kopia lustrzana https://github.com/FreeSpacenav/spacenavd
minor style changes in the dropsu branch.
probably will never be merged as it currently stands though.dropsu
John Tsiombikas
rodzic
3d369aaa7f
commit
1cf333777b
|
|
@ -51,8 +51,6 @@ static char *fix_path(char *str);
|
||||||
static char *cfgfile = DEF_CFGFILE;
|
static char *cfgfile = DEF_CFGFILE;
|
||||||
static char *logfile = DEF_LOGFILE;
|
static char *logfile = DEF_LOGFILE;
|
||||||
|
|
||||||
/* struct for privilege changes */
|
|
||||||
userid_struct userids;
|
|
||||||
|
|
||||||
int main(int argc, char **argv)
|
int main(int argc, char **argv)
|
||||||
{
|
{
|
||||||
|
|
@ -169,9 +167,9 @@ int main(int argc, char **argv)
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
userids->runas_daemon = become_daemon;
|
userids.runas_daemon = become_daemon;
|
||||||
userids->has_cmd_user = use_username;
|
userids.has_cmd_user = use_username;
|
||||||
userids->has_cmd_group = use_groupname;
|
userids.has_cmd_group = use_groupname;
|
||||||
|
|
||||||
test_initial_user_privileges();
|
test_initial_user_privileges();
|
||||||
|
|
||||||
|
|
|
||||||
182
src/userpriv.c
182
src/userpriv.c
|
|
@ -15,7 +15,6 @@ GNU General Public License for more details.
|
||||||
You should have received a copy of the GNU General Public License
|
You should have received a copy of the GNU General Public License
|
||||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
@ -25,142 +24,121 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
|
||||||
void set_initial_user_privileges(void)
|
void set_initial_user_privileges(void)
|
||||||
{
|
{
|
||||||
if(userids != NULL) {
|
/* get the effective uid and effective gid for the initial user
|
||||||
/* get the effective uid and effective gid for the initial user
|
* who started spnavd */
|
||||||
* who started spnavd */
|
userids.invoked_uid = geteuid();
|
||||||
userids->invoked_uid = geteuid();
|
userids.invoked_gid = getegid();
|
||||||
userids->invoked_gid = getegid();
|
|
||||||
|
|
||||||
/* set the "runas" effective uid and gid to an invalid startvalue */
|
/* set the "runas" effective uid and gid to an invalid startvalue */
|
||||||
userids->daemon_uid = -1;
|
userids.daemon_uid = -1;
|
||||||
userids->daemon_gid = -1;
|
userids.daemon_gid = -1;
|
||||||
|
|
||||||
/* default assumption: we can not change effective uid / gid */
|
/* default assumption: we can not change effective uid / gid */
|
||||||
userids->can_restore_uid = 0;
|
userids.can_restore_uid = 0;
|
||||||
userids->can_restore_gid = 0;
|
userids.can_restore_gid = 0;
|
||||||
|
|
||||||
userids->has_cmd_user = 0;
|
userids.has_cmd_user = 0;
|
||||||
userids->has_cmd_group = 0;
|
userids.has_cmd_group = 0;
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void test_initial_user_privileges(void)
|
void test_initial_user_privileges(void)
|
||||||
{
|
{
|
||||||
if(userids != NULL) {
|
/* default assumption: we can not change effective uid / gid */
|
||||||
/* default assumption: we can not change effective uid / gid */
|
userids.can_restore_uid = 0;
|
||||||
userids->can_restore_uid = 0;
|
userids.can_restore_gid = 0;
|
||||||
userids->can_restore_gid = 0;
|
|
||||||
|
|
||||||
/* check the effective uid change */
|
/* check the effective uid change */
|
||||||
if(userids->daemon_uid != -1) {
|
if(userids.daemon_uid != -1) {
|
||||||
if (userids->daemon_uid != userids->invoked_uid) {
|
if (userids.daemon_uid != userids.invoked_uid) {
|
||||||
/* only run, if daemon uid differ from invoked uid */
|
/* only run, if daemon uid differ from invoked uid */
|
||||||
if(seteuid(userids->daemon_uid) == 0)
|
if(seteuid(userids.daemon_uid) == 0)
|
||||||
{
|
{
|
||||||
/* succeded to get lower privileges
|
/* succeded to get lower privileges
|
||||||
* -> restore uid */
|
* -> restore uid */
|
||||||
if(seteuid(userids->invoked_uid) == 0)
|
if(seteuid(userids.invoked_uid) == 0)
|
||||||
{
|
{
|
||||||
userids->can_restore_uid = 1;
|
userids.can_restore_uid = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/* check the effective gid change */
|
/* check the effective gid change */
|
||||||
if(userids->daemon_gid != -1)
|
if(userids.daemon_gid != -1)
|
||||||
{
|
{
|
||||||
if (userids->daemon_gid != userids->invoked_gid) {
|
if (userids.daemon_gid != userids.invoked_gid) {
|
||||||
/* only run, if daemon gid differ from invoked gid */
|
/* only run, if daemon gid differ from invoked gid */
|
||||||
if(seteuid(userids->daemon_gid) == 0)
|
if(seteuid(userids.daemon_gid) == 0)
|
||||||
{
|
{
|
||||||
/* succeded to get lower privileges
|
/* succeded to get lower privileges
|
||||||
* -> restore uid */
|
* -> restore uid */
|
||||||
if(seteuid(userids->invoked_gid) == 0)
|
if(seteuid(userids.invoked_gid) == 0)
|
||||||
{
|
{
|
||||||
userids->can_restore_gid = 1;
|
userids.can_restore_gid = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int set_runas_uid(char *runas_lname)
|
int set_runas_uid(char *runas_lname)
|
||||||
{
|
{
|
||||||
struct passwd *userinfo;
|
struct passwd *userinfo;
|
||||||
userinfo = getpwnam(runas_lname);
|
|
||||||
|
|
||||||
if(userids == NULL || userinfo == NULL) {
|
if(!(userinfo = getpwnam(runas_lname))) {
|
||||||
/* error - but no distinction */
|
/* error - but no distinction */
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
}
|
||||||
/* set the uid */
|
/* set the uid */
|
||||||
userids->daemon_uid = userinfo->pw_uid;
|
userids.daemon_uid = userinfo->pw_uid;
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
int set_runas_gid(char *runas_gname)
|
int set_runas_gid(char *runas_gname)
|
||||||
{
|
{
|
||||||
struct group *groupinfo;
|
struct group *groupinfo;
|
||||||
groupinfo = getgrnam(runas_gname);
|
|
||||||
|
|
||||||
if(userids == NULL || groupinfo == NULL) {
|
if(!(groupinfo = getgrnam(runas_gname))) {
|
||||||
/* error - but no distinction */
|
/* error - but no distinction */
|
||||||
return 0;
|
return 0;
|
||||||
} else {
|
}
|
||||||
/* set the gid */
|
/* set the gid */
|
||||||
userids->daemon_gid = groupinfo->gr_gid;
|
userids.daemon_gid = groupinfo->gr_gid;
|
||||||
}
|
|
||||||
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
void start_daemon_privileges(void)
|
void start_daemon_privileges(void)
|
||||||
{
|
{
|
||||||
if(userids != NULL) {
|
if(userids.runas_daemon == 1) {
|
||||||
if (userids->runas_daemon == 1) {
|
if(userids.can_restore_uid) {
|
||||||
if(userids->can_restore_uid)
|
seteuid(userids.daemon_uid);
|
||||||
{
|
}
|
||||||
seteuid(userids->daemon_uid);
|
if(userids.can_restore_gid) {
|
||||||
}
|
setegid(userids.daemon_gid);
|
||||||
if(userids->can_restore_gid) {
|
}
|
||||||
setegid(userids->daemon_gid);
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
void stop_daemon_privileges(void)
|
void stop_daemon_privileges(void)
|
||||||
{
|
{
|
||||||
if(userids != NULL) {
|
if(userids.runas_daemon == 1) {
|
||||||
if (userids->runas_daemon == 1) {
|
if(userids.can_restore_uid) {
|
||||||
if(userids->can_restore_uid) {
|
seteuid(userids.invoked_uid);
|
||||||
seteuid(userids->invoked_uid);
|
}
|
||||||
}
|
if(userids.can_restore_gid) {
|
||||||
if(userids->can_restore_gid) {
|
setegid(userids.invoked_gid);
|
||||||
setegid(userids->invoked_gid);
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int user_set_by_cmdline(void)
|
int user_set_by_cmdline(void)
|
||||||
{
|
{
|
||||||
if(userids != NULL) {
|
return userids.has_cmd_user;
|
||||||
return userids->has_cmd_user;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
int group_set_by_cmdline(void)
|
int group_set_by_cmdline(void)
|
||||||
{
|
{
|
||||||
if(userids != NULL) {
|
return userids.has_cmd_group;
|
||||||
return userids->has_cmd_group;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -22,19 +22,19 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
/* struct for user id's */
|
/* struct for user id's */
|
||||||
typedef struct {
|
struct userpriv {
|
||||||
uid_t daemon_uid; /* the uid for the daemon */
|
uid_t daemon_uid; /* the uid for the daemon */
|
||||||
gid_t daemon_gid; /* the gid for the daemon */
|
gid_t daemon_gid; /* the gid for the daemon */
|
||||||
uid_t invoked_uid; /* spnavd was started with this uid (0-no / 1-yes) */
|
uid_t invoked_uid; /* spnavd was started with this uid */
|
||||||
gid_t invoked_gid; /* spnavd was started with this gid (0-no / 1-yes) */
|
gid_t invoked_gid; /* spnavd was started with this gid */
|
||||||
int can_restore_uid; /* spnavd can restore the invoked uid (0-no / 1-yes) */
|
int can_restore_uid; /* spnavd can restore the invoked uid */
|
||||||
int can_restore_gid; /* spnavd can restore the invoked gid (0-no / 1-yes) */
|
int can_restore_gid; /* spnavd can restore the invoked gid */
|
||||||
int runas_daemon; /* flag for running in daemonmode (0-no / 1-yes) */
|
int runas_daemon; /* flag for running in daemonmode */
|
||||||
int has_cmd_user; /* spnavd started with -u (0-no / 1-yes) */
|
int has_cmd_user; /* spnavd started with -u */
|
||||||
int has_cmd_group; /* spnavd started with -g (0-no / 1-yes) */
|
int has_cmd_group; /* spnavd started with -g */
|
||||||
} userid_struct;
|
};
|
||||||
|
|
||||||
extern userid_struct *userids;
|
struct userpriv userids;
|
||||||
|
|
||||||
void set_initial_user_privileges(void);
|
void set_initial_user_privileges(void);
|
||||||
void test_initial_user_privileges(void);
|
void test_initial_user_privileges(void);
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue