diff --git a/src/spnavd.c b/src/spnavd.c
index 4f872fb..5069533 100644
--- a/src/spnavd.c
+++ b/src/spnavd.c
@@ -51,8 +51,6 @@ static char *fix_path(char *str);
static char *cfgfile = DEF_CFGFILE;
static char *logfile = DEF_LOGFILE;
-/* struct for privilege changes */
-userid_struct userids;
int main(int argc, char **argv)
{
@@ -169,9 +167,9 @@ int main(int argc, char **argv)
return 1;
}
- userids->runas_daemon = become_daemon;
- userids->has_cmd_user = use_username;
- userids->has_cmd_group = use_groupname;
+ userids.runas_daemon = become_daemon;
+ userids.has_cmd_user = use_username;
+ userids.has_cmd_group = use_groupname;
test_initial_user_privileges();
diff --git a/src/userpriv.c b/src/userpriv.c
index f5aa462..ac69d81 100644
--- a/src/userpriv.c
+++ b/src/userpriv.c
@@ -15,7 +15,6 @@ GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
-
#include
#include
#include
@@ -25,142 +24,121 @@ along with this program. If not, see .
void set_initial_user_privileges(void)
{
- if(userids != NULL) {
- /* get the effective uid and effective gid for the initial user
- * who started spnavd */
- userids->invoked_uid = geteuid();
- userids->invoked_gid = getegid();
+ /* get the effective uid and effective gid for the initial user
+ * who started spnavd */
+ userids.invoked_uid = geteuid();
+ userids.invoked_gid = getegid();
- /* set the "runas" effective uid and gid to an invalid startvalue */
- userids->daemon_uid = -1;
- userids->daemon_gid = -1;
+ /* set the "runas" effective uid and gid to an invalid startvalue */
+ userids.daemon_uid = -1;
+ userids.daemon_gid = -1;
- /* default assumption: we can not change effective uid / gid */
- userids->can_restore_uid = 0;
- userids->can_restore_gid = 0;
+ /* default assumption: we can not change effective uid / gid */
+ userids.can_restore_uid = 0;
+ userids.can_restore_gid = 0;
- userids->has_cmd_user = 0;
- userids->has_cmd_group = 0;
- }
+ userids.has_cmd_user = 0;
+ userids.has_cmd_group = 0;
}
void test_initial_user_privileges(void)
{
- if(userids != NULL) {
- /* default assumption: we can not change effective uid / gid */
- userids->can_restore_uid = 0;
- userids->can_restore_gid = 0;
+ /* default assumption: we can not change effective uid / gid */
+ userids.can_restore_uid = 0;
+ userids.can_restore_gid = 0;
- /* check the effective uid change */
- if(userids->daemon_uid != -1) {
- if (userids->daemon_uid != userids->invoked_uid) {
- /* only run, if daemon uid differ from invoked uid */
- if(seteuid(userids->daemon_uid) == 0)
- {
- /* succeded to get lower privileges
- * -> restore uid */
- if(seteuid(userids->invoked_uid) == 0)
- {
- userids->can_restore_uid = 1;
- }
- }
- }
- }
+ /* check the effective uid change */
+ if(userids.daemon_uid != -1) {
+ if (userids.daemon_uid != userids.invoked_uid) {
+ /* only run, if daemon uid differ from invoked uid */
+ if(seteuid(userids.daemon_uid) == 0)
+ {
+ /* succeded to get lower privileges
+ * -> restore uid */
+ if(seteuid(userids.invoked_uid) == 0)
+ {
+ userids.can_restore_uid = 1;
+ }
+ }
+ }
+ }
- /* check the effective gid change */
- if(userids->daemon_gid != -1)
- {
- if (userids->daemon_gid != userids->invoked_gid) {
- /* only run, if daemon gid differ from invoked gid */
- if(seteuid(userids->daemon_gid) == 0)
- {
- /* succeded to get lower privileges
- * -> restore uid */
- if(seteuid(userids->invoked_gid) == 0)
- {
- userids->can_restore_gid = 1;
- }
- }
- }
- }
- }
+ /* check the effective gid change */
+ if(userids.daemon_gid != -1)
+ {
+ if (userids.daemon_gid != userids.invoked_gid) {
+ /* only run, if daemon gid differ from invoked gid */
+ if(seteuid(userids.daemon_gid) == 0)
+ {
+ /* succeded to get lower privileges
+ * -> restore uid */
+ if(seteuid(userids.invoked_gid) == 0)
+ {
+ userids.can_restore_gid = 1;
+ }
+ }
+ }
+ }
}
int set_runas_uid(char *runas_lname)
{
- struct passwd *userinfo;
- userinfo = getpwnam(runas_lname);
+ struct passwd *userinfo;
- if(userids == NULL || userinfo == NULL) {
- /* error - but no distinction */
- return 0;
- } else {
- /* set the uid */
- userids->daemon_uid = userinfo->pw_uid;
- }
+ if(!(userinfo = getpwnam(runas_lname))) {
+ /* error - but no distinction */
+ return 0;
+ }
+ /* set the uid */
+ userids.daemon_uid = userinfo->pw_uid;
- return 1;
+ return 1;
}
int set_runas_gid(char *runas_gname)
{
- struct group *groupinfo;
- groupinfo = getgrnam(runas_gname);
+ struct group *groupinfo;
- if(userids == NULL || groupinfo == NULL) {
- /* error - but no distinction */
- return 0;
- } else {
- /* set the gid */
- userids->daemon_gid = groupinfo->gr_gid;
- }
+ if(!(groupinfo = getgrnam(runas_gname))) {
+ /* error - but no distinction */
+ return 0;
+ }
+ /* set the gid */
+ userids.daemon_gid = groupinfo->gr_gid;
- return 1;
+ return 1;
}
void start_daemon_privileges(void)
{
- if(userids != NULL) {
- if (userids->runas_daemon == 1) {
- if(userids->can_restore_uid)
- {
- seteuid(userids->daemon_uid);
- }
- if(userids->can_restore_gid) {
- setegid(userids->daemon_gid);
- }
- }
- }
+ if(userids.runas_daemon == 1) {
+ if(userids.can_restore_uid) {
+ seteuid(userids.daemon_uid);
+ }
+ if(userids.can_restore_gid) {
+ setegid(userids.daemon_gid);
+ }
+ }
}
void stop_daemon_privileges(void)
{
- if(userids != NULL) {
- if (userids->runas_daemon == 1) {
- if(userids->can_restore_uid) {
- seteuid(userids->invoked_uid);
- }
- if(userids->can_restore_gid) {
- setegid(userids->invoked_gid);
- }
- }
- }
+ if(userids.runas_daemon == 1) {
+ if(userids.can_restore_uid) {
+ seteuid(userids.invoked_uid);
+ }
+ if(userids.can_restore_gid) {
+ setegid(userids.invoked_gid);
+ }
+ }
}
int user_set_by_cmdline(void)
{
- if(userids != NULL) {
- return userids->has_cmd_user;
- }
-
- return 0;
+ return userids.has_cmd_user;
}
int group_set_by_cmdline(void)
{
- if(userids != NULL) {
- return userids->has_cmd_group;
- }
-
- return 0;
+ return userids.has_cmd_group;
}
diff --git a/src/userpriv.h b/src/userpriv.h
index cec56fc..551fa00 100644
--- a/src/userpriv.h
+++ b/src/userpriv.h
@@ -22,19 +22,19 @@ along with this program. If not, see .
#include
/* struct for user id's */
-typedef struct {
- uid_t daemon_uid; /* the uid for the daemon */
- gid_t daemon_gid; /* the gid for the daemon */
- uid_t invoked_uid; /* spnavd was started with this uid (0-no / 1-yes) */
- gid_t invoked_gid; /* spnavd was started with this gid (0-no / 1-yes) */
- int can_restore_uid; /* spnavd can restore the invoked uid (0-no / 1-yes) */
- int can_restore_gid; /* spnavd can restore the invoked gid (0-no / 1-yes) */
- int runas_daemon; /* flag for running in daemonmode (0-no / 1-yes) */
- int has_cmd_user; /* spnavd started with -u (0-no / 1-yes) */
- int has_cmd_group; /* spnavd started with -g (0-no / 1-yes) */
-} userid_struct;
+struct userpriv {
+ uid_t daemon_uid; /* the uid for the daemon */
+ gid_t daemon_gid; /* the gid for the daemon */
+ uid_t invoked_uid; /* spnavd was started with this uid */
+ gid_t invoked_gid; /* spnavd was started with this gid */
+ int can_restore_uid; /* spnavd can restore the invoked uid */
+ int can_restore_gid; /* spnavd can restore the invoked gid */
+ int runas_daemon; /* flag for running in daemonmode */
+ int has_cmd_user; /* spnavd started with -u */
+ int has_cmd_group; /* spnavd started with -g */
+};
-extern userid_struct *userids;
+struct userpriv userids;
void set_initial_user_privileges(void);
void test_initial_user_privileges(void);