2 * Copyright (c) 2002 Tim J. Robbins.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * $FreeBSD: /src/usr.bin/newgrp/newgrp.c,v 1.2 2003/10/30 15:14:34 harti Exp $
27 * $DragonFly: src/usr.bin/newgrp/newgrp.c,v 1.3 2004/12/08 22:26:42 liamfoy Exp $
31 * newgrp -- change to a new group
34 #include <sys/types.h>
41 #include <login_cap.h>
49 static void addgroup(const char *grpname
);
50 static void doshell(void);
51 static int inarray(gid_t
, const gid_t
[], int);
52 static void loginshell(void);
53 static void restoregrps(void);
54 static void usage(void);
56 static struct passwd
*pwd
;
59 extern char **environ
;
61 /* Manipulate effective user ID. */
62 #define PRIV_START do { \
63 if (seteuid(euid) < 0) \
66 #define PRIV_END do { \
67 if (seteuid(getuid()) < 0) \
72 main(int argc
, char *argv
[])
77 if (seteuid(getuid()) < 0)
80 if ((pwd
= getpwuid(getuid())) == NULL
)
81 errx(1, "unknown user");
84 while ((ch
= getopt(argc
, argv
, "-l")) != -1) {
86 case '-': /* Obsolescent */
108 if (seteuid(euid
) < 0)
110 if (setuid(getuid()) < 0)
126 fprintf(stderr
, "usage: newgrp [-l] [group]\n");
136 initres
= initgroups(pwd
->pw_name
, pwd
->pw_gid
);
137 setres
= setgid(pwd
->pw_gid
);
147 addgroup(const char *grpname
)
149 gid_t grps
[NGROUPS_MAX
];
151 int dbmember
, i
, ngrps
;
159 /* Try it as a group name, then a group id. */
160 if ((grp
= getgrnam(grpname
)) == NULL
)
161 if ((lgid
= strtol(grpname
, &ep
, 10)) <= 0 || *ep
!= '\0' ||
162 (grp
= getgrgid((gid_t
)lgid
)) == NULL
) {
163 warnx("%s: bad group name", grpname
);
168 * If the user is not a member of the requested group and the group
169 * has a password, prompt and check it.
172 if (pwd
->pw_gid
== grp
->gr_gid
)
174 for (p
= grp
->gr_mem
; *p
!= NULL
; p
++)
175 if (strcmp(*p
, pwd
->pw_name
) == 0) {
179 if (!dbmember
&& *grp
->gr_passwd
!= '\0' && getuid() != 0) {
180 pass
= getpass("Password:");
182 strcmp(grp
->gr_passwd
, crypt(pass
, grp
->gr_passwd
)) != 0) {
183 fprintf(stderr
, "Sorry\n");
188 if ((ngrps
= getgroups(NGROUPS_MAX
, (gid_t
*)grps
)) < 0) {
193 /* Remove requested gid from supp. list if it exists. */
194 if (grp
->gr_gid
!= egid
&& inarray(grp
->gr_gid
, grps
, ngrps
)) {
195 for (i
= 0; i
< ngrps
; i
++)
196 if (grps
[i
] == grp
->gr_gid
)
199 memmove(&grps
[i
], &grps
[i
+ 1], (ngrps
- i
) * sizeof(gid_t
));
201 if (setgroups(ngrps
, (const gid_t
*)grps
) < 0) {
210 if (setgid(grp
->gr_gid
)) {
216 grps
[0] = grp
->gr_gid
;
218 /* Add old effective gid to supp. list if it does not exist. */
219 if (egid
!= grp
->gr_gid
&& !inarray(egid
, grps
, ngrps
)) {
220 if (ngrps
== NGROUPS_MAX
)
221 warnx("too many groups");
223 grps
[ngrps
++] = egid
;
225 if (setgroups(ngrps
, (const gid_t
*)grps
)) {
237 inarray(gid_t gid
, const gid_t grps
[], int ngrps
)
241 for (i
= 0; i
< ngrps
; i
++)
248 * Set the environment to what would be expected if the user logged in
249 * again; this performs the same steps as su(1)'s -l option.
254 char *args
[2], **cleanenv
, *term
, *ticket
;
258 shell
= pwd
->pw_shell
;
260 shell
= _PATH_BSHELL
;
261 if (chdir(pwd
->pw_dir
) < 0) {
262 warn("%s", pwd
->pw_dir
);
266 term
= getenv("TERM");
267 ticket
= getenv("KRBTKFILE");
269 if ((cleanenv
= calloc(20, sizeof(char *))) == NULL
)
274 lc
= login_getpwclass(pwd
);
275 setusercontext(lc
, pwd
, pwd
->pw_uid
,
276 LOGIN_SETPATH
|LOGIN_SETUMASK
|LOGIN_SETENV
);
278 if (setenv("USER", pwd
->pw_name
, 1) == -1)
279 err(EXIT_FAILURE
, "setenv failed");
281 if (setenv("SHELL", shell
, 1) == -1)
282 err(EXIT_FAILURE
, "setenv failed");
284 if (setenv("HOME", pwd
->pw_dir
, 1) == -1)
285 err(EXIT_FAILURE
, "setenv failed");
288 if (setenv("TERM", term
, 1) == -1)
289 err(EXIT_FAILURE
, "setenv failed");
291 if (setenv("KRBTKFILE", ticket
, 1) == -1)
292 err(EXIT_FAILURE
, "setenv failed");
294 if (asprintf(args
, "-%s", basename(shell
)) < 0)
307 shell
= pwd
->pw_shell
;
309 shell
= _PATH_BSHELL
;
310 execl(shell
, basename(shell
), NULL
);