From 1cf333777b38c677aa08c8aeeac2871c387840ec Mon Sep 17 00:00:00 2001 From: John Tsiombikas Date: Sat, 29 Jan 2022 09:50:20 +0200 Subject: [PATCH] minor style changes in the dropsu branch. probably will never be merged as it currently stands though. --- src/spnavd.c | 8 +-- src/userpriv.c | 182 ++++++++++++++++++++++--------------------------- src/userpriv.h | 24 +++---- 3 files changed, 95 insertions(+), 119 deletions(-) diff --git a/src/spnavd.c b/src/spnavd.c index 4f872fb..5069533 100644 --- a/src/spnavd.c +++ b/src/spnavd.c @@ -51,8 +51,6 @@ static char *fix_path(char *str); static char *cfgfile = DEF_CFGFILE; static char *logfile = DEF_LOGFILE; -/* struct for privilege changes */ -userid_struct userids; int main(int argc, char **argv) { @@ -169,9 +167,9 @@ int main(int argc, char **argv) return 1; } - userids->runas_daemon = become_daemon; - userids->has_cmd_user = use_username; - userids->has_cmd_group = use_groupname; + userids.runas_daemon = become_daemon; + userids.has_cmd_user = use_username; + userids.has_cmd_group = use_groupname; test_initial_user_privileges(); diff --git a/src/userpriv.c b/src/userpriv.c index f5aa462..ac69d81 100644 --- a/src/userpriv.c +++ b/src/userpriv.c @@ -15,7 +15,6 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . */ - #include #include #include @@ -25,142 +24,121 @@ along with this program. If not, see . void set_initial_user_privileges(void) { - if(userids != NULL) { - /* get the effective uid and effective gid for the initial user - * who started spnavd */ - userids->invoked_uid = geteuid(); - userids->invoked_gid = getegid(); + /* get the effective uid and effective gid for the initial user + * who started spnavd */ + userids.invoked_uid = geteuid(); + userids.invoked_gid = getegid(); - /* set the "runas" effective uid and gid to an invalid startvalue */ - userids->daemon_uid = -1; - userids->daemon_gid = -1; + /* set the "runas" effective uid and gid to an invalid startvalue */ + userids.daemon_uid = -1; + userids.daemon_gid = -1; - /* default assumption: we can not change effective uid / gid */ - userids->can_restore_uid = 0; - userids->can_restore_gid = 0; + /* default assumption: we can not change effective uid / gid */ + userids.can_restore_uid = 0; + userids.can_restore_gid = 0; - userids->has_cmd_user = 0; - userids->has_cmd_group = 0; - } + userids.has_cmd_user = 0; + userids.has_cmd_group = 0; } void test_initial_user_privileges(void) { - if(userids != NULL) { - /* default assumption: we can not change effective uid / gid */ - userids->can_restore_uid = 0; - userids->can_restore_gid = 0; + /* default assumption: we can not change effective uid / gid */ + userids.can_restore_uid = 0; + userids.can_restore_gid = 0; - /* check the effective uid change */ - if(userids->daemon_uid != -1) { - if (userids->daemon_uid != userids->invoked_uid) { - /* only run, if daemon uid differ from invoked uid */ - if(seteuid(userids->daemon_uid) == 0) - { - /* succeded to get lower privileges - * -> restore uid */ - if(seteuid(userids->invoked_uid) == 0) - { - userids->can_restore_uid = 1; - } - } - } - } + /* check the effective uid change */ + if(userids.daemon_uid != -1) { + if (userids.daemon_uid != userids.invoked_uid) { + /* only run, if daemon uid differ from invoked uid */ + if(seteuid(userids.daemon_uid) == 0) + { + /* succeded to get lower privileges + * -> restore uid */ + if(seteuid(userids.invoked_uid) == 0) + { + userids.can_restore_uid = 1; + } + } + } + } - /* check the effective gid change */ - if(userids->daemon_gid != -1) - { - if (userids->daemon_gid != userids->invoked_gid) { - /* only run, if daemon gid differ from invoked gid */ - if(seteuid(userids->daemon_gid) == 0) - { - /* succeded to get lower privileges - * -> restore uid */ - if(seteuid(userids->invoked_gid) == 0) - { - userids->can_restore_gid = 1; - } - } - } - } - } + /* check the effective gid change */ + if(userids.daemon_gid != -1) + { + if (userids.daemon_gid != userids.invoked_gid) { + /* only run, if daemon gid differ from invoked gid */ + if(seteuid(userids.daemon_gid) == 0) + { + /* succeded to get lower privileges + * -> restore uid */ + if(seteuid(userids.invoked_gid) == 0) + { + userids.can_restore_gid = 1; + } + } + } + } } int set_runas_uid(char *runas_lname) { - struct passwd *userinfo; - userinfo = getpwnam(runas_lname); + struct passwd *userinfo; - if(userids == NULL || userinfo == NULL) { - /* error - but no distinction */ - return 0; - } else { - /* set the uid */ - userids->daemon_uid = userinfo->pw_uid; - } + if(!(userinfo = getpwnam(runas_lname))) { + /* error - but no distinction */ + return 0; + } + /* set the uid */ + userids.daemon_uid = userinfo->pw_uid; - return 1; + return 1; } int set_runas_gid(char *runas_gname) { - struct group *groupinfo; - groupinfo = getgrnam(runas_gname); + struct group *groupinfo; - if(userids == NULL || groupinfo == NULL) { - /* error - but no distinction */ - return 0; - } else { - /* set the gid */ - userids->daemon_gid = groupinfo->gr_gid; - } + if(!(groupinfo = getgrnam(runas_gname))) { + /* error - but no distinction */ + return 0; + } + /* set the gid */ + userids.daemon_gid = groupinfo->gr_gid; - return 1; + return 1; } void start_daemon_privileges(void) { - if(userids != NULL) { - if (userids->runas_daemon == 1) { - if(userids->can_restore_uid) - { - seteuid(userids->daemon_uid); - } - if(userids->can_restore_gid) { - setegid(userids->daemon_gid); - } - } - } + if(userids.runas_daemon == 1) { + if(userids.can_restore_uid) { + seteuid(userids.daemon_uid); + } + if(userids.can_restore_gid) { + setegid(userids.daemon_gid); + } + } } void stop_daemon_privileges(void) { - if(userids != NULL) { - if (userids->runas_daemon == 1) { - if(userids->can_restore_uid) { - seteuid(userids->invoked_uid); - } - if(userids->can_restore_gid) { - setegid(userids->invoked_gid); - } - } - } + if(userids.runas_daemon == 1) { + if(userids.can_restore_uid) { + seteuid(userids.invoked_uid); + } + if(userids.can_restore_gid) { + setegid(userids.invoked_gid); + } + } } int user_set_by_cmdline(void) { - if(userids != NULL) { - return userids->has_cmd_user; - } - - return 0; + return userids.has_cmd_user; } int group_set_by_cmdline(void) { - if(userids != NULL) { - return userids->has_cmd_group; - } - - return 0; + return userids.has_cmd_group; } diff --git a/src/userpriv.h b/src/userpriv.h index cec56fc..551fa00 100644 --- a/src/userpriv.h +++ b/src/userpriv.h @@ -22,19 +22,19 @@ along with this program. If not, see . #include /* struct for user id's */ -typedef struct { - uid_t daemon_uid; /* the uid for the daemon */ - gid_t daemon_gid; /* the gid for the daemon */ - uid_t invoked_uid; /* spnavd was started with this uid (0-no / 1-yes) */ - gid_t invoked_gid; /* spnavd was started with this gid (0-no / 1-yes) */ - int can_restore_uid; /* spnavd can restore the invoked uid (0-no / 1-yes) */ - int can_restore_gid; /* spnavd can restore the invoked gid (0-no / 1-yes) */ - int runas_daemon; /* flag for running in daemonmode (0-no / 1-yes) */ - int has_cmd_user; /* spnavd started with -u (0-no / 1-yes) */ - int has_cmd_group; /* spnavd started with -g (0-no / 1-yes) */ -} userid_struct; +struct userpriv { + uid_t daemon_uid; /* the uid for the daemon */ + gid_t daemon_gid; /* the gid for the daemon */ + uid_t invoked_uid; /* spnavd was started with this uid */ + gid_t invoked_gid; /* spnavd was started with this gid */ + int can_restore_uid; /* spnavd can restore the invoked uid */ + int can_restore_gid; /* spnavd can restore the invoked gid */ + int runas_daemon; /* flag for running in daemonmode */ + int has_cmd_user; /* spnavd started with -u */ + int has_cmd_group; /* spnavd started with -g */ +}; -extern userid_struct *userids; +struct userpriv userids; void set_initial_user_privileges(void); void test_initial_user_privileges(void);