1*d780102eSjmmv //
2*d780102eSjmmv // Automated Testing Framework (atf)
3*d780102eSjmmv //
4*d780102eSjmmv // Copyright (c) 2007 The NetBSD Foundation, Inc.
5*d780102eSjmmv // All rights reserved.
6*d780102eSjmmv //
7*d780102eSjmmv // Redistribution and use in source and binary forms, with or without
8*d780102eSjmmv // modification, are permitted provided that the following conditions
9*d780102eSjmmv // are met:
10*d780102eSjmmv // 1. Redistributions of source code must retain the above copyright
11*d780102eSjmmv // notice, this list of conditions and the following disclaimer.
12*d780102eSjmmv // 2. Redistributions in binary form must reproduce the above copyright
13*d780102eSjmmv // notice, this list of conditions and the following disclaimer in the
14*d780102eSjmmv // documentation and/or other materials provided with the distribution.
15*d780102eSjmmv //
16*d780102eSjmmv // THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
17*d780102eSjmmv // CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
18*d780102eSjmmv // INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19*d780102eSjmmv // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20*d780102eSjmmv // IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
21*d780102eSjmmv // DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22*d780102eSjmmv // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
23*d780102eSjmmv // GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24*d780102eSjmmv // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25*d780102eSjmmv // IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
26*d780102eSjmmv // OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
27*d780102eSjmmv // IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28*d780102eSjmmv //
29*d780102eSjmmv
30*d780102eSjmmv extern "C" {
31*d780102eSjmmv #include <sys/param.h>
32*d780102eSjmmv #include <sys/types.h>
33*d780102eSjmmv
34*d780102eSjmmv #include <limits.h>
35*d780102eSjmmv #include <pwd.h>
36*d780102eSjmmv #include <unistd.h>
37*d780102eSjmmv }
38*d780102eSjmmv
39*d780102eSjmmv #include <cassert>
40*d780102eSjmmv #include <stdexcept>
41*d780102eSjmmv #include <string>
42*d780102eSjmmv
43*d780102eSjmmv #include "user.hpp"
44*d780102eSjmmv
45*d780102eSjmmv namespace impl = tools::user;
46*d780102eSjmmv #define IMPL_NAME "tools::user"
47*d780102eSjmmv
48*d780102eSjmmv uid_t
euid(void)49*d780102eSjmmv impl::euid(void)
50*d780102eSjmmv {
51*d780102eSjmmv return ::geteuid();
52*d780102eSjmmv }
53*d780102eSjmmv
54*d780102eSjmmv void
drop_privileges(const std::pair<int,int> ids)55*d780102eSjmmv impl::drop_privileges(const std::pair< int, int > ids)
56*d780102eSjmmv {
57*d780102eSjmmv if (::setgid(ids.second) == -1)
58*d780102eSjmmv throw std::runtime_error("Failed to drop group privileges");
59*d780102eSjmmv if (::setuid(ids.first) == -1)
60*d780102eSjmmv throw std::runtime_error("Failed to drop user privileges");
61*d780102eSjmmv }
62*d780102eSjmmv
63*d780102eSjmmv std::pair< int, int >
get_user_ids(const std::string & user)64*d780102eSjmmv impl::get_user_ids(const std::string& user)
65*d780102eSjmmv {
66*d780102eSjmmv const struct passwd* pw = ::getpwnam(user.c_str());
67*d780102eSjmmv if (pw == NULL)
68*d780102eSjmmv throw std::runtime_error("Failed to get information for user " + user);
69*d780102eSjmmv return std::make_pair(pw->pw_uid, pw->pw_gid);
70*d780102eSjmmv }
71*d780102eSjmmv
72*d780102eSjmmv bool
is_member_of_group(gid_t gid)73*d780102eSjmmv impl::is_member_of_group(gid_t gid)
74*d780102eSjmmv {
75*d780102eSjmmv static gid_t groups[NGROUPS_MAX];
76*d780102eSjmmv static int ngroups = -1;
77*d780102eSjmmv bool found;
78*d780102eSjmmv int i;
79*d780102eSjmmv
80*d780102eSjmmv if (ngroups == -1) {
81*d780102eSjmmv ngroups = getgroups(NGROUPS_MAX, groups);
82*d780102eSjmmv assert(ngroups >= 0);
83*d780102eSjmmv }
84*d780102eSjmmv
85*d780102eSjmmv found = false;
86*d780102eSjmmv for (i = 0; !found && i < ngroups; i++)
87*d780102eSjmmv if (groups[i] == gid)
88*d780102eSjmmv found = true;
89*d780102eSjmmv return found;
90*d780102eSjmmv }
91*d780102eSjmmv
92*d780102eSjmmv bool
is_root(void)93*d780102eSjmmv impl::is_root(void)
94*d780102eSjmmv {
95*d780102eSjmmv return ::geteuid() == 0;
96*d780102eSjmmv }
97*d780102eSjmmv
98*d780102eSjmmv bool
is_unprivileged(void)99*d780102eSjmmv impl::is_unprivileged(void)
100*d780102eSjmmv {
101*d780102eSjmmv return ::geteuid() != 0;
102*d780102eSjmmv }
103