1 /* $NetBSD: user.c,v 1.3 2021/08/14 16:14:58 christos Exp $ */
2
3 /* user.c - set user id, group id and group access list */
4 /* $OpenLDAP$ */
5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
6 *
7 * Copyright 1998-2021 The OpenLDAP Foundation.
8 * Portions Copyright 1999 PM Lashley.
9 * All rights reserved.
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted only as authorized by the OpenLDAP
13 * Public License.
14 *
15 * A copy of this license is available in the file LICENSE in the
16 * top-level directory of the distribution or, alternatively, at
17 * <http://www.OpenLDAP.org/license.html>.
18 */
19
20 #include <sys/cdefs.h>
21 __RCSID("$NetBSD: user.c,v 1.3 2021/08/14 16:14:58 christos Exp $");
22
23 #include "portable.h"
24
25 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
26
27 #include <stdio.h>
28
29 #include <ac/stdlib.h>
30
31 #ifdef HAVE_PWD_H
32 #include <pwd.h>
33 #endif
34 #ifdef HAVE_GRP_H
35 #include <grp.h>
36 #endif
37
38 #include <ac/ctype.h>
39 #include <ac/unistd.h>
40
41 #include "slap.h"
42 #include "lutil.h"
43
44 /*
45 * Set real and effective user id and group id, and group access list
46 */
47
48 void
slap_init_user(char * user,char * group)49 slap_init_user( char *user, char *group )
50 {
51 uid_t uid = 0;
52 gid_t gid = 0;
53 int got_uid = 0, got_gid = 0;
54
55 if ( user ) {
56 struct passwd *pwd;
57 if ( isdigit( (unsigned char) *user ) ) {
58 unsigned u;
59
60 got_uid = 1;
61 if ( lutil_atou( &u, user ) != 0 ) {
62 Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n",
63 user );
64
65 exit( EXIT_FAILURE );
66 }
67 uid = (uid_t)u;
68 #ifdef HAVE_GETPWUID
69 pwd = getpwuid( uid );
70 goto did_getpw;
71 #else
72 user = NULL;
73 #endif
74 } else {
75 pwd = getpwnam( user );
76 did_getpw:
77 if ( pwd == NULL ) {
78 Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
79 user );
80
81 exit( EXIT_FAILURE );
82 }
83 if ( got_uid ) {
84 user = (pwd != NULL ? pwd->pw_name : NULL);
85 } else {
86 got_uid = 1;
87 uid = pwd->pw_uid;
88 }
89 got_gid = 1;
90 gid = pwd->pw_gid;
91 #ifdef HAVE_ENDPWENT
92 endpwent();
93 #endif
94 }
95 }
96
97 if ( group ) {
98 struct group *grp;
99 if ( isdigit( (unsigned char) *group )) {
100 unsigned g;
101
102 if ( lutil_atou( &g, group ) != 0 ) {
103 Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n",
104 group );
105
106 exit( EXIT_FAILURE );
107 }
108 gid = (uid_t)g;
109 #ifdef HAVE_GETGRGID
110 grp = getgrgid( gid );
111 goto did_group;
112 #endif
113 } else {
114 grp = getgrnam( group );
115 if ( grp != NULL )
116 gid = grp->gr_gid;
117 did_group:
118 if ( grp == NULL ) {
119 Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
120 group );
121
122 exit( EXIT_FAILURE );
123 }
124 }
125 got_gid = 1;
126 }
127
128 if ( user ) {
129 if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
130 Debug( LDAP_DEBUG_ANY,
131 "Could not set the group access (gid) list\n" );
132
133 exit( EXIT_FAILURE );
134 }
135 }
136
137 #ifdef HAVE_ENDGRENT
138 endgrent();
139 #endif
140
141 if ( got_gid ) {
142 if ( setgid( gid ) != 0 ) {
143 Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
144 (int) gid );
145
146 exit( EXIT_FAILURE );
147 }
148 #ifdef HAVE_SETEGID
149 if ( setegid( gid ) != 0 ) {
150 Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
151 (int) gid );
152
153 exit( EXIT_FAILURE );
154 }
155 #endif
156 }
157
158 if ( got_uid ) {
159 if ( setuid( uid ) != 0 ) {
160 Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
161 (int) uid );
162
163 exit( EXIT_FAILURE );
164 }
165 #ifdef HAVE_SETEUID
166 if ( seteuid( uid ) != 0 ) {
167 Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
168 (int) uid );
169
170 exit( EXIT_FAILURE );
171 }
172 #endif
173 }
174 }
175
176 #endif /* HAVE_PWD_H && HAVE_GRP_H */
177