1 1.3 christos /* $NetBSD: user.c,v 1.4 2025/09/05 21:16:26 christos Exp $ */ 2 1.2 christos 3 1.1 lukem /* user.c - set user id, group id and group access list */ 4 1.2 christos /* $OpenLDAP$ */ 5 1.1 lukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 1.1 lukem * 7 1.4 christos * Copyright 1998-2024 The OpenLDAP Foundation. 8 1.1 lukem * Portions Copyright 1999 PM Lashley. 9 1.1 lukem * All rights reserved. 10 1.1 lukem * 11 1.1 lukem * Redistribution and use in source and binary forms, with or without 12 1.1 lukem * modification, are permitted only as authorized by the OpenLDAP 13 1.1 lukem * Public License. 14 1.1 lukem * 15 1.1 lukem * A copy of this license is available in the file LICENSE in the 16 1.1 lukem * top-level directory of the distribution or, alternatively, at 17 1.1 lukem * <http://www.OpenLDAP.org/license.html>. 18 1.1 lukem */ 19 1.1 lukem 20 1.2 christos #include <sys/cdefs.h> 21 1.3 christos __RCSID("$NetBSD: user.c,v 1.4 2025/09/05 21:16:26 christos Exp $"); 22 1.2 christos 23 1.1 lukem #include "portable.h" 24 1.1 lukem 25 1.1 lukem #if defined(HAVE_SETUID) && defined(HAVE_SETGID) 26 1.1 lukem 27 1.1 lukem #include <stdio.h> 28 1.1 lukem 29 1.1 lukem #include <ac/stdlib.h> 30 1.1 lukem 31 1.1 lukem #ifdef HAVE_PWD_H 32 1.1 lukem #include <pwd.h> 33 1.1 lukem #endif 34 1.1 lukem #ifdef HAVE_GRP_H 35 1.1 lukem #include <grp.h> 36 1.1 lukem #endif 37 1.1 lukem 38 1.1 lukem #include <ac/ctype.h> 39 1.1 lukem #include <ac/unistd.h> 40 1.1 lukem 41 1.1 lukem #include "slap.h" 42 1.1 lukem #include "lutil.h" 43 1.1 lukem 44 1.1 lukem /* 45 1.1 lukem * Set real and effective user id and group id, and group access list 46 1.1 lukem */ 47 1.1 lukem 48 1.1 lukem void 49 1.1 lukem slap_init_user( char *user, char *group ) 50 1.1 lukem { 51 1.1 lukem uid_t uid = 0; 52 1.1 lukem gid_t gid = 0; 53 1.1 lukem int got_uid = 0, got_gid = 0; 54 1.1 lukem 55 1.1 lukem if ( user ) { 56 1.1 lukem struct passwd *pwd; 57 1.1 lukem if ( isdigit( (unsigned char) *user ) ) { 58 1.1 lukem unsigned u; 59 1.1 lukem 60 1.1 lukem got_uid = 1; 61 1.1 lukem if ( lutil_atou( &u, user ) != 0 ) { 62 1.1 lukem Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n", 63 1.3 christos user ); 64 1.1 lukem 65 1.1 lukem exit( EXIT_FAILURE ); 66 1.1 lukem } 67 1.1 lukem uid = (uid_t)u; 68 1.1 lukem #ifdef HAVE_GETPWUID 69 1.1 lukem pwd = getpwuid( uid ); 70 1.1 lukem goto did_getpw; 71 1.1 lukem #else 72 1.1 lukem user = NULL; 73 1.1 lukem #endif 74 1.1 lukem } else { 75 1.1 lukem pwd = getpwnam( user ); 76 1.1 lukem did_getpw: 77 1.1 lukem if ( pwd == NULL ) { 78 1.1 lukem Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n", 79 1.3 christos user ); 80 1.1 lukem 81 1.1 lukem exit( EXIT_FAILURE ); 82 1.1 lukem } 83 1.1 lukem if ( got_uid ) { 84 1.3 christos user = (pwd != NULL ? pwd->pw_name : NULL); 85 1.1 lukem } else { 86 1.1 lukem got_uid = 1; 87 1.1 lukem uid = pwd->pw_uid; 88 1.1 lukem } 89 1.1 lukem got_gid = 1; 90 1.1 lukem gid = pwd->pw_gid; 91 1.1 lukem #ifdef HAVE_ENDPWENT 92 1.1 lukem endpwent(); 93 1.1 lukem #endif 94 1.1 lukem } 95 1.1 lukem } 96 1.1 lukem 97 1.1 lukem if ( group ) { 98 1.1 lukem struct group *grp; 99 1.1 lukem if ( isdigit( (unsigned char) *group )) { 100 1.1 lukem unsigned g; 101 1.1 lukem 102 1.1 lukem if ( lutil_atou( &g, group ) != 0 ) { 103 1.1 lukem Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n", 104 1.3 christos group ); 105 1.1 lukem 106 1.1 lukem exit( EXIT_FAILURE ); 107 1.1 lukem } 108 1.1 lukem gid = (uid_t)g; 109 1.1 lukem #ifdef HAVE_GETGRGID 110 1.1 lukem grp = getgrgid( gid ); 111 1.1 lukem goto did_group; 112 1.1 lukem #endif 113 1.1 lukem } else { 114 1.1 lukem grp = getgrnam( group ); 115 1.1 lukem if ( grp != NULL ) 116 1.1 lukem gid = grp->gr_gid; 117 1.1 lukem did_group: 118 1.1 lukem if ( grp == NULL ) { 119 1.1 lukem Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n", 120 1.3 christos group ); 121 1.1 lukem 122 1.1 lukem exit( EXIT_FAILURE ); 123 1.1 lukem } 124 1.1 lukem } 125 1.1 lukem got_gid = 1; 126 1.1 lukem } 127 1.1 lukem 128 1.1 lukem if ( user ) { 129 1.1 lukem if ( getuid() == 0 && initgroups( user, gid ) != 0 ) { 130 1.1 lukem Debug( LDAP_DEBUG_ANY, 131 1.3 christos "Could not set the group access (gid) list\n" ); 132 1.1 lukem 133 1.1 lukem exit( EXIT_FAILURE ); 134 1.1 lukem } 135 1.1 lukem } 136 1.1 lukem 137 1.1 lukem #ifdef HAVE_ENDGRENT 138 1.1 lukem endgrent(); 139 1.1 lukem #endif 140 1.1 lukem 141 1.1 lukem if ( got_gid ) { 142 1.1 lukem if ( setgid( gid ) != 0 ) { 143 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n", 144 1.3 christos (int) gid ); 145 1.1 lukem 146 1.1 lukem exit( EXIT_FAILURE ); 147 1.1 lukem } 148 1.1 lukem #ifdef HAVE_SETEGID 149 1.1 lukem if ( setegid( gid ) != 0 ) { 150 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n", 151 1.3 christos (int) gid ); 152 1.1 lukem 153 1.1 lukem exit( EXIT_FAILURE ); 154 1.1 lukem } 155 1.1 lukem #endif 156 1.1 lukem } 157 1.1 lukem 158 1.1 lukem if ( got_uid ) { 159 1.1 lukem if ( setuid( uid ) != 0 ) { 160 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n", 161 1.3 christos (int) uid ); 162 1.1 lukem 163 1.1 lukem exit( EXIT_FAILURE ); 164 1.1 lukem } 165 1.1 lukem #ifdef HAVE_SETEUID 166 1.1 lukem if ( seteuid( uid ) != 0 ) { 167 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n", 168 1.3 christos (int) uid ); 169 1.1 lukem 170 1.1 lukem exit( EXIT_FAILURE ); 171 1.1 lukem } 172 1.1 lukem #endif 173 1.1 lukem } 174 1.1 lukem } 175 1.1 lukem 176 1.1 lukem #endif /* HAVE_PWD_H && HAVE_GRP_H */ 177
Indexes created Sun Apr 26 00:22:38 UTC 2026