| 1 |
/*
|
| 2 |
* Copyright (C) 2001 Hakan Tandogan (hakan@gurkensalat.com)
|
| 3 |
*
|
| 4 |
* This program is free software; you can redistribute it and/or
|
| 5 |
* modify it under the terms of the GNU General Public License
|
| 6 |
* as published by the Free Software Foundation; either version 2
|
| 7 |
* of the License, or (at your option) any later version.
|
| 8 |
*
|
| 9 |
* This program is distributed in the hope that it will be useful,
|
| 10 |
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
| 11 |
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
| 12 |
* GNU General Public License for more details.
|
| 13 |
*
|
| 14 |
* You should have received a copy of the GNU General Public License
|
| 15 |
* along with this program; if not, write to the Free Software
|
| 16 |
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
| 17 |
*/
|
| 18 |
|
| 19 |
#include "common/setup_before.h"
|
| 20 |
#ifdef HAVE_STDDEF_H
|
| 21 |
# include <stddef.h>
|
| 22 |
#else
|
| 23 |
# ifndef NULL
|
| 24 |
# define NULL ((void *)0)
|
| 25 |
# endif
|
| 26 |
#endif
|
| 27 |
#ifdef STDC_HEADERS
|
| 28 |
# include <stdlib.h>
|
| 29 |
#endif
|
| 30 |
#ifdef HAVE_SYS_TYPES_H
|
| 31 |
# include <sys/types.h>
|
| 32 |
#endif
|
| 33 |
#ifdef HAVE_UNISTD_H
|
| 34 |
# include <unistd.h>
|
| 35 |
#endif
|
| 36 |
#ifdef HAVE_PWD_H
|
| 37 |
# include <pwd.h>
|
| 38 |
#endif
|
| 39 |
#ifdef HAVE_GRP_H
|
| 40 |
# include <grp.h>
|
| 41 |
#endif
|
| 42 |
#ifdef HAVE_STRING_H
|
| 43 |
# include <string.h>
|
| 44 |
#endif
|
| 45 |
#include <errno.h>
|
| 46 |
#include "compat/strerror.h"
|
| 47 |
#include "common/eventlog.h"
|
| 48 |
#include "common/give_up_root_privileges.h"
|
| 49 |
#include "common/setup_after.h"
|
| 50 |
|
| 51 |
|
| 52 |
#define ILLEGAL_ID -1
|
| 53 |
|
| 54 |
|
| 55 |
static int gurp_gname2id(const char *name);
|
| 56 |
static int gurp_uname2id(const char *name);
|
| 57 |
|
| 58 |
|
| 59 |
extern int give_up_root_privileges(char const * user_name, char const * group_name)
|
| 60 |
{
|
| 61 |
int user_id = 0;
|
| 62 |
int group_id = 0;
|
| 63 |
|
| 64 |
eventlog(eventlog_level_debug,__FUNCTION__,"about to give up root privileges");
|
| 65 |
|
| 66 |
if (user_name)
|
| 67 |
{
|
| 68 |
if ((user_id = gurp_uname2id(user_name))==ILLEGAL_ID)
|
| 69 |
{ return -1; }
|
| 70 |
else
|
| 71 |
{ eventlog(eventlog_level_debug,__FUNCTION__,"should change to user = '%s' (%d)", user_name, user_id); }
|
| 72 |
}
|
| 73 |
if (group_name)
|
| 74 |
{
|
| 75 |
if ((group_id = gurp_gname2id(group_name))==ILLEGAL_ID)
|
| 76 |
{ return -1; }
|
| 77 |
else
|
| 78 |
{ eventlog(eventlog_level_debug,__FUNCTION__,"should change to group = '%s' (%d)", group_name, group_id); }
|
| 79 |
}
|
| 80 |
|
| 81 |
/* Change first the group ID, later we might not be able to anymore
|
| 82 |
* We can use setgid safely because we don't want to return to root
|
| 83 |
* privileges anymore
|
| 84 |
*/
|
| 85 |
|
| 86 |
#ifdef HAVE_SETGID
|
| 87 |
if (group_name)
|
| 88 |
{
|
| 89 |
if (-1 == setgid(group_id))
|
| 90 |
{
|
| 91 |
eventlog(eventlog_level_fatal,__FUNCTION__,"could not set gid to %d (setgid: %s)", group_id, pstrerror(errno));
|
| 92 |
return -1;
|
| 93 |
}
|
| 94 |
# ifdef HAVE_GETUID
|
| 95 |
eventlog(eventlog_level_info,__FUNCTION__,"Changed privileges to gid = %d", getgid());
|
| 96 |
# endif
|
| 97 |
}
|
| 98 |
#endif
|
| 99 |
|
| 100 |
#ifdef HAVE_SETUID
|
| 101 |
if (user_name)
|
| 102 |
{
|
| 103 |
if (-1 == setuid(user_id))
|
| 104 |
{
|
| 105 |
eventlog(eventlog_level_fatal,__FUNCTION__,"could not set uid to %d (setuid: %s)", user_id, pstrerror(errno));
|
| 106 |
return -1;
|
| 107 |
}
|
| 108 |
# ifdef HAVE_GETGID
|
| 109 |
eventlog(eventlog_level_info,__FUNCTION__,"Changed privileges to uid = %d", getuid());
|
| 110 |
# endif
|
| 111 |
}
|
| 112 |
#endif
|
| 113 |
|
| 114 |
return 0;
|
| 115 |
}
|
| 116 |
|
| 117 |
|
| 118 |
static int gurp_uname2id(const char *name)
|
| 119 |
{
|
| 120 |
int id = ILLEGAL_ID;
|
| 121 |
|
| 122 |
if (name != NULL)
|
| 123 |
{
|
| 124 |
if (name[0] == '#')
|
| 125 |
{
|
| 126 |
id = atoi(&name[1]);
|
| 127 |
}
|
| 128 |
else
|
| 129 |
{
|
| 130 |
#ifdef HAVE_GETPWNAM
|
| 131 |
struct passwd * ent;
|
| 132 |
|
| 133 |
eventlog(eventlog_level_debug,__FUNCTION__,"about to getpwnam(%s)", name);
|
| 134 |
|
| 135 |
if (!(ent = getpwnam(name)))
|
| 136 |
{
|
| 137 |
eventlog(eventlog_level_fatal,__FUNCTION__,"cannot get password file entry for '%s' (getpwnam: %s)", name, pstrerror(errno));
|
| 138 |
return id;
|
| 139 |
}
|
| 140 |
id = ent->pw_uid;
|
| 141 |
#else
|
| 142 |
return id;
|
| 143 |
#endif
|
| 144 |
}
|
| 145 |
}
|
| 146 |
|
| 147 |
return id;
|
| 148 |
}
|
| 149 |
|
| 150 |
|
| 151 |
static int gurp_gname2id(const char *name)
|
| 152 |
{
|
| 153 |
int id = ILLEGAL_ID;
|
| 154 |
|
| 155 |
if (name != NULL)
|
| 156 |
{
|
| 157 |
if (name[0] == '#')
|
| 158 |
{
|
| 159 |
id = atoi(&name[1]);
|
| 160 |
}
|
| 161 |
else
|
| 162 |
{
|
| 163 |
#ifdef HAVE_GETGRNAM
|
| 164 |
struct group * ent;
|
| 165 |
|
| 166 |
eventlog(eventlog_level_debug,__FUNCTION__,"about to getgrnam(%s)", name);
|
| 167 |
|
| 168 |
if (!(ent = getgrnam(name)))
|
| 169 |
{
|
| 170 |
eventlog(eventlog_level_fatal,__FUNCTION__,"cannot get group file entry for '%s' (getgrnam: %s)", name, pstrerror(errno));
|
| 171 |
return id;
|
| 172 |
}
|
| 173 |
id = ent->gr_gid;
|
| 174 |
#else
|
| 175 |
return id;
|
| 176 |
#endif
|
| 177 |
}
|
| 178 |
}
|
| 179 |
|
| 180 |
return id;
|
| 181 |
}
|
Parent Directory
| 
Revision Log