Add full support for determining if a user

is restricted from running a given program.

5 files changed, 101 insertions, 5 deletions

diff --git a/lib/libutil/Makefile b/lib/libutil/Makefile
index ae0a2e8..9185b62 100644
--- a/lib/libutil/Makefile
+++ b/lib/libutil/Makefile
@@ -7,10 +7,10 @@ CFLAGS+=-Wall -DLIBC_SCCS -I${.CURDIR} -I${.CURDIR}/../../sys
 #CFLAGS+=LOGIN_CAP_AUTH
 SRCS=	login.c login_tty.c logout.c logwtmp.c pty.c setproctitle.c \
 	login_cap.c login_class.c login_auth.c login_times.c login_ok.c \
-	_secure_path.c uucplock.c
+	_secure_path.c uucplock.c login_progok.c
 MAN3+=	login.3 login_tty.3 logout.3 logwtmp.3 pty.3 setproctitle.3 \
 	login_cap.3 login_class.3 login_times.3 login_ok.3 \
-	_secure_path.3 uucplock.3
+	_secure_path.3 uucplock.3 login_progok.3
 MAN5+=	login.conf.5
 MLINKS+= pty.3 openpty.3  pty.3 forkpty.3
 MLINKS+=login_cap.3 login_getclassbyname.3 login_cap.3 login_close.3 \
diff --git a/lib/libutil/libutil.h b/lib/libutil/libutil.h
index d6bb5de..62cc1e9 100644
--- a/lib/libutil/libutil.h
+++ b/lib/libutil/libutil.h
@@ -18,7 +18,7 @@
  * 5. Modifications may be freely made to this file providing the above
  *    conditions are met.
  *
- * $Id: libutil.h,v 1.9 1997/05/19 10:04:15 peter Exp $
+ * $Id: libutil.h,v 1.10 1997/08/10 18:42:38 ache Exp $
  */
 
 #ifndef _LIBUTIL_H_
@@ -45,6 +45,7 @@ const char *uu_lockerr __P((int _uu_lockresult));
 int	uu_lock __P((const char *_ttyname));
 int	uu_unlock __P((const char *_ttyname));
 int	_secure_path __P((const char *_path, uid_t _uid, gid_t _gid));
+int	login_progok __P((uid_t _uid, const char *prog));
 __END_DECLS
 
 #define UU_LOCK_INUSE (1)
diff --git a/lib/libutil/login.conf.5 b/lib/libutil/login.conf.5
index 8702191..8b2397e 100644
--- a/lib/libutil/login.conf.5
+++ b/lib/libutil/login.conf.5
@@ -17,7 +17,7 @@
 .\" 5. Modifications may be freely made to this file providing the above
 .\"    conditions are met.
 .\"
-.\" $Id: login.conf.5,v 1.9 1997/05/22 07:02:01 tg Exp $
+.\" $Id: login.conf.5,v 1.10 1997/08/26 23:15:57 brian Exp $
 .\"
 .Dd November 22, 1996
 .Dt LOGIN.CONF 5
@@ -217,6 +217,9 @@ disallowed.
 in the class may use for access.
 .It tty.deny	list		List of ttys and ttygroups which users
 in the class may not use for access.
+.It prog.allow	list		List of programs which users in the class
+may run irrespective of the contents of prog.deny.  Support for this option
+must be built into each program.
 .It prog.deny	list		List of programs which users in the class
 may not run.  Support for this option must be built into each program.
 .El
@@ -363,4 +366,5 @@ lists.
 .Xr getttyent 3 ,
 .Xr login_cap 3 ,
 .Xr login_class 3 ,
-.Xr ttys 5
+.Xr ttys 5 ,
+.Xr login_progok 3
diff --git a/lib/libutil/login_progok.3 b/lib/libutil/login_progok.3
new file mode 100644
index 0000000..3a0a533
--- /dev/null
+++ b/lib/libutil/login_progok.3
@@ -0,0 +1,52 @@
+.\"
+.\" $Id: login_ok.3,v 1.4 1997/02/22 15:08:22 peter Exp $
+.\"
+.Dd August 27, 1997
+.Os FreeBSD
+.Dt LOGIN_PROGOK 3
+.Sh NAME
+.Nm login_progok
+.Nd Check if the given program may be run.
+.Sh SYNOPSIS
+.Fd #include <sys/types.h>
+.Fd #include <libutil.h>
+.Ft int
+.Fn login_progok "uid_t uid" "const char *prog"
+.Pp
+Link with
+.Va -lutil
+on the
+.Xr cc 1
+command line.
+.Sh DESCRIPTION
+This function determines if the user has permission to run the given
+program, returning zero if permission is denied and one if permission
+is granted.  It should be used by programs that are setuid or for some
+reason cannot be easily rebuilt or modified by an ordinary user, allowing
+the system administrator to restrict access to certain programs in a
+generic fashion.
+.Pp
+Access to a program is granted by default.  In order to deny access,
+the users login class entry in
+.Xr login.conf 5
+must be set with a 
+.Em prog.deny
+capability that contains the program name.  Most programs will use an
+absolute path name to avoid conflicts.  No special matching is done.  The
+passed
+.Ar prog
+must match a list entry in
+.Xr login.conf 5
+exactly.
+.Pp
+The
+.Em prog.allow
+capability will override the
+.Em prog.deny
+capability, granting access to the program.  This allows flexability in
+setting up a hierarchical login class structure.
+.Pp
+.Sh RETURN VALUES
+The function returns 1 if the program may be run and 0 if it may not.
+.Sh SEE ALSO
+.Xr login.conf 5
diff --git a/lib/libutil/login_progok.c b/lib/libutil/login_progok.c
new file mode 100644
index 0000000..6ef2cf4
--- /dev/null
+++ b/lib/libutil/login_progok.c
@@ -0,0 +1,39 @@
+#include <sys/types.h>
+#include <login_cap.h>
+#include <pwd.h>
+#include <string.h>
+
+int
+login_progok(uid_t uid, const char *prog)
+{
+  login_cap_t *lc;
+  const struct passwd *pwd;
+  char **data;
+
+  pwd = getpwuid(uid);
+  if (!pwd)
+    return 0;			/* How did that happen ? - we can't run */
+
+  lc = login_getpwclass(pwd);
+  if (!lc)
+    return 1;			/* We're missing login.conf ? - we can run */
+
+  data = login_getcaplist(lc, "prog.allow", NULL);
+  if (data) 
+    for (; *data; data++)
+      if (!strcmp(*data, prog)) {
+        login_close(lc);
+	return 1;		/* We're in prog.allow - we can run */
+      }
+
+  data = login_getcaplist(lc, "prog.deny", NULL);
+  if (data) 
+    for (; *data; data++)
+      if (!strcmp(*data, prog)) {
+        login_close(lc);
+	return 0;		/* We're in prog.deny - we can't run */
+      }
+
+  login_close(lc);
+  return 1;			/* We're not mentioned anywhere - we can run */
+}