mirror
/
spacenavd
kopia lustrzana https://github.com/FreeSpacenav/spacenavd
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

minor style changes in the dropsu branch. 

probably will never be merged as it currently stands though.
dropsu
John Tsiombikas 2022-01-29 09:50:20 +02:00
rodzic 3d369aaa7f
commit 1cf333777b
3 zmienionych plików z 95 dodań i 119 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

8
src/spnavd.c
Wyświetl plik

@ -51,8 +51,6 @@ static char *fix_path(char *str);
static char *cfgfile = DEF_CFGFILE;
static char *logfile = DEF_LOGFILE;
/* struct for privilege changes */
userid_struct userids;
int main(int argc, char **argv)
{
@ -169,9 +167,9 @@ int main(int argc, char **argv)
return 1;
}
userids->runas_daemon = become_daemon;
userids->has_cmd_user = use_username;
userids->has_cmd_group = use_groupname;
userids.runas_daemon = become_daemon;
userids.has_cmd_user = use_username;
userids.has_cmd_group = use_groupname;
test_initial_user_privileges();

182
src/userpriv.c
Wyświetl plik

@ -15,7 +15,6 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
@ -25,142 +24,121 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
void set_initial_user_privileges(void)
{
if(userids != NULL) {
/* get the effective uid and effective gid for the initial user
* who started spnavd */
userids->invoked_uid = geteuid();
userids->invoked_gid = getegid();
/* get the effective uid and effective gid for the initial user
* who started spnavd */
userids.invoked_uid = geteuid();
userids.invoked_gid = getegid();
/* set the "runas" effective uid and gid to an invalid startvalue */
userids->daemon_uid = -1;
userids->daemon_gid = -1;
/* set the "runas" effective uid and gid to an invalid startvalue */
userids.daemon_uid = -1;
userids.daemon_gid = -1;
/* default assumption: we can not change effective uid / gid */
userids->can_restore_uid = 0;
userids->can_restore_gid = 0;
/* default assumption: we can not change effective uid / gid */
userids.can_restore_uid = 0;
userids.can_restore_gid = 0;
userids->has_cmd_user = 0;
userids->has_cmd_group = 0;
}
userids.has_cmd_user = 0;
userids.has_cmd_group = 0;
}
void test_initial_user_privileges(void)
{
if(userids != NULL) {
/* default assumption: we can not change effective uid / gid */
userids->can_restore_uid = 0;
userids->can_restore_gid = 0;
/* default assumption: we can not change effective uid / gid */
userids.can_restore_uid = 0;
userids.can_restore_gid = 0;
/* check the effective uid change */
if(userids->daemon_uid != -1) {
if (userids->daemon_uid != userids->invoked_uid) {
/* only run, if daemon uid differ from invoked uid */
if(seteuid(userids->daemon_uid) == 0)
{
/* succeded to get lower privileges
* -> restore uid */
if(seteuid(userids->invoked_uid) == 0)
{
userids->can_restore_uid = 1;
}
}
}
}
/* check the effective uid change */
if(userids.daemon_uid != -1) {
if (userids.daemon_uid != userids.invoked_uid) {
/* only run, if daemon uid differ from invoked uid */
if(seteuid(userids.daemon_uid) == 0)
{
/* succeded to get lower privileges
* -> restore uid */
if(seteuid(userids.invoked_uid) == 0)
{
userids.can_restore_uid = 1;
}
}
}
}
/* check the effective gid change */
if(userids->daemon_gid != -1)
{
if (userids->daemon_gid != userids->invoked_gid) {
/* only run, if daemon gid differ from invoked gid */
if(seteuid(userids->daemon_gid) == 0)
{
/* succeded to get lower privileges
* -> restore uid */
if(seteuid(userids->invoked_gid) == 0)
{
userids->can_restore_gid = 1;
}
}
}
}
}
/* check the effective gid change */
if(userids.daemon_gid != -1)
{
if (userids.daemon_gid != userids.invoked_gid) {
/* only run, if daemon gid differ from invoked gid */
if(seteuid(userids.daemon_gid) == 0)
{
/* succeded to get lower privileges
* -> restore uid */
if(seteuid(userids.invoked_gid) == 0)
{
userids.can_restore_gid = 1;
}
}
}
}
}
int set_runas_uid(char *runas_lname)
{
struct passwd *userinfo;
userinfo = getpwnam(runas_lname);
struct passwd *userinfo;
if(userids == NULL || userinfo == NULL) {
/* error - but no distinction */
return 0;
} else {
/* set the uid */
userids->daemon_uid = userinfo->pw_uid;
}
if(!(userinfo = getpwnam(runas_lname))) {
/* error - but no distinction */
return 0;
}
/* set the uid */
userids.daemon_uid = userinfo->pw_uid;
return 1;
return 1;
}
int set_runas_gid(char *runas_gname)
{
struct group *groupinfo;
groupinfo = getgrnam(runas_gname);
struct group *groupinfo;
if(userids == NULL || groupinfo == NULL) {
/* error - but no distinction */
return 0;
} else {
/* set the gid */
userids->daemon_gid = groupinfo->gr_gid;
}
if(!(groupinfo = getgrnam(runas_gname))) {
/* error - but no distinction */
return 0;
}
/* set the gid */
userids.daemon_gid = groupinfo->gr_gid;
return 1;
return 1;
}
void start_daemon_privileges(void)
{
if(userids != NULL) {
if (userids->runas_daemon == 1) {
if(userids->can_restore_uid)
{
seteuid(userids->daemon_uid);
}
if(userids->can_restore_gid) {
setegid(userids->daemon_gid);
}
}
}
if(userids.runas_daemon == 1) {
if(userids.can_restore_uid) {
seteuid(userids.daemon_uid);
}
if(userids.can_restore_gid) {
setegid(userids.daemon_gid);
}
}
}
void stop_daemon_privileges(void)
{
if(userids != NULL) {
if (userids->runas_daemon == 1) {
if(userids->can_restore_uid) {
seteuid(userids->invoked_uid);
}
if(userids->can_restore_gid) {
setegid(userids->invoked_gid);
}
}
}
if(userids.runas_daemon == 1) {
if(userids.can_restore_uid) {
seteuid(userids.invoked_uid);
}
if(userids.can_restore_gid) {
setegid(userids.invoked_gid);
}
}
}
int user_set_by_cmdline(void)
{
if(userids != NULL) {
return userids->has_cmd_user;
}
return 0;
return userids.has_cmd_user;
}
int group_set_by_cmdline(void)
{
if(userids != NULL) {
return userids->has_cmd_group;
}
return 0;
return userids.has_cmd_group;
}

24
src/userpriv.h
Wyświetl plik

@ -22,19 +22,19 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
#include <sys/types.h>
/* struct for user id's */
typedef struct {
uid_t daemon_uid; /* the uid for the daemon */
gid_t daemon_gid; /* the gid for the daemon */
uid_t invoked_uid; /* spnavd was started with this uid (0-no / 1-yes) */
gid_t invoked_gid; /* spnavd was started with this gid (0-no / 1-yes) */
int can_restore_uid; /* spnavd can restore the invoked uid (0-no / 1-yes) */
int can_restore_gid; /* spnavd can restore the invoked gid (0-no / 1-yes) */
int runas_daemon; /* flag for running in daemonmode (0-no / 1-yes) */
int has_cmd_user; /* spnavd started with -u (0-no / 1-yes) */
int has_cmd_group; /* spnavd started with -g (0-no / 1-yes) */
} userid_struct;
struct userpriv {
uid_t daemon_uid; /* the uid for the daemon */
gid_t daemon_gid; /* the gid for the daemon */
uid_t invoked_uid; /* spnavd was started with this uid */
gid_t invoked_gid; /* spnavd was started with this gid */
int can_restore_uid; /* spnavd can restore the invoked uid */
int can_restore_gid; /* spnavd can restore the invoked gid */
int runas_daemon; /* flag for running in daemonmode */
int has_cmd_user; /* spnavd started with -u */
int has_cmd_group; /* spnavd started with -g */
};
extern userid_struct *userids;
struct userpriv userids;
void set_initial_user_privileges(void);
void test_initial_user_privileges(void);