET=%d\n",ret);
|
|
|
|
|
|
|
|
//Распределяем память и создаем строку запуска
|
|
|
|
// allocate memory and create a line running
|
|
|
|
char *buff;
|
|
|
|
char *buff;
|
|
|
|
if (str_prog_ks == "")
|
|
|
|
if (str_prog_ks == "")
|
|
|
|
{
|
|
|
|
{
|
|
|
|
@ -227,7 +226,7 @@ int main( int argc, const char* argv[] )
|
|
|
|
buff = (char*) malloc (strlen(str_prog_ks)+strlen(com)+strlen(buffer)+strlen(str_prog)+strlen(argv[2])+1);
|
|
|
|
buff = (char*) malloc (strlen(str_prog_ks)+strlen(com)+strlen(buffer)+strlen(str_prog)+strlen(argv[2])+1);
|
|
|
|
sprintf (buff, com, str_prog_ks, str_prog, argv[2]);
|
|
|
|
sprintf (buff, com, str_prog_ks, str_prog, argv[2]);
|
|
|
|
};
|
|
|
|
};
|
|
|
|
//Выполнение программы
|
|
|
|
// running program
|
|
|
|
system(buff);
|
|
|
|
system(buff);
|
|
|
|
free(login);
|
|
|
|
free(login);
|
|
|
|
free (buff);
|
|
|
|
free (buff);
|
|
|
|
|
Самоукин Алексей
14 years ago