bbs/deb-mbse
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updates for running doors no-suid

Browse Source
This commit is contained in:
Michiel Broek 2001-10-17 12:04:51 +00:00
parent a1dc702c8a
commit f83287b51a
7 changed files with 347 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -4134,6 +4134,7 @@ v0.33.18 27-Jul-2001
Fixed a bug in the menu editor, deleted menus were not really
deleted.
Added setup items for the menu Display colors.
Added a no suid switch to the menu for doors.
mbcico:
Renamed sendfile function in zmsend.c to sendzfile to prevent a
@ -4153,6 +4154,10 @@ v0.33.18 27-Jul-2001
limit he may download unlimited.
When a user has no timelimit set in the limits, he will get
a 24 hours session limit.
The written door.sys file now has EOF character at the end.
The written door.sys file now has a : after the comport.
Executing doors in nosuid mode (as real user) is now possible.
The can be switched on using mbsetup.
mbuseradd:
Ported to work on FreeBSD.

381
config.h.in
View File

@ -1,84 +1,33 @@
/* config.h.in. Generated automatically from configure.in by autoheader. */
/* acconfig.h for the MBSE BBS package */
/* Define to empty if the keyword does not work. */
#undef const
/* Define to `int' if <sys/types.h> doesn't define. */
#undef gid_t
/* Define if you don't have vprintf but do have _doprnt. */
#undef HAVE_DOPRNT
/* Define if your system has a working fnmatch function. */
#undef HAVE_FNMATCH
/* Define if your struct stat has st_blksize. */
#undef HAVE_ST_BLKSIZE
/* Define if you have the strftime function. */
#undef HAVE_STRFTIME
/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
#undef HAVE_SYS_WAIT_H
/* Define if your struct tm has tm_zone. */
#undef HAVE_TM_ZONE
/* Define if you don't have tm_zone but do have the external array
tzname. */
#undef HAVE_TZNAME
/* Define if utime(file, NULL) sets file's timestamp to the present. */
#undef HAVE_UTIME_NULL
/* Define if you have <vfork.h>. */
#undef HAVE_VFORK_H
/* Define if you have the vprintf function. */
#undef HAVE_VPRINTF
/* Define to `int' if <sys/types.h> doesn't define. */
#undef mode_t
/* Define to `long' if <sys/types.h> doesn't define. */
#undef off_t
/* Define to `int' if <sys/types.h> doesn't define. */
#undef pid_t
/* Define as the return type of signal handlers (int or void). */
#undef RETSIGTYPE
/* Define if the `setpgrp' function takes no argument. */
#undef SETPGRP_VOID
/* Define to `unsigned' if <sys/types.h> doesn't define. */
#undef size_t
/* Define if the `S_IS*' macros in <sys/stat.h> do not work properly. */
#undef STAT_MACROS_BROKEN
/* Define if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define if your <sys/time.h> declares struct tm. */
#undef TM_IN_SYS_TIME
/* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t
/* Define vfork as fork if vfork does not work. */
#undef vfork
#define AUTHOR @COPYRIGHT@
/* Memory debugging */
#undef MEMWATCH
/* Has strcasestr function */
#undef HAVE_STRCASESTR
/* Has mkstemp function */
#undef HAVE_MKSTEMP
/* If you have gettimeofday function */
#undef HAVE_DECLARED_TIMEZONE
#undef HAVE_TM_GMTOFF
/* If you don't have pid_t */
#undef DONT_HAVE_PID_T
/* Believe ZFIN */
#undef BELEIVE_ZFIN
/* NOPROTO in lhash.h ??? */
#undef NOPROTO
/* No Hash Comp function */
#undef NO_HASH_COMP
/* News postings */
#undef RESTAMP_FUTURE_POSTINGS
#undef RESTAMP_OLD_POSTINGS
@ -107,127 +56,164 @@
#undef PAM
#undef SW_CRYPT
/* Define if you have the a64l function. */
/* That's it */
/* Define if you have the `a64l' function. */
#undef HAVE_A64L
/* Define if you have the c64i function. */
/* Define if you have the `c64i' function. */
#undef HAVE_C64I
/* Define if you have the fchmod function. */
#undef HAVE_FCHMOD
/* Define if you have the fchown function. */
#undef HAVE_FCHOWN
/* Define if you have the fdatasync function. */
#undef HAVE_FDATASYNC
/* Define if you have the fsync function. */
#undef HAVE_FSYNC
/* Define if you have the getcwd function. */
#undef HAVE_GETCWD
/* Define if you have the gethostname function. */
#undef HAVE_GETHOSTNAME
/* Define if you have the gettimeofday function. */
#undef HAVE_GETTIMEOFDAY
/* Define if you have the getwd function. */
#undef HAVE_GETWD
/* Define if you have the lckpwdf function. */
#undef HAVE_LCKPWDF
/* Define if you have the mkdir function. */
#undef HAVE_MKDIR
/* Define if you have the mkstemp function. */
#undef HAVE_MKSTEMP
/* Define if you have the mktime function. */
#undef HAVE_MKTIME
/* Define if you have the putenv function. */
#undef HAVE_PUTENV
/* Define if you have the putpwent function. */
#undef HAVE_PUTPWENT
/* Define if you have the re_comp function. */
#undef HAVE_RE_COMP
/* Define if you have the regcmp function. */
#undef HAVE_REGCMP
/* Define if you have the regcomp function. */
#undef HAVE_REGCOMP
/* Define if you have the rmdir function. */
#undef HAVE_RMDIR
/* Define if you have the select function. */
#undef HAVE_SELECT
/* Define if you have the socket function. */
#undef HAVE_SOCKET
/* Define if you have the strcasestr function. */
#undef HAVE_STRCASESTR
/* Define if you have the strcspn function. */
#undef HAVE_STRCSPN
/* Define if you have the strdup function. */
#undef HAVE_STRDUP
/* Define if you have the strerror function. */
#undef HAVE_STRERROR
/* Define if you have the strspn function. */
#undef HAVE_STRSPN
/* Define if you have the strstr function. */
#undef HAVE_STRSTR
/* Define if you have the strtol function. */
#undef HAVE_STRTOL
/* Define if you have the strtoul function. */
#undef HAVE_STRTOUL
/* Define if you have the uname function. */
#undef HAVE_UNAME
/* Define if you have the <crypt.h> header file. */
#undef HAVE_CRYPT_H
/* Define if you have the <dirent.h> header file. */
/* Define if you have the <dirent.h> header file, and it defines `DIR'. */
#undef HAVE_DIRENT_H
/* Define if you don't have `vprintf' but do have `_doprnt.' */
#undef HAVE_DOPRNT
/* Define if you have the `fchmod' function. */
#undef HAVE_FCHMOD
/* Define if you have the `fchown' function. */
#undef HAVE_FCHOWN
/* Define if you have the <fcntl.h> header file. */
#undef HAVE_FCNTL_H
/* Define if you have the `fdatasync' function. */
#undef HAVE_FDATASYNC
/* Define if your system has a working `fnmatch' function. */
#undef HAVE_FNMATCH
/* Define if you have the `fsync' function. */
#undef HAVE_FSYNC
/* Define if you have the `getcwd' function. */
#undef HAVE_GETCWD
/* Define if you have the `gethostname' function. */
#undef HAVE_GETHOSTNAME
/* Define if you have the `gettimeofday' function. */
#undef HAVE_GETTIMEOFDAY
/* Define if you have the `getwd' function. */
#undef HAVE_GETWD
/* Define if you have the <gshadow.h> header file. */
#undef HAVE_GSHADOW_H
/* Define if you have the <inttypes.h> header file. */
#undef HAVE_INTTYPES_H
/* Define if you have the `lckpwdf' function. */
#undef HAVE_LCKPWDF
/* Define if you have the <malloc.h> header file. */
#undef HAVE_MALLOC_H
/* Define if you have the <ndir.h> header file. */
/* Define if you have the <memory.h> header file. */
#undef HAVE_MEMORY_H
/* Define if you have the `mkdir' function. */
#undef HAVE_MKDIR
/* Define if you have the `mkstemp' function. */
#undef HAVE_MKSTEMP
/* Define if you have the `mktime' function. */
#undef HAVE_MKTIME
/* Define if you have the <ndir.h> header file, and it defines `DIR'. */
#undef HAVE_NDIR_H
/* Define if you have the <netinet/in.h> header file. */
#undef HAVE_NETINET_IN_H
/* Define if you have the `putenv' function. */
#undef HAVE_PUTENV
/* Define if you have the `putpwent' function. */
#undef HAVE_PUTPWENT
/* Define if you have the `regcmp' function. */
#undef HAVE_REGCMP
/* Define if you have the `regcomp' function. */
#undef HAVE_REGCOMP
/* Define if you have the <regex.h> header file. */
#undef HAVE_REGEX_H
/* Define if you have the `re_comp' function. */
#undef HAVE_RE_COMP
/* Define if you have the `rmdir' function. */
#undef HAVE_RMDIR
/* Define if you have the `select' function. */
#undef HAVE_SELECT
/* Define if you have the <shadow.h> header file. */
#undef HAVE_SHADOW_H
/* Define if you have the <sys/dir.h> header file. */
/* Define if you have the `socket' function. */
#undef HAVE_SOCKET
/* Define if you have the <stdlib.h> header file. */
#undef HAVE_STDLIB_H
/* Define if you have the `strcasestr' function. */
#undef HAVE_STRCASESTR
/* Define if you have the `strcspn' function. */
#undef HAVE_STRCSPN
/* Define if you have the `strdup' function. */
#undef HAVE_STRDUP
/* Define if you have the `strerror' function. */
#undef HAVE_STRERROR
/* Define if you have the `strftime' function. */
#undef HAVE_STRFTIME
/* Define if you have the <strings.h> header file. */
#undef HAVE_STRINGS_H
/* Define if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define if you have the `strspn' function. */
#undef HAVE_STRSPN
/* Define if you have the `strstr' function. */
#undef HAVE_STRSTR
/* Define if you have the `strtol' function. */
#undef HAVE_STRTOL
/* Define if you have the `strtoul' function. */
#undef HAVE_STRTOUL
/* Define if `st_blksize' is member of `struct stat'. */
#undef HAVE_STRUCT_STAT_ST_BLKSIZE
/* Define if `tm_zone' is member of `struct tm'. */
#undef HAVE_STRUCT_TM_TM_ZONE
/* Define if your `struct stat' has `st_blksize'. Deprecated, use
`HAVE_STRUCT_STAT_ST_BLKSIZE' instead. */
#undef HAVE_ST_BLKSIZE
/* Define if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
/* Define if you have the <sys/dir.h> header file, and it defines `DIR'. */
#undef HAVE_SYS_DIR_H
/* Define if you have the <sys/file.h> header file. */
@ -236,7 +222,7 @@
/* Define if you have the <sys/ioctl.h> header file. */
#undef HAVE_SYS_IOCTL_H
/* Define if you have the <sys/ndir.h> header file. */
/* Define if you have the <sys/ndir.h> header file, and it defines `DIR'. */
#undef HAVE_SYS_NDIR_H
/* Define if you have the <sys/resource.h> header file. */
@ -248,15 +234,26 @@
/* Define if you have the <sys/vfs.h> header file. */
#undef HAVE_SYS_VFS_H
/* Define if you have the <syslog.h> header file. */
#undef HAVE_SYSLOG_H
/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
#undef HAVE_SYS_WAIT_H
/* Define if you have the <termios.h> header file. */
#undef HAVE_TERMIOS_H
/* Define if your `struct tm' has `tm_zone'. Deprecated, use
`HAVE_STRUCT_TM_TM_ZONE' instead. */
#undef HAVE_TM_ZONE
/* Define if you don't have `tm_zone' but do have the external array `tzname'.
*/
#undef HAVE_TZNAME
/* Define if you have the <ulimit.h> header file. */
#undef HAVE_ULIMIT_H
/* Define if you have the `uname' function. */
#undef HAVE_UNAME
/* Define if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
@ -266,9 +263,59 @@
/* Define if you have the <utime.h> header file. */
#undef HAVE_UTIME_H
/* Define if `utime(file, NULL)' sets file's timestamp to the present. */
#undef HAVE_UTIME_NULL
/* Define if you have the <vfork.h> header file. */
#undef HAVE_VFORK_H
/* Define if you have the `vprintf' function. */
#undef HAVE_VPRINTF
/* Name of package */
#undef PACKAGE
/* Define as the return type of signal handlers (`int' or `void'). */
#undef RETSIGTYPE
/* Define if the `setpgrp' function takes no argument. */
#undef SETPGRP_VOID
/* Define if the `S_IS*' macros in <sys/stat.h> do not work properly. */
#undef STAT_MACROS_BROKEN
/* Define if you have the ANSI C header files. */
#undef STDC_HEADERS
/* Define if you can safely include both <sys/time.h> and <time.h>. */
#undef TIME_WITH_SYS_TIME
/* Define if your <sys/time.h> declares `struct tm'. */
#undef TM_IN_SYS_TIME
/* Version number of package */
#undef VERSION
/* Define to empty if `const' does not conform to ANSI C. */
#undef const
/* Define to `int' if <sys/types.h> doesn't define. */
#undef gid_t
/* Define to `int' if <sys/types.h> does not define. */
#undef mode_t
/* Define to `long' if <sys/types.h> does not define. */
#undef off_t
/* Define to `int' if <sys/types.h> does not define. */
#undef pid_t
/* Define to `unsigned' if <sys/types.h> does not define. */
#undef size_t
/* Define to `int' if <sys/types.h> doesn't define. */
#undef uid_t
/* Define as `fork' if `vfork' does not work. */
#undef vfork

5
lib/structs.h
View File

@ -2,7 +2,7 @@
*
* File ..................: structs.h
* Purpose ...............: MBSE BBS Global structure
* Last modification date : 26-Sep-2001
* Last modification date : 17-Oct-2001
*
*****************************************************************************
* Copyright (C) 1997-2001
@ -602,7 +602,7 @@ struct sysconfig {
char bbs_menus[65]; /* Default Menus */
char bbs_txtfiles[65]; /* Default Textfiles */
char nntpnode[65]; /* NNTP server */
char xbbs_filebase[65];
char msgs_path[65]; /* Path to *.msg area */
char xbbs_language[65];
char req_magic[65]; /* Request magic directory */
char bbs_usersdir[65]; /* Users Home Dir Base */
@ -902,6 +902,7 @@ struct menufile {
unsigned NoDoorsys : 1; /* Suppress door.sys */
unsigned Y2Kdoorsys : 1; /* Write Y2K style door.sys */
unsigned Comport : 1; /* Vmodem compart mode */
unsigned NoSuid : 1; /* Execute door nosuid */
long Credit; /* Credit needed */
int HiForeGnd; /* High ForeGround color */
int HiBackGnd; /* High ForeGround color */

72
mbsebbs/funcs.c
View File

@ -2,7 +2,7 @@
*
* File ..................: bbs/funcs.c
* Purpose ...............: Misc functions
* Last modification date : 28-Jun-2001
* Last modification date : 17-Oct-2001
*
*****************************************************************************
* Copyright (C) 1997-2001
@ -52,6 +52,7 @@
extern long ActiveMsgs;
extern time_t t_start;
extern int e_pid;
@ -277,7 +278,7 @@ char *Rdate(char *ind, int Y2K)
/*
* Function will run a external program or door
*/
void ExtDoor(char *Program, int NoDoorsys, int Y2Kdoorsys, int Comport)
void ExtDoor(char *Program, int NoDoorsys, int Y2Kdoorsys, int Comport, int NoSuid)
{
char *String, *String1;
int i, rc;
@ -331,11 +332,11 @@ void ExtDoor(char *Program, int NoDoorsys, int Y2Kdoorsys, int Comport)
WriteError("$Can't create %s", temp1);
} else {
if (Comport) {
fprintf(fp, "COM1\r\n"); /* COM port */
fprintf(fp, "COM1:\r\n"); /* COM port */
fprintf(fp, "115200\r\n");/* Effective baudrate */
} else {
fprintf(fp, "COM0\r\n");/* COM port */
fprintf(fp, "COM0:\r\n");/* COM port */
fprintf(fp, "0\r\n"); /* Effective baudrate */
}
fprintf(fp, "8\r\n"); /* Databits */
@ -390,13 +391,16 @@ void ExtDoor(char *Program, int NoDoorsys, int Y2Kdoorsys, int Comport)
fprintf(fp, "%ld\r\n", exitinfo.DownloadK);
fprintf(fp, "%s\r\n", exitinfo.sComment);
fprintf(fp, "0\r\n"); /* Always 0 */
fprintf(fp, "%d\r\n", exitinfo.iPosted);
fprintf(fp, "%d\r\n\032", exitinfo.iPosted);
fclose(fp);
}
}
clear();
printf("Loading ...\n\n");
if (NoSuid)
rc = exec_nosuid(Program);
else
rc = execute((char *)"/bin/sh", (char *)"-c", Program, NULL, NULL, NULL);
Altime(0);
@ -411,6 +415,64 @@ void ExtDoor(char *Program, int NoDoorsys, int Y2Kdoorsys, int Comport)
/*
* Execute a door as real user, not suid.
*/
int exec_nosuid(char *mandato)
{
int rc, status;
pid_t pid;
if (mandato == NULL)
return 1; /* Prevent running a shell */
Syslog('+', "Execve: /bin/sh -c %s", mandato);
pid = fork();
if (pid == -1)
return 1;
if (pid == 0) {
char *argv[4];
argv[0] = (char *)"sh";
argv[1] = (char *)"-c";
argv[2] = mandato;
argv[3] = 0;
execve("/bin/sh", argv, environ);
exit(127);
}
e_pid = pid;
do {
rc = waitpid(pid, &status, 0);
e_pid = 0;
} while (((rc > 0) && (rc != pid)) || ((rc == -1) && (errno == EINTR)));
switch(rc) {
case -1:
WriteError("$Waitpid returned %d, status %d,%d", rc,status>>8,status&0xff);
return -1;
case 0:
return 0;
default:
if (WIFEXITED(status)) {
rc = WEXITSTATUS(status);
if (rc) {
WriteError("Exec_nosuid: returned error %d", rc);
return rc;
}
}
if (WIFSIGNALED(status)) {
rc = WTERMSIG(status);
WriteError("Wait stopped on signal %d", rc);
return rc;
}
if (rc)
WriteError("Wait stopped unknown, rc=%d", rc);
return rc;
}
return 0;
}
/*
* Function will display textfile in either ansi or ascii and
* display control codes if they exist.

3
mbsebbs/funcs.h
View File

@ -6,7 +6,8 @@
int Access(securityrec, securityrec); /* Check security access */
void UserList(char *); /* Get complete users list */
void TimeStats(void); /* Get users Time Statistics */
void ExtDoor(char *, int, int, int); /* Run external door */
void ExtDoor(char *, int, int, int, int); /* Run external door */
int exec_nosuid(char *); /* Execute as real user */
int DisplayFile(char *); /* Display .ans/.asc textfile */
int DisplayFileEnter(char *); /* Display .ans/.asc wait for Enter */
int CheckFile(char *, int); /* Check for Dupe file in Database */

4
mbsebbs/menu.c
View File

@ -2,7 +2,7 @@
*
* File ..................: bbs/menu.c
* Purpose ...............: Display and handle the menus.
* Last modification date : 27-Sep-2001
* Last modification date : 17-Oct-2001
*
*****************************************************************************
* Copyright (C) 1997-2001
@ -323,7 +323,7 @@ void DoMenu(int Type)
case 7:
/* Run external program */
ExtDoor(menus.OptionalData, menus.NoDoorsys, menus.Y2Kdoorsys, menus.Comport);
ExtDoor(menus.OptionalData, menus.NoDoorsys, menus.Y2Kdoorsys, menus.Comport, menus.NoSuid);
break;
case 8:

28
mbsetup/m_menu.c
View File

@ -2,7 +2,7 @@
*
* File ..................: mbsetup/m_menu.c
* Purpose ...............: Edit BBS menus
* Last modification date : 26-Sep-2001
* Last modification date : 17-Oct-2001
*
*****************************************************************************
* Copyright (C) 1997-2001
@ -113,9 +113,10 @@ void Show_A_Menu(void)
mvprintw(18, 2, "11. Hi-colors");
mvprintw(15,42, "12. Autoexec");
if (menus.MenuType == 7) {
mvprintw(16,42, "13. No door.sys");
mvprintw(17,42, "14. Y2K style");
mvprintw(18,42, "15. Use Comport");
mvprintw(15,42, "13. No door.sys");
mvprintw(16,42, "14. Y2K style");
mvprintw(17,42, "15. Use Comport");
mvprintw(18,42, "16. Run nosuid");
}
set_color(WHITE, BLACK);
@ -138,9 +139,10 @@ void Show_A_Menu(void)
set_color(WHITE, BLACK);
show_bool(15,58, menus.AutoExec);
if (menus.MenuType == 7) {
show_bool(16,58, menus.NoDoorsys);
show_bool(17,58, menus.Y2Kdoorsys);
show_bool(18,58, menus.Comport);
show_bool(15,58, menus.NoDoorsys);
show_bool(16,58, menus.Y2Kdoorsys);
show_bool(17,58, menus.Comport);
show_bool(18,58, menus.NoSuid);
}
}
@ -211,7 +213,7 @@ void Edit_A_Menu(void)
Show_A_Menu();
for (;;) {
switch(select_menu(15)) {
switch(select_menu(16)) {
case 0: return;
break;
case 1: E_UPS( 7,16, 1, menus.MenuKey, "The ^key^ to select this menu item")
@ -238,15 +240,19 @@ void Edit_A_Menu(void)
break;
case 12:E_BOOL(15,58, menus.AutoExec, "Is this an ^Autoexecute^ menu item")
case 13:if (menus.MenuType == 7) {
E_BOOL(16,58, menus.NoDoorsys, "Suppress writing ^door.sys^ dropfile")
E_BOOL(15,58, menus.NoDoorsys, "Suppress writing ^door.sys^ dropfile")
} else
break;
case 14:if (menus.MenuType == 7) {
E_BOOL(17,58, menus.Y2Kdoorsys, "Create ^door.sys^ with 4 digit yearnumbers")
E_BOOL(16,58, menus.Y2Kdoorsys, "Create ^door.sys^ with 4 digit yearnumbers")
} else
break;
case 15:if (menus.MenuType == 7) {
E_BOOL(18,58, menus.Comport, "Write real ^COM port^ in door.sys for Vmodem patch")
E_BOOL(17,58, menus.Comport, "Write real ^COM port^ in door.sys for Vmodem patch")
} else
break;
case 16:if (menus.MenuType == 7) {
E_BOOL(18,58, menus.NoSuid, "Run the door as ^real user (nosuid)^")
} else
break;
}