kopia lustrzana https://github.com/FreeSpacenav/spacenavd
minor style changes in the dropsu branch.
probably will never be merged as it currently stands though.dropsu
rodzic
3d369aaa7f
commit
1cf333777b
|
@ -51,8 +51,6 @@ static char *fix_path(char *str);
|
|||
static char *cfgfile = DEF_CFGFILE;
|
||||
static char *logfile = DEF_LOGFILE;
|
||||
|
||||
/* struct for privilege changes */
|
||||
userid_struct userids;
|
||||
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
|
@ -169,9 +167,9 @@ int main(int argc, char **argv)
|
|||
return 1;
|
||||
}
|
||||
|
||||
userids->runas_daemon = become_daemon;
|
||||
userids->has_cmd_user = use_username;
|
||||
userids->has_cmd_group = use_groupname;
|
||||
userids.runas_daemon = become_daemon;
|
||||
userids.has_cmd_user = use_username;
|
||||
userids.has_cmd_group = use_groupname;
|
||||
|
||||
test_initial_user_privileges();
|
||||
|
||||
|
|
182
src/userpriv.c
182
src/userpriv.c
|
@ -15,7 +15,6 @@ GNU General Public License for more details.
|
|||
You should have received a copy of the GNU General Public License
|
||||
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
#include <unistd.h>
|
||||
|
@ -25,142 +24,121 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
|
||||
void set_initial_user_privileges(void)
|
||||
{
|
||||
if(userids != NULL) {
|
||||
/* get the effective uid and effective gid for the initial user
|
||||
* who started spnavd */
|
||||
userids->invoked_uid = geteuid();
|
||||
userids->invoked_gid = getegid();
|
||||
/* get the effective uid and effective gid for the initial user
|
||||
* who started spnavd */
|
||||
userids.invoked_uid = geteuid();
|
||||
userids.invoked_gid = getegid();
|
||||
|
||||
/* set the "runas" effective uid and gid to an invalid startvalue */
|
||||
userids->daemon_uid = -1;
|
||||
userids->daemon_gid = -1;
|
||||
/* set the "runas" effective uid and gid to an invalid startvalue */
|
||||
userids.daemon_uid = -1;
|
||||
userids.daemon_gid = -1;
|
||||
|
||||
/* default assumption: we can not change effective uid / gid */
|
||||
userids->can_restore_uid = 0;
|
||||
userids->can_restore_gid = 0;
|
||||
/* default assumption: we can not change effective uid / gid */
|
||||
userids.can_restore_uid = 0;
|
||||
userids.can_restore_gid = 0;
|
||||
|
||||
userids->has_cmd_user = 0;
|
||||
userids->has_cmd_group = 0;
|
||||
}
|
||||
userids.has_cmd_user = 0;
|
||||
userids.has_cmd_group = 0;
|
||||
}
|
||||
|
||||
void test_initial_user_privileges(void)
|
||||
{
|
||||
if(userids != NULL) {
|
||||
/* default assumption: we can not change effective uid / gid */
|
||||
userids->can_restore_uid = 0;
|
||||
userids->can_restore_gid = 0;
|
||||
/* default assumption: we can not change effective uid / gid */
|
||||
userids.can_restore_uid = 0;
|
||||
userids.can_restore_gid = 0;
|
||||
|
||||
/* check the effective uid change */
|
||||
if(userids->daemon_uid != -1) {
|
||||
if (userids->daemon_uid != userids->invoked_uid) {
|
||||
/* only run, if daemon uid differ from invoked uid */
|
||||
if(seteuid(userids->daemon_uid) == 0)
|
||||
{
|
||||
/* succeded to get lower privileges
|
||||
* -> restore uid */
|
||||
if(seteuid(userids->invoked_uid) == 0)
|
||||
{
|
||||
userids->can_restore_uid = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
/* check the effective uid change */
|
||||
if(userids.daemon_uid != -1) {
|
||||
if (userids.daemon_uid != userids.invoked_uid) {
|
||||
/* only run, if daemon uid differ from invoked uid */
|
||||
if(seteuid(userids.daemon_uid) == 0)
|
||||
{
|
||||
/* succeded to get lower privileges
|
||||
* -> restore uid */
|
||||
if(seteuid(userids.invoked_uid) == 0)
|
||||
{
|
||||
userids.can_restore_uid = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* check the effective gid change */
|
||||
if(userids->daemon_gid != -1)
|
||||
{
|
||||
if (userids->daemon_gid != userids->invoked_gid) {
|
||||
/* only run, if daemon gid differ from invoked gid */
|
||||
if(seteuid(userids->daemon_gid) == 0)
|
||||
{
|
||||
/* succeded to get lower privileges
|
||||
* -> restore uid */
|
||||
if(seteuid(userids->invoked_gid) == 0)
|
||||
{
|
||||
userids->can_restore_gid = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
/* check the effective gid change */
|
||||
if(userids.daemon_gid != -1)
|
||||
{
|
||||
if (userids.daemon_gid != userids.invoked_gid) {
|
||||
/* only run, if daemon gid differ from invoked gid */
|
||||
if(seteuid(userids.daemon_gid) == 0)
|
||||
{
|
||||
/* succeded to get lower privileges
|
||||
* -> restore uid */
|
||||
if(seteuid(userids.invoked_gid) == 0)
|
||||
{
|
||||
userids.can_restore_gid = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int set_runas_uid(char *runas_lname)
|
||||
{
|
||||
struct passwd *userinfo;
|
||||
userinfo = getpwnam(runas_lname);
|
||||
struct passwd *userinfo;
|
||||
|
||||
if(userids == NULL || userinfo == NULL) {
|
||||
/* error - but no distinction */
|
||||
return 0;
|
||||
} else {
|
||||
/* set the uid */
|
||||
userids->daemon_uid = userinfo->pw_uid;
|
||||
}
|
||||
if(!(userinfo = getpwnam(runas_lname))) {
|
||||
/* error - but no distinction */
|
||||
return 0;
|
||||
}
|
||||
/* set the uid */
|
||||
userids.daemon_uid = userinfo->pw_uid;
|
||||
|
||||
return 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
int set_runas_gid(char *runas_gname)
|
||||
{
|
||||
struct group *groupinfo;
|
||||
groupinfo = getgrnam(runas_gname);
|
||||
struct group *groupinfo;
|
||||
|
||||
if(userids == NULL || groupinfo == NULL) {
|
||||
/* error - but no distinction */
|
||||
return 0;
|
||||
} else {
|
||||
/* set the gid */
|
||||
userids->daemon_gid = groupinfo->gr_gid;
|
||||
}
|
||||
if(!(groupinfo = getgrnam(runas_gname))) {
|
||||
/* error - but no distinction */
|
||||
return 0;
|
||||
}
|
||||
/* set the gid */
|
||||
userids.daemon_gid = groupinfo->gr_gid;
|
||||
|
||||
return 1;
|
||||
return 1;
|
||||
}
|
||||
|
||||
void start_daemon_privileges(void)
|
||||
{
|
||||
if(userids != NULL) {
|
||||
if (userids->runas_daemon == 1) {
|
||||
if(userids->can_restore_uid)
|
||||
{
|
||||
seteuid(userids->daemon_uid);
|
||||
}
|
||||
if(userids->can_restore_gid) {
|
||||
setegid(userids->daemon_gid);
|
||||
}
|
||||
}
|
||||
}
|
||||
if(userids.runas_daemon == 1) {
|
||||
if(userids.can_restore_uid) {
|
||||
seteuid(userids.daemon_uid);
|
||||
}
|
||||
if(userids.can_restore_gid) {
|
||||
setegid(userids.daemon_gid);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void stop_daemon_privileges(void)
|
||||
{
|
||||
if(userids != NULL) {
|
||||
if (userids->runas_daemon == 1) {
|
||||
if(userids->can_restore_uid) {
|
||||
seteuid(userids->invoked_uid);
|
||||
}
|
||||
if(userids->can_restore_gid) {
|
||||
setegid(userids->invoked_gid);
|
||||
}
|
||||
}
|
||||
}
|
||||
if(userids.runas_daemon == 1) {
|
||||
if(userids.can_restore_uid) {
|
||||
seteuid(userids.invoked_uid);
|
||||
}
|
||||
if(userids.can_restore_gid) {
|
||||
setegid(userids.invoked_gid);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int user_set_by_cmdline(void)
|
||||
{
|
||||
if(userids != NULL) {
|
||||
return userids->has_cmd_user;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return userids.has_cmd_user;
|
||||
}
|
||||
|
||||
int group_set_by_cmdline(void)
|
||||
{
|
||||
if(userids != NULL) {
|
||||
return userids->has_cmd_group;
|
||||
}
|
||||
|
||||
return 0;
|
||||
return userids.has_cmd_group;
|
||||
}
|
||||
|
|
|
@ -22,19 +22,19 @@ along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|||
#include <sys/types.h>
|
||||
|
||||
/* struct for user id's */
|
||||
typedef struct {
|
||||
uid_t daemon_uid; /* the uid for the daemon */
|
||||
gid_t daemon_gid; /* the gid for the daemon */
|
||||
uid_t invoked_uid; /* spnavd was started with this uid (0-no / 1-yes) */
|
||||
gid_t invoked_gid; /* spnavd was started with this gid (0-no / 1-yes) */
|
||||
int can_restore_uid; /* spnavd can restore the invoked uid (0-no / 1-yes) */
|
||||
int can_restore_gid; /* spnavd can restore the invoked gid (0-no / 1-yes) */
|
||||
int runas_daemon; /* flag for running in daemonmode (0-no / 1-yes) */
|
||||
int has_cmd_user; /* spnavd started with -u (0-no / 1-yes) */
|
||||
int has_cmd_group; /* spnavd started with -g (0-no / 1-yes) */
|
||||
} userid_struct;
|
||||
struct userpriv {
|
||||
uid_t daemon_uid; /* the uid for the daemon */
|
||||
gid_t daemon_gid; /* the gid for the daemon */
|
||||
uid_t invoked_uid; /* spnavd was started with this uid */
|
||||
gid_t invoked_gid; /* spnavd was started with this gid */
|
||||
int can_restore_uid; /* spnavd can restore the invoked uid */
|
||||
int can_restore_gid; /* spnavd can restore the invoked gid */
|
||||
int runas_daemon; /* flag for running in daemonmode */
|
||||
int has_cmd_user; /* spnavd started with -u */
|
||||
int has_cmd_group; /* spnavd started with -g */
|
||||
};
|
||||
|
||||
extern userid_struct *userids;
|
||||
struct userpriv userids;
|
||||
|
||||
void set_initial_user_privileges(void);
|
||||
void test_initial_user_privileges(void);
|
||||
|
|
Ładowanie…
Reference in New Issue