From 4d4bd1f1c468a0c580ec2c2bff0dbd9b00fd106d Mon Sep 17 00:00:00 2001 From: "Andrey V.Kosteltsev" Date: Sat, 24 Sep 2022 21:18:00 +0300 Subject: UI create only users which can be added into admin, operator,user groups --- src/commands.c | 3 ++ src/main.c | 104 +++++++++++++++++++++++++++++++++++++++++---------------- 2 files changed, 79 insertions(+), 28 deletions(-) diff --git a/src/commands.c b/src/commands.c index 18d94aa..db26130 100644 --- a/src/commands.c +++ b/src/commands.c @@ -211,6 +211,7 @@ int com_ping( char *arg ) int com_useradd( char *arg ) { + /* temporary STUB. Should use busctl or REST */ if( !valid_argument( "useradd", arg ) ) return( 1 ); @@ -220,6 +221,7 @@ int com_useradd( char *arg ) int com_userdel( char *arg ) { + /* temporary STUB. Should use busctl or REST */ if( !valid_argument( "userdel", arg ) ) return( 1 ); @@ -229,6 +231,7 @@ int com_userdel( char *arg ) int com_userlist( char *arg ) { + /* temporary STUB. Should use busctl or REST */ if( !arg ) arg = ""; sprintf (syscom, "cat /etc/passwd | cut -f1 -d':' %s", arg); diff --git a/src/main.c b/src/main.c index 885883a..f6172b4 100644 --- a/src/main.c +++ b/src/main.c @@ -9,6 +9,7 @@ #include #include #include +#include #include #include @@ -24,6 +25,7 @@ char pwd[PATH_MAX], home[PATH_MAX]; static sigset_t blockmask; +int can_quit = 0; COMMAND top_admin_list[] = { { "help", com_help, "Display this text" }, @@ -39,7 +41,6 @@ COMMAND top_operator_list[] = { { "?", com_help, "Synonym for `help'" }, { "shell", com_shell, "Activate submenu shell" }, { "users", com_users, "Activate submenu users" }, - { "quit", com_quit, "Quit using SILA Shell" }, { (char *)NULL, (rl_icpfunc_t *)NULL, (char *)NULL } }; @@ -47,7 +48,6 @@ COMMAND top_user_list[] = { { "help", com_help, "Display this text" }, { "?", com_help, "Synonym for `help'" }, { "shell", com_shell, "Activate submenu shell" }, - { "quit", com_quit, "Quit using SILA Shell" }, { (char *)NULL, (rl_icpfunc_t *)NULL, (char *)NULL } }; @@ -88,7 +88,6 @@ COMMAND shell_operator_list[] = { { "more", com_more, "View the contents of FILE" }, { "vi", com_vi, "Edit the contents of text FILE" }, { "..", com_top, "Return to top menu" }, - { "quit", com_quit, "Quit using SILA Shell" }, { (char *)NULL, (rl_icpfunc_t *)NULL, (char *)NULL } }; @@ -107,7 +106,6 @@ COMMAND shell_user_list[] = { { "more", com_more, "View the contents of FILE" }, { "vi", com_vi, "Edit the contents of text FILE" }, { "..", com_top, "Return to top menu" }, - { "quit", com_quit, "Quit using SILA Shell" }, { (char *)NULL, (rl_icpfunc_t *)NULL, (char *)NULL } }; @@ -130,7 +128,6 @@ COMMAND users_operator_list[] = { { "useradd", com_useradd, "Register new user" }, { "userdel", com_userdel, "Delete user" }, { "..", com_top, "Return to top menu" }, - { "quit", com_quit, "Quit using SILA Shell" }, { (char *)NULL, (rl_icpfunc_t *)NULL, (char *)NULL } }; @@ -139,7 +136,6 @@ COMMAND users_user_list[] = { { "?", com_help, "Synonym for `help'" }, { "list", com_userlist, "List users" }, { "..", com_top, "Return to top menu" }, - { "quit", com_quit, "Quit using SILA Shell" }, { (char *)NULL, (rl_icpfunc_t *)NULL, (char *)NULL } }; @@ -149,43 +145,93 @@ COMMAND_LIST users; COMMAND_LIST *current; +enum priv { + ADMIN, + OPERATOR, + USER +}; + +enum priv user_privileges() +{ + enum priv ret = USER; + gid_t *groups = NULL; + int ng = 0; + uid_t uid = getuid(); + struct passwd *pw = getpwuid( uid ); + + if( !pw ) return ret; + + (void)getgrouplist( pw->pw_name, pw->pw_gid, NULL, &ng ); + /* allocate groups[] */ + if( ng == 0 ) + { + fprintf( stderr, "Cannot get user groups list\n" ); + exit( 1 ); + } + groups = (gid_t *)malloc( sizeof(gid_t)* ng ); + if( !groups ) + { + fprintf( stderr, "Cannot allocate memory\n" ); + exit( 1 ); + } + if( getgrouplist( pw->pw_name, pw->pw_gid, groups, &ng ) == -1 ) + { + free( groups ); + fprintf( stderr, "getgrouplist() returned -1; ngroups = %d\n", ng ); + exit( 1 ); + } + + for( int i = 0; i < ng; i++ ) + { + struct group *gr = getgrgid(groups[i]); + + if( gr ) + { + if( !strncmp( gr->gr_name, "priv-operator", 10 ) ) + ret = OPERATOR; + } + } + + for( int i = 0; i < ng; i++ ) + { + struct group *gr = getgrgid(groups[i]); + + if( gr ) + { + if( !strncmp( gr->gr_name, "priv-admin", 10 ) ) + ret = ADMIN; + } + } + + free( groups ); + + return ret; +} + void cmd_lists_init( gid_t gid ) { - gid_t admin_gid = 0, operator_gid = 0, user_gid = 0; - struct group *grp = NULL; - - grp = getgrnam( "priv-admin" ); - if( grp != NULL ) - admin_gid = grp->gr_gid; - grp = getgrnam( "priv-operator" ); - if( grp != NULL ) - operator_gid = grp->gr_gid; - grp = getgrnam( "priv-user" ); - if( grp != NULL ) - user_gid = grp->gr_gid; + enum priv privileges = USER; + + privileges = user_privileges(); top.name = "top"; shell.name = "shell"; users.name = "users"; - if( admin_gid != 0 && (gid == admin_gid || gid == 0) ) + if( privileges == ADMIN || gid == 0 ) { + can_quit = 1; + top.list = &top_admin_list[0]; shell.list = &shell_admin_list[0]; users.list = &users_admin_list[0]; } - else if( operator_gid != 0 && gid == operator_gid ) + else if( privileges == OPERATOR ) { top.list = &top_operator_list[0]; shell.list = &shell_operator_list[0]; users.list = &users_operator_list[0]; } - else if( user_gid != 0 && gid == user_gid ) - { - top.list = &top_user_list[0]; - shell.list = &shell_user_list[0]; - users.list = &users_user_list[0]; - } else { top.list = &top_user_list[0]; @@ -345,8 +391,10 @@ int main( int argc, char **argv ) if( !line ) { - //continue; /* for non-priviledged users */ - break; /* for admin */ + if( !can_quit ) + continue; /* for non-priviledged users */ + else + break; /* for admin */ } /* -- cgit v1.2.3