user.c revision 1.1.1.4
1 1.1.1.2 lukem /* $NetBSD: user.c,v 1.1.1.4 2014/05/28 09:58:48 tron Exp $ */ 2 1.1.1.2 lukem 3 1.1 lukem /* user.c - set user id, group id and group access list */ 4 1.1.1.4 tron /* $OpenLDAP$ */ 5 1.1 lukem /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 1.1 lukem * 7 1.1.1.4 tron * Copyright 1998-2014 The OpenLDAP Foundation. 8 1.1 lukem * Portions Copyright 1999 PM Lashley. 9 1.1 lukem * All rights reserved. 10 1.1 lukem * 11 1.1 lukem * Redistribution and use in source and binary forms, with or without 12 1.1 lukem * modification, are permitted only as authorized by the OpenLDAP 13 1.1 lukem * Public License. 14 1.1 lukem * 15 1.1 lukem * A copy of this license is available in the file LICENSE in the 16 1.1 lukem * top-level directory of the distribution or, alternatively, at 17 1.1 lukem * <http://www.OpenLDAP.org/license.html>. 18 1.1 lukem */ 19 1.1 lukem 20 1.1 lukem #include "portable.h" 21 1.1 lukem 22 1.1 lukem #if defined(HAVE_SETUID) && defined(HAVE_SETGID) 23 1.1 lukem 24 1.1 lukem #include <stdio.h> 25 1.1 lukem 26 1.1 lukem #include <ac/stdlib.h> 27 1.1 lukem 28 1.1 lukem #ifdef HAVE_PWD_H 29 1.1 lukem #include <pwd.h> 30 1.1 lukem #endif 31 1.1 lukem #ifdef HAVE_GRP_H 32 1.1 lukem #include <grp.h> 33 1.1 lukem #endif 34 1.1 lukem 35 1.1 lukem #include <ac/ctype.h> 36 1.1 lukem #include <ac/unistd.h> 37 1.1 lukem 38 1.1 lukem #include "slap.h" 39 1.1 lukem #include "lutil.h" 40 1.1 lukem 41 1.1 lukem /* 42 1.1 lukem * Set real and effective user id and group id, and group access list 43 1.1 lukem * The user and group arguments are freed. 44 1.1 lukem */ 45 1.1 lukem 46 1.1 lukem void 47 1.1 lukem slap_init_user( char *user, char *group ) 48 1.1 lukem { 49 1.1 lukem uid_t uid = 0; 50 1.1 lukem gid_t gid = 0; 51 1.1 lukem int got_uid = 0, got_gid = 0; 52 1.1 lukem 53 1.1 lukem if ( user ) { 54 1.1 lukem struct passwd *pwd; 55 1.1 lukem if ( isdigit( (unsigned char) *user ) ) { 56 1.1 lukem unsigned u; 57 1.1 lukem 58 1.1 lukem got_uid = 1; 59 1.1 lukem if ( lutil_atou( &u, user ) != 0 ) { 60 1.1 lukem Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n", 61 1.1 lukem user, 0, 0 ); 62 1.1 lukem 63 1.1 lukem exit( EXIT_FAILURE ); 64 1.1 lukem } 65 1.1 lukem uid = (uid_t)u; 66 1.1 lukem #ifdef HAVE_GETPWUID 67 1.1 lukem pwd = getpwuid( uid ); 68 1.1 lukem goto did_getpw; 69 1.1 lukem #else 70 1.1 lukem free( user ); 71 1.1 lukem user = NULL; 72 1.1 lukem #endif 73 1.1 lukem } else { 74 1.1 lukem pwd = getpwnam( user ); 75 1.1 lukem did_getpw: 76 1.1 lukem if ( pwd == NULL ) { 77 1.1 lukem Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n", 78 1.1 lukem user, 0, 0 ); 79 1.1 lukem 80 1.1 lukem exit( EXIT_FAILURE ); 81 1.1 lukem } 82 1.1 lukem if ( got_uid ) { 83 1.1 lukem free( user ); 84 1.1 lukem user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL); 85 1.1 lukem } else { 86 1.1 lukem got_uid = 1; 87 1.1 lukem uid = pwd->pw_uid; 88 1.1 lukem } 89 1.1 lukem got_gid = 1; 90 1.1 lukem gid = pwd->pw_gid; 91 1.1 lukem #ifdef HAVE_ENDPWENT 92 1.1 lukem endpwent(); 93 1.1 lukem #endif 94 1.1 lukem } 95 1.1 lukem } 96 1.1 lukem 97 1.1 lukem if ( group ) { 98 1.1 lukem struct group *grp; 99 1.1 lukem if ( isdigit( (unsigned char) *group )) { 100 1.1 lukem unsigned g; 101 1.1 lukem 102 1.1 lukem if ( lutil_atou( &g, group ) != 0 ) { 103 1.1 lukem Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n", 104 1.1 lukem group, 0, 0 ); 105 1.1 lukem 106 1.1 lukem exit( EXIT_FAILURE ); 107 1.1 lukem } 108 1.1 lukem gid = (uid_t)g; 109 1.1 lukem #ifdef HAVE_GETGRGID 110 1.1 lukem grp = getgrgid( gid ); 111 1.1 lukem goto did_group; 112 1.1 lukem #endif 113 1.1 lukem } else { 114 1.1 lukem grp = getgrnam( group ); 115 1.1 lukem if ( grp != NULL ) 116 1.1 lukem gid = grp->gr_gid; 117 1.1 lukem did_group: 118 1.1 lukem if ( grp == NULL ) { 119 1.1 lukem Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n", 120 1.1 lukem group, 0, 0 ); 121 1.1 lukem 122 1.1 lukem exit( EXIT_FAILURE ); 123 1.1 lukem } 124 1.1 lukem } 125 1.1 lukem free( group ); 126 1.1 lukem got_gid = 1; 127 1.1 lukem } 128 1.1 lukem 129 1.1 lukem if ( user ) { 130 1.1 lukem if ( getuid() == 0 && initgroups( user, gid ) != 0 ) { 131 1.1 lukem Debug( LDAP_DEBUG_ANY, 132 1.1 lukem "Could not set the group access (gid) list\n", 0, 0, 0 ); 133 1.1 lukem 134 1.1 lukem exit( EXIT_FAILURE ); 135 1.1 lukem } 136 1.1 lukem free( user ); 137 1.1 lukem } 138 1.1 lukem 139 1.1 lukem #ifdef HAVE_ENDGRENT 140 1.1 lukem endgrent(); 141 1.1 lukem #endif 142 1.1 lukem 143 1.1 lukem if ( got_gid ) { 144 1.1 lukem if ( setgid( gid ) != 0 ) { 145 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n", 146 1.1 lukem (int) gid, 0, 0 ); 147 1.1 lukem 148 1.1 lukem exit( EXIT_FAILURE ); 149 1.1 lukem } 150 1.1 lukem #ifdef HAVE_SETEGID 151 1.1 lukem if ( setegid( gid ) != 0 ) { 152 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n", 153 1.1 lukem (int) gid, 0, 0 ); 154 1.1 lukem 155 1.1 lukem exit( EXIT_FAILURE ); 156 1.1 lukem } 157 1.1 lukem #endif 158 1.1 lukem } 159 1.1 lukem 160 1.1 lukem if ( got_uid ) { 161 1.1 lukem if ( setuid( uid ) != 0 ) { 162 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n", 163 1.1 lukem (int) uid, 0, 0 ); 164 1.1 lukem 165 1.1 lukem exit( EXIT_FAILURE ); 166 1.1 lukem } 167 1.1 lukem #ifdef HAVE_SETEUID 168 1.1 lukem if ( seteuid( uid ) != 0 ) { 169 1.1 lukem Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n", 170 1.1 lukem (int) uid, 0, 0 ); 171 1.1 lukem 172 1.1 lukem exit( EXIT_FAILURE ); 173 1.1 lukem } 174 1.1 lukem #endif 175 1.1 lukem } 176 1.1 lukem } 177 1.1 lukem 178 1.1 lukem #endif /* HAVE_PWD_H && HAVE_GRP_H */ 179
Indexes created Fri May 08 00:25:09 UTC 2026