Initial commit

.gitignore

@@ -0,0 +1,2 @@
+zig-cache/
+zig-out/

LICENSE.md

@@ -0,0 +1,11 @@
+Copyright 2023 Tranquillity Codes
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

build.zig

@@ -0,0 +1,70 @@
+const std = @import("std");
+
+// Although this function looks imperative, note that its job is to
+// declaratively construct a build graph that will be executed by an external
+// runner.
+pub fn build(b: *std.Build) void {
+    // Standard target options allows the person running `zig build` to choose
+    // what target to build for. Here we do not override the defaults, which
+    // means any target is allowed, and the default is native. Other options
+    // for restricting supported target set are available.
+    var target = b.standardTargetOptions(.{});
+		//target.ofmt = .c;
+
+    // Standard optimization options allow the person running `zig build` to select
+    // between Debug, ReleaseSafe, ReleaseFast, and ReleaseSmall. Here we do not
+    // set a preferred release mode, allowing the user to decide how to optimize.
+    const optimize = b.standardOptimizeOption(.{});
+
+    const exe = b.addExecutable(.{
+        .name = "rt",
+        // In this case the main source file is merely a path, however, in more
+        // complicated build scripts, this could be a generated file.
+        .root_source_file = .{ .path = "src/main.zig" },
+        .target = target,
+        .optimize = optimize,
+    });
+    exe.linkSystemLibrary("c");
+    exe.linkSystemLibrary("libcrypt");
+		
+    // This declares intent for the executable to be installed into the
+    // standard location when the user invokes the "install" step (the default
+    // step when running `zig build`).
+    exe.install();
+
+    // This *creates* a RunStep in the build graph, to be executed when another
+    // step is evaluated that depends on it. The next line below will establish
+    // such a dependency.
+    const run_cmd = exe.run();
+
+    // By making the run step depend on the install step, it will be run from the
+    // installation directory rather than directly from within the cache directory.
+    // This is not necessary, however, if the application depends on other installed
+    // files, this ensures they will be present and in the expected location.
+    run_cmd.step.dependOn(b.getInstallStep());
+
+    // This allows the user to pass arguments to the application in the build
+    // command itself, like this: `zig build run -- arg1 arg2 etc`
+    if (b.args) |args| {
+        run_cmd.addArgs(args);
+    }
+
+    // This creates a build step. It will be visible in the `zig build --help` menu,
+    // and can be selected like this: `zig build run`
+    // This will evaluate the `run` step rather than the default, which is "install".
+    const run_step = b.step("run", "Run the app");
+    run_step.dependOn(&run_cmd.step);
+
+    // Creates a step for unit testing.
+    const exe_tests = b.addTest(.{
+        .root_source_file = .{ .path = "src/main.zig" },
+        .target = target,
+        .optimize = optimize,
+    });
+
+    // Similar to creating the run step earlier, this exposes a `test` step to
+    // the `zig build --help` menu, providing a way for the user to request
+    // running the unit tests.
+    const test_step = b.step("test", "Run unit tests");
+    test_step.dependOn(&exe_tests.step);
+}

shell.nix

@@ -0,0 +1,26 @@
+{ pkgs ? import <nixpkgs> {} }:
+pkgs.mkShell {
+  buildInputs = with pkgs; [
+		(zig.overrideAttrs(s: {
+			version = "18e6d1e";
+			patches = [
+				(fetchpatch {
+					url="https://github.com/ziglang/zig/pull/14254.patch";
+					sha256="sha256-6Ada9uhrGVXHVB+Shs8wMVDSDOZF0a7SLn39Tha62lw=";
+				})
+			];
+			src = fetchFromGitHub {
+				owner="ziglang";
+				repo="zig";
+				rev="18e6d1e81929964e9f1d9780e3d8e8f8ae4fcff0";
+				sha256="sha256-2L3RGiGZ8REMLluAA+tAu47HOAYJhEjUhImLgvwamtM=";
+			};
+		}))
+		libxcrypt 
+		pkg-config
+  ];
+ 	shellHook = ''
+ 	'';
+}
+
+

src/main.zig

@@ -0,0 +1,75 @@
+// vim: set expandtab: set tabstop=4
+const std = @import("std");
+
+const mem = std.mem;
+const crypto = std.crypto;
+const heap = std.heap;
+const process = std.process;
+const cstr = std.cstr;
+const os = std.os;
+const io = std.io;
+
+const assert = std.debug.assert;
+
+const ArrayList = std.ArrayList;
+
+const c = @cImport({
+    @cInclude("pwd.h");
+    @cInclude("shadow.h");
+    @cInclude("unistd.h");
+    @cInclude("grp.h");
+    @cInclude("crypt.h");
+});
+
+fn getGroups(alloc: mem.Allocator, passwd: c.passwd) ![]c.gid_t {
+    var ngr: c_int = 0;
+    _ = c.getgrouplist(passwd.pw_name, passwd.pw_gid, null, &ngr);
+    const groups = try alloc.alloc(c.gid_t, @intCast(usize, ngr));
+    _ = c.getgrouplist(passwd.pw_name, passwd.pw_gid, groups.ptr, &ngr);
+    return groups;
+}
+
+pub fn main() !u8 {
+    const stderr = io.getStdErr().writer();
+    if (os.argv.len <= 1) {
+      try stderr.print("Not enough arguments\n", .{});
+      return 1;
+    }
+
+    const passwd = c.getpwuid(c.getuid()).*;
+
+    const shadowEntry = c.getspnam(passwd.pw_name);
+    if (shadowEntry == null) {
+      try stderr.print("Missing setuid on binary {s}\n", .{os.argv[0]});
+      return 1;
+    }
+    const shadow = shadowEntry.*;
+
+    const wheel = c.getgrnam("wheel").*;
+
+    var allocator = heap.ArenaAllocator.init(std.heap.page_allocator);
+    defer allocator.deinit();
+    const gpa = allocator.allocator();
+
+    for (try getGroups(gpa, passwd)) |gr_id| {
+        const gr = c.getgrgid(gr_id).*;
+        if (gr.gr_gid == wheel.gr_gid) {
+            const pass = mem.span(c.getpass("#: "));
+            if (cstr.cmp(shadow.sp_pwdp, c.crypt(pass, shadow.sp_pwdp)) == 0) {
+                crypto.utils.secureZero(u8, pass);
+                _ = c.setuid(0);
+                _ = c.setgid(0);
+                var argl = ArrayList([]const u8).init(gpa);
+                for (os.argv[1..]) |arg| {
+                    try argl.append(mem.span(arg));
+                }
+                return process.execv(gpa, try argl.toOwnedSlice());
+            } else {
+              try stderr.print("Wrong Password\n", .{});
+              return 1;
+            }
+            break;
+        }
+    }
+    return 0;
+}