Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!uunet!seismo!sundc!hqda-ai!icus!lenny
From: lenny@icus.UUCP
Newsgroups: unix-pc.sources,comp.sys.att
Subject: sudo.c (source) - Command as the superuser.
Message-ID: <48@icus.UUCP>
Date: Fri, 20-Nov-87 00:07:11 EST
Article-I.D.: icus.48
Posted: Fri Nov 20 00:07:11 1987
Date-Received: Sun, 22-Nov-87 10:03:59 EST
Organization: ICUS Computer Group, Islip, NY
Lines: 148
Keywords: root, priviledged, protected
Xref: utgpu unix-pc.sources:4 comp.sys.att:1586

** PLEASE NO FLAMES **

Use this program as a responsible person.  If you are not, have some
sort of security problem, or don't want to give out root access to
anyone but root, *DON'T* use this program.  

This program was intended to be like the sudo command developed
at SUNY at Buffalo (sunybcs).  It gives root access to a user without
using the root password.  As a security measure the list of users are
located in a file called: /usr/adm/su.allow which should be protected
with a 400 mode.  The file should contain a list of users separated by
a carriage return <CR>.   

sudo should be protected with a 4511 mode and owned by root.

sudo LOGS ALL attempts, whether successful or non-successful to
/usr/adm/sulog.    Only the 1st argument of the command gets logged
to the file (argv[0] = program name) but this can be changed to
fit your needs.

Usage:  sudo [-r] command

[-r]     gives sets the uid to 0, and group to 1 (really root)
default  sets the effective uid of the command to root.

Examples:       Root shell can be gotten with the command:  
		sudo sh		(effective uid is root)
		sudo -r sh	(really root)

WARNING:  Be careful in giving out root access to just anyone.

I'm sure this could be written better, but it does the job.

---- cut here ---- cut here ---- cut here ---- cut here ----

/***********************************************************************
 *	Program Name:	sudo
 *	Author:		Lenny Tropiano
 *			(c)1986 ICUS Computer Group
 *	Date:		December 20, 1986 
 *
 *
 *		Will check /usr/adm/su.allow for your logname and
 *	will give you "root" permissions for a given command on line.
 *
 **********************************************************************/

#include <stdio.h>
#include <time.h>

extern	char	**environ;

main(argc,argv,envp)
	int	argc;
	char	*argv[];
	char	*envp[];
{
	FILE	*fp, *logfp;
	register int	i, x;
	short	rootid;
	struct	tm	*today;
	long	*clock, tresult;
	char	username[L_cuserid + 1], 
		buffer[L_cuserid + 1], 
		tty[L_ctermid + 1];
	char	runprog[25], program[25], *fgets(), *ttyname(), *getlogin();

	tresult = time((long *) 0);
	clock = &tresult;
	today = localtime(clock);
	today->tm_mon++;

	if (argc < 2) {
		fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
		exit(1);
	}

	if (strncmp(argv[1],"-r",2) == 0) {
		if (argc < 3) {
			fprintf(stderr,"usage: %s [-r] command\n",argv[0]);
			exit(1);
		}
		rootid = 1;
	} else
		rootid = 0;

	if ((logfp = fopen("/usr/adm/sulog","a")) == NULL) {
		fprintf(stderr,"error: cannot open /usr/adm/sulog file\n");
		perror("sudo");
		exit(1);
	}

	if ((fp = fopen("/usr/adm/su.allow","r")) == NULL) {
		fprintf(stderr,"error: cannot open /usr/adm/su.allow file\n");
		perror("sudo");
		exit(1);
	}


	x=0;
	for (i=(rootid + 1);i<argc+1;i++)  
		argv[x++] = argv[i];

	sscanf(ttyname(0),"%*c%*c%*c%*c%*c%s", tty);
	sprintf(username,"%s",getlogin());

	while (fgets(buffer,L_cuserid,fp) != NULL) {
		if (strncmp(buffer,username,strlen(username)) == 0) {
			fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d + %s %s %c(%s)\n",
				today->tm_mon, today->tm_mday,
				today->tm_hour, today->tm_min,
				tty, username, (!rootid) ? ' ' : '*', argv[0]);
			fclose(logfp);
			fclose(fp);
			sprintf(program,"(sudo) %s",argv[0]);
			sprintf(runprog,"%s",argv[0]);
			if (rootid) {
				setuid(0);
				setgid(1);
			}
			argv[0] = program;
			execvp(runprog,argv);
			perror("sudo");
			exit(1);
		}				/* End if */
	}					/* End while */

	fprintf(logfp,"SUDO %.2d/%.2d %.2d:%.2d - %s %s %c(%s)\n",
		today->tm_mon, today->tm_mday,
		today->tm_hour, today->tm_m