tidy up a bit

diff --git a/051 b/051
index a4fc39543b76eace192deab0bd896f8987153d3f..4c4fa36822a5a8fefc66ce8ead6c956ffabe6074 100755 (executable)
--- a/051
+++ b/051
@@ -62,26 +62,20 @@ _ls()
     ls -ln $* | awk '{ print $1, $3, $4, $NF }' | _filter_id
 } 
 
-_get_newid()
+
+_setup_ids()
 {
-    cat /etc/passwd /etc/group $tmp.ids | gawk -F: '
+    eval `cat /etc/passwd /etc/group | gawk -F: '
       { ids[$3]=1 }
       END {
-        for(i=1;i<1000000;i++){
+        j=1
+        for(i=1; i<1000000 && j<=3;i++){
           if (! (i in ids)) {
-            print i;            
-             exit
+            printf "acl%d=%d;", j, i;           
+            j++
           }
         }      
-      }'
-}
-
-_setup_ids()
-{
-    touch $tmp.ids
-    acl1=`_get_newid`; echo "::$acl1" >>$tmp.ids
-    acl2=`_get_newid`; echo "::$acl2" >>$tmp.ids
-    acl3=`_get_newid`; echo "::$acl3" >>$tmp.ids
+      }'`
 }
 
 _filter_id()
@@ -95,7 +89,7 @@ _filter_id()
        -e "s/g:$acl3/g:id3/" \
        -e "s/ $acl1 / id1 /" \
        -e "s/ $acl2 / id2 /" \
-       -e "s/ $acl3 / id3 /" \
+       -e "s/ $acl3 / id3 /"
 }
 
 # -----
@@ -152,6 +146,9 @@ echo ""
 echo "=== Test minimal ACE ==="
 
 echo "Setup file"
+# Note: as this is a shell script,
+#       will need read and execute permission set
+#       in order to execute it.
 touch file1
 cat <<EOF >file1
 #!/bin/sh
@@ -252,14 +249,19 @@ $runas -u $acl3 -g $acl3 ./file1 2>&1
 
 echo ""
 echo "--- Test MASK ---"
-chacl u::---,g::---,o::---,g:$acl2:r-x,m::-wx file1 2>&1
+
+# group
+chacl u::---,g::---,o::---,g:$acl2:r-x,m::-w- file1 2>&1
 chacl -l file1 | _filter_id
 echo "Expect to FAIL as MASK prohibits execution"
 $runas -u $acl2 -g $acl2 ./file1 2>&1
-chacl u::---,g::---,o::---,u:$acl2:r-x,m::-wx file1 2>&1
+
+# user
+chacl u::---,g::---,o::---,u:$acl2:r-x,m::-w- file1 2>&1
 echo "Expect to FAIL as MASK prohibits execution"
 $runas -u $acl2 -g $acl2 ./file1 2>&1
 
+# user
 chacl u::---,g::---,o::---,u:$acl2:r-x,m::r-x file1 2>&1
 echo "Expect to PASS as MASK allows execution"
 $runas -u $acl2 -g $acl2 ./file1 2>&1

diff --git a/051.out b/051.out
index 0d84941b50cd1b0d4266bd80f01170b004ae8332..9fc8003ae319af432eb78985915cf2b54210f705 100644 (file)
--- a/051.out
+++ b/051.out
@@ -21,27 +21,27 @@ file1 [u::r-x,g::---,o::---]
 Expect to PASS
 Test was executed
 Expect to FAIL
-sh: ./file1: Permission denied
+./file1: Permission denied
 
 --- Test group permissions ---
 file1 [u::---,g::r-x,o::---]
 Expect to FAIL - acl1 is owner
-sh: ./file1: Permission denied
+./file1: Permission denied
 Expect to PASS - acl2 matches group
 Test was executed
 Expect to PASS - acl2 matches sup group
 Test was executed
 Expect to FAIL - acl3 is not in group
-sh: ./file1: Permission denied
+./file1: Permission denied
 
 --- Test other permissions ---
 file1 [u::---,g::---,o::r-x]
 Expect to FAIL - acl1 is owner
-sh: ./file1: Permission denied
+./file1: Permission denied
 Expect to FAIL - acl2 is in group
-sh: ./file1: Permission denied
+./file1: Permission denied
 Expect to FAIL - acl2 is in sup. group
-sh: ./file1: Permission denied
+./file1: Permission denied
 Expect to PASS - acl3 is not owner or in group
 Test was executed
 
@@ -56,7 +56,7 @@ Expect to PASS - USER ACE matches user
 file1 [u::---,g::---,o::---,u:id2:r-x,m::rwx]
 Test was executed
 Expect to FAIL - USER ACE does not match user
-sh: ./file1: Permission denied
+./file1: Permission denied
 
 --- Test adding a GROUP ACE ---
 Expect to FAIL as no MASK provided
@@ -69,20 +69,20 @@ Test was executed
 Expect to PASS - GROUP ACE matches sup group
 Test was executed
 Expect to FAIL - GROUP ACE does not match group
-sh: ./file1: Permission denied
+./file1: Permission denied
 
 --- Test MASK ---
-file1 [u::---,g::---,o::---,g:id2:r-x,m::-wx]
+file1 [u::---,g::---,o::---,g:id2:r-x,m::-w-]
 Expect to FAIL as MASK prohibits execution
-./file1: ./file1: Permission denied
+./file1: Permission denied
 Expect to FAIL as MASK prohibits execution
-./file1: ./file1: Permission denied
+./file1: Permission denied
 Expect to PASS as MASK allows execution
 Test was executed
 
 --- Test ACE priority ---
 Expect to FAIL as should match on owner
-sh: ./file1: Permission denied
+./file1: Permission denied
 Expect to PASS as should match on user
 Test was executed
 

diff --git a/src/runas.c b/src/runas.c
index b7a18c6d506d0e3bb6afc8f96b870932f8b35c3e..45e81463b99a4fd968596e9225c296760b78c686 100644 (file)
--- a/src/runas.c
+++ b/src/runas.c
@@ -62,7 +62,8 @@ main(int argc, char **argv)
        int c;
         uid_t uid = -1;
         gid_t gid = -1;
-        char *cmd=NULL;
+        int pid;
+        char **cmd;
         gid_t sgids[SUP_MAX];
         int sup_cnt = 0;
        int status;
@@ -91,13 +92,18 @@ main(int argc, char **argv)
        }
 
         /* build up the cmd */
-       for ( ; optind < argc; optind++) {
-           cmd = realloc(cmd, (cmd==NULL?0:strlen(cmd)) + 
-                               strlen(argv[optind]) + 4);
-           strcat(cmd, " ");
-           strcat(cmd, argv[optind]);
-       }
- 
+        if (optind == argc) {
+            usage();
+            exit(1);
+        }
+       else {
+           char **p;
+           p = cmd = (char **)malloc(sizeof(char *) * (argc - optind + 1));
+           for ( ; optind < argc; optind++, p++) {
+               *p = strdup(argv[optind]);
+            }
+           *p = NULL;
+       } 
 
         if (gid != -1) {
            if (setegid(gid) == -1) {
@@ -123,8 +129,19 @@ main(int argc, char **argv)
            }   
         }
 
-       status = system(cmd);
+       pid = fork();
+       if (pid == -1) {
+            fprintf(stderr, "%s: fork failed: %s\n",
+                   prog, strerror(errno));
+            exit(1);
+        }
+       if (pid == 0) {
+            execv(cmd[0], cmd);
+            fprintf(stderr, "%s: %s\n", cmd[0], strerror(errno));
+            exit(errno);
+       }
 
+        wait(&status);
        if (WIFSIGNALED(status)) {
            fprintf(stderr, "%s: command terminated with signal %d\n", 
                  prog, WTERMSIG(status));