<div dir="ltr"><br><div>How to call it, the example you gave is what I was looking for, and I'll put that in.</div><div><br></div><div>If you have an example which is simple ( so I don't have to figure out what are the relevant parts ) I would like to learn some of this. The only thing is this is the first C program I've written in over 20 years and very likely the last for the next 20, I just don't have reason to do it.</div>
<div><br></div><div>Robert</div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 27, 2014 at 1:29 PM, Alex Carver <span dir="ltr"><<a href="mailto:agcarver+ale@acarver.net" target="_blank">agcarver+ale@acarver.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">It's already written as a function definition, you just have to put it<br>
in the file and then call it in your program before the system() call:<br>
<div class=""><br>
int main(int argc, char **argv)<br>
{<br>
setuid( 662705787 );<br>
<br>
char Command[512];<br>
</div> if ( is_5char_alnum(argv[1]) == 1 )<br>
<div class=""> {<br>
sprintf(Command, "ssh user2@Server2 -C '/home/user2/bin/Test.sh<br>
%s'", argv[1]);<br>
system((char *)Command);<br>
}<br>
</div> else<br>
{<br>
printf("Bad input\n");<br>
}<br>
return 0;<br>
}<br>
<br>
<br>
Though you really should adjust things to use snprintf() and reparse<br>
argv[] into another variable first to sanitize it before feeding it into<br>
a command.<br>
<div class="HOEnZb"><div class="h5"><br>
On 2014-05-27 11:05, Robert L. Harris wrote:<br>
> How would I tie that in to my program? I would read it as a function I<br>
> would run once I have my input but before I execute the system command but<br>
> don't know how to do that in C.<br>
><br>
><br>
><br>
> On Tue, May 27, 2014 at 11:59 AM, David Tomaschik<br>
> <<a href="mailto:david@systemoverlord.com">david@systemoverlord.com</a>>wrote:<br>
><br>
>> int is_5char_alnum(char *str) {<br>
>> /* Returns 1 if 5 char alnum, 0 otherwise. */<br>
>> int i;<br>
>> if (!str)<br>
>> return 0;<br>
>> for (i=0;i<5;i++) {<br>
>> if (!((str[i] >= 'A' && str[i] <= 'Z') ||<br>
>> (str[i] >= 'a' && str[i] <= 'a') ||<br>
>> (str[i] >= '0' && str[i] <= '9')))<br>
>> return 0;<br>
>> }<br>
>> return (str[5] == '\0')?1:0;<br>
>> }<br>
>><br>
>><br>
>> On Tue, May 27, 2014 at 10:37 AM, Robert L. Harris <<br>
>> <a href="mailto:robert.l.harris@gmail.com">robert.l.harris@gmail.com</a>> wrote:<br>
>><br>
>>><br>
>>> Here is what I ended up with from a "get this working" perspective:<br>
>>><br>
>>><br>
>>> #include <stdio.h><br>
>>> #include <stdlib.h><br>
>>> #include <sys/types.h><br>
>>> #include <unistd.h><br>
>>><br>
>>><br>
>>> int main(int argc, char **argv)<br>
>>> {<br>
>>><br>
>>> setuid( 662705787 );<br>
>>><br>
>>> char Command[512];<br>
>>> sprintf(Command, "ssh user2@Server2 -C '/home/user2/bin/Test.sh<br>
>>> %s'", argv[1]);<br>
>>> system((char *)Command);<br>
>>><br>
>>> return 0;<br>
>>> }<br>
>>><br>
>>><br>
>>> Given that I have something that works, I need to put the data checks in<br>
>>> for a character length of 5 alpha numeric. What changes should I make?<br>
>>> What other 'good to do' would anyone suggest? I need to have this basic<br>
>>> functionality, but I'd like to make it "better" as well but I don't know C<br>
>>> other than how to do a "gcc" or read very specific examples.<br>
>>><br>
>>> Robert<br>
>>><br>
>>><br>
>>><br>
>>> On Sat, May 24, 2014 at 6:57 AM, Horkan Smith <<a href="mailto:ale@horkan.net">ale@horkan.net</a>> wrote:<br>
>>><br>
>>>> You might also want to restrict what a user could do via ssh on the 2nd<br>
>>>> server:<br>
>>>><br>
>>>><br>
>>>> <a href="http://stackoverflow.com/questions/402615/how-to-restrict-ssh-users-to-a-predefined-set-of-commands-after-login" target="_blank">http://stackoverflow.com/questions/402615/how-to-restrict-ssh-users-to-a-predefined-set-of-commands-after-login</a><br>
>>>><br>
>>>> <a href="http://www.wallix.org/2011/10/18/restricting-remote-commands-over-ssh/" target="_blank">http://www.wallix.org/2011/10/18/restricting-remote-commands-over-ssh/</a><br>
>>>><br>
>>>><br>
>>>> <a href="http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/" target="_blank">http://cybermashup.com/2013/05/14/restrict-ssh-logins-to-a-single-command/</a><br>
>>>><br>
>>>> later!<br>
>>>> horkan<br>
>>>><br>
>>>> On Thu, May 22, 2014 at 05:37:32PM -0600, Robert L. Harris wrote:<br>
>>>>> The reason for the "system" is just to see what value I'm getting out.<br>
>>>>><br>
>>>>> I have a perl script doing a bunch of processing which will be run by a<br>
>>>>> couple different users. One aspect of the perl script is to connect to<br>
>>>>> another machine and run a command as a specific user. Instead of<br>
>>>> having<br>
>>>>> others know the passwd, etc. I have a hostkey set up from my server<br>
>>>> as a<br>
>>>>> non-privledged user to another system. I want to have the C program<br>
>>>> setuid<br>
>>>>> to the non-privledged user, ssh to the second server and run 1 command<br>
>>>> with<br>
>>>>> the only variable being XXXXX. More convoluted than I want but the<br>
>>>> safest<br>
>>>>> method I can come up with to get just the output I need from the second<br>
>>>>> server.<br>
>>>>><br>
>>>>><br>
>>>>><br>
>>>>> On Thu, May 22, 2014 at 5:31 PM, Ed Cashin <<a href="mailto:ecashin@noserose.net">ecashin@noserose.net</a>><br>
>>>> wrote:<br>
>>>>><br>
>>>>>> In general, with this kind of stuff, you want to avoid using the<br>
>>>>>> shell, so no use of "system" or other library calls that implicitly<br>
>>>>>> run a shell. The reason is that most programmers cannot anticipate<br>
>>>>>> all the corner cases that allow unexpected things to happen when you<br>
>>>>>> run a shell from your C program based on user data.<br>
>>>>>><br>
>>>>>> But this extra information is making me less certain that I'm coming<br>
>>>>>> up with the best feedback.<br>
>>>>>><br>
>>>>>> Does it happen to be the case that you're using C because you want to<br>
>>>>>> create an executable that you will make setuid root?<br>
>>>>>><br>
>>>>>><br>
>>>>>> On Thu, May 22, 2014 at 7:12 PM, Robert L. Harris<br>
>>>>>> <<a href="mailto:robert.l.harris@gmail.com">robert.l.harris@gmail.com</a>> wrote:<br>
>>>>>>> My main goal is to make sure someone doesn't run this command and<br>
>>>> pass it<br>
>>>>>>> somethign like : "15361; rm -rf ~/*"<br>
>>>>>>> I will need another version where XXXXX can be any alpha-numeric<br>
>>>>>> character<br>
>>>>>>> too but the main concern is the moron doing something stupid.<br>
>>>>>>><br>
>>>>>>> Robert<br>
>>>>>>><br>
>>>>>>><br>
>>>>>>><br>
>>>>>>> On Thu, May 22, 2014 at 4:40 PM, Ed Cashin <<a href="mailto:ecashin@noserose.net">ecashin@noserose.net</a>><br>
>>>> wrote:<br>
>>>>>>>><br>
>>>>>>>> I'm not at a keyboard now, but strtol could do it all if you<br>
>>>> provide a<br>
>>>>>>>> non-NULL end pointer. (That will make sense on reading the strtol<br>
>>>> man<br>
>>>>>> page.)<br>
>>>>>>>> Just subtract the end from the start and compare to 5,after<br>
>>>> specifying<br>
>>>>>> base<br>
>>>>>>>> ten.<br>
>>>>>>>><br>
>>>>>>>> On May 22, 2014 6:17 PM, "Robert L. Harris" <<br>
>>>> <a href="mailto:robert.l.harris@gmail.com">robert.l.harris@gmail.com</a>><br>
>>>>>>>> wrote:<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> Anyone have a very simple C program source that given a command<br>
>>>> of :<br>
>>>>>>>>><br>
>>>>>>>>> ./Validate XXXXX<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> it will verify that XXXXX is a 5 digit integer and then execute<br>
>>>>>>>>><br>
>>>>>>>>> system( "/bin/touch XXXXX");<br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>><br>
>>>>>>>>> There's much more to it but I'm hung up on this. Unfortunately<br>
>>>> I'm<br>
>>>>>> not a<br>
>>>>>>>>> C person.<br>
>>>>>>>>><br>
>>>>>>>>> Robert<br>
>>>>>>>>><br>
>>>>>>>>><br>
<br>
</div></div><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>:wq!<br>---------------------------------------------------------------------------<br>Robert L. Harris<br><br>DISCLAIMER:<br> These are MY OPINIONS With Dreams To Be A King,<br>
ALONE. I speak for First One Should Be A Man<br> no-one else. - Manowar
</div>