1*0a6a1f1dSLionel Sambuc //
2*0a6a1f1dSLionel Sambuc // Automated Testing Framework (atf)
3*0a6a1f1dSLionel Sambuc //
4*0a6a1f1dSLionel Sambuc // Copyright (c) 2007 The NetBSD Foundation, Inc.
5*0a6a1f1dSLionel Sambuc // All rights reserved.
6*0a6a1f1dSLionel Sambuc //
7*0a6a1f1dSLionel Sambuc // Redistribution and use in source and binary forms, with or without
8*0a6a1f1dSLionel Sambuc // modification, are permitted provided that the following conditions
9*0a6a1f1dSLionel Sambuc // are met:
10*0a6a1f1dSLionel Sambuc // 1. Redistributions of source code must retain the above copyright
11*0a6a1f1dSLionel Sambuc // notice, this list of conditions and the following disclaimer.
12*0a6a1f1dSLionel Sambuc // 2. Redistributions in binary form must reproduce the above copyright
13*0a6a1f1dSLionel Sambuc // notice, this list of conditions and the following disclaimer in the
14*0a6a1f1dSLionel Sambuc // documentation and/or other materials provided with the distribution.
15*0a6a1f1dSLionel Sambuc //
16*0a6a1f1dSLionel Sambuc // THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND
17*0a6a1f1dSLionel Sambuc // CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
18*0a6a1f1dSLionel Sambuc // INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
19*0a6a1f1dSLionel Sambuc // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20*0a6a1f1dSLionel Sambuc // IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS BE LIABLE FOR ANY
21*0a6a1f1dSLionel Sambuc // DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22*0a6a1f1dSLionel Sambuc // DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
23*0a6a1f1dSLionel Sambuc // GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
24*0a6a1f1dSLionel Sambuc // INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
25*0a6a1f1dSLionel Sambuc // IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
26*0a6a1f1dSLionel Sambuc // OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
27*0a6a1f1dSLionel Sambuc // IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28*0a6a1f1dSLionel Sambuc //
29*0a6a1f1dSLionel Sambuc
30*0a6a1f1dSLionel Sambuc extern "C" {
31*0a6a1f1dSLionel Sambuc #include <sys/param.h>
32*0a6a1f1dSLionel Sambuc #include <sys/types.h>
33*0a6a1f1dSLionel Sambuc
34*0a6a1f1dSLionel Sambuc #include <limits.h>
35*0a6a1f1dSLionel Sambuc #include <pwd.h>
36*0a6a1f1dSLionel Sambuc #include <unistd.h>
37*0a6a1f1dSLionel Sambuc }
38*0a6a1f1dSLionel Sambuc
39*0a6a1f1dSLionel Sambuc #include <cassert>
40*0a6a1f1dSLionel Sambuc #include <stdexcept>
41*0a6a1f1dSLionel Sambuc #include <string>
42*0a6a1f1dSLionel Sambuc
43*0a6a1f1dSLionel Sambuc #include "user.hpp"
44*0a6a1f1dSLionel Sambuc
45*0a6a1f1dSLionel Sambuc namespace impl = tools::user;
46*0a6a1f1dSLionel Sambuc #define IMPL_NAME "tools::user"
47*0a6a1f1dSLionel Sambuc
48*0a6a1f1dSLionel Sambuc uid_t
euid(void)49*0a6a1f1dSLionel Sambuc impl::euid(void)
50*0a6a1f1dSLionel Sambuc {
51*0a6a1f1dSLionel Sambuc return ::geteuid();
52*0a6a1f1dSLionel Sambuc }
53*0a6a1f1dSLionel Sambuc
54*0a6a1f1dSLionel Sambuc void
drop_privileges(const std::pair<int,int> ids)55*0a6a1f1dSLionel Sambuc impl::drop_privileges(const std::pair< int, int > ids)
56*0a6a1f1dSLionel Sambuc {
57*0a6a1f1dSLionel Sambuc if (::setgid(ids.second) == -1)
58*0a6a1f1dSLionel Sambuc throw std::runtime_error("Failed to drop group privileges");
59*0a6a1f1dSLionel Sambuc if (::setuid(ids.first) == -1)
60*0a6a1f1dSLionel Sambuc throw std::runtime_error("Failed to drop user privileges");
61*0a6a1f1dSLionel Sambuc }
62*0a6a1f1dSLionel Sambuc
63*0a6a1f1dSLionel Sambuc std::pair< int, int >
get_user_ids(const std::string & user)64*0a6a1f1dSLionel Sambuc impl::get_user_ids(const std::string& user)
65*0a6a1f1dSLionel Sambuc {
66*0a6a1f1dSLionel Sambuc const struct passwd* pw = ::getpwnam(user.c_str());
67*0a6a1f1dSLionel Sambuc if (pw == NULL)
68*0a6a1f1dSLionel Sambuc throw std::runtime_error("Failed to get information for user " + user);
69*0a6a1f1dSLionel Sambuc return std::make_pair(pw->pw_uid, pw->pw_gid);
70*0a6a1f1dSLionel Sambuc }
71*0a6a1f1dSLionel Sambuc
72*0a6a1f1dSLionel Sambuc bool
is_member_of_group(gid_t gid)73*0a6a1f1dSLionel Sambuc impl::is_member_of_group(gid_t gid)
74*0a6a1f1dSLionel Sambuc {
75*0a6a1f1dSLionel Sambuc static gid_t groups[NGROUPS_MAX];
76*0a6a1f1dSLionel Sambuc static int ngroups = -1;
77*0a6a1f1dSLionel Sambuc bool found;
78*0a6a1f1dSLionel Sambuc int i;
79*0a6a1f1dSLionel Sambuc
80*0a6a1f1dSLionel Sambuc if (ngroups == -1) {
81*0a6a1f1dSLionel Sambuc ngroups = getgroups(NGROUPS_MAX, groups);
82*0a6a1f1dSLionel Sambuc assert(ngroups >= 0);
83*0a6a1f1dSLionel Sambuc }
84*0a6a1f1dSLionel Sambuc
85*0a6a1f1dSLionel Sambuc found = false;
86*0a6a1f1dSLionel Sambuc for (i = 0; !found && i < ngroups; i++)
87*0a6a1f1dSLionel Sambuc if (groups[i] == gid)
88*0a6a1f1dSLionel Sambuc found = true;
89*0a6a1f1dSLionel Sambuc return found;
90*0a6a1f1dSLionel Sambuc }
91*0a6a1f1dSLionel Sambuc
92*0a6a1f1dSLionel Sambuc bool
is_root(void)93*0a6a1f1dSLionel Sambuc impl::is_root(void)
94*0a6a1f1dSLionel Sambuc {
95*0a6a1f1dSLionel Sambuc return ::geteuid() == 0;
96*0a6a1f1dSLionel Sambuc }
97*0a6a1f1dSLionel Sambuc
98*0a6a1f1dSLionel Sambuc bool
is_unprivileged(void)99*0a6a1f1dSLionel Sambuc impl::is_unprivileged(void)
100*0a6a1f1dSLionel Sambuc {
101*0a6a1f1dSLionel Sambuc return ::geteuid() != 0;
102*0a6a1f1dSLionel Sambuc }
103