1 /* $NetBSD: user.c,v 1.1.1.4 2014/05/28 09:58:48 tron Exp $ */ 2 3 /* user.c - set user id, group id and group access list */ 4 /* $OpenLDAP$ */ 5 /* This work is part of OpenLDAP Software <http://www.openldap.org/>. 6 * 7 * Copyright 1998-2014 The OpenLDAP Foundation. 8 * Portions Copyright 1999 PM Lashley. 9 * All rights reserved. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted only as authorized by the OpenLDAP 13 * Public License. 14 * 15 * A copy of this license is available in the file LICENSE in the 16 * top-level directory of the distribution or, alternatively, at 17 * <http://www.OpenLDAP.org/license.html>. 18 */ 19 20 #include "portable.h" 21 22 #if defined(HAVE_SETUID) && defined(HAVE_SETGID) 23 24 #include <stdio.h> 25 26 #include <ac/stdlib.h> 27 28 #ifdef HAVE_PWD_H 29 #include <pwd.h> 30 #endif 31 #ifdef HAVE_GRP_H 32 #include <grp.h> 33 #endif 34 35 #include <ac/ctype.h> 36 #include <ac/unistd.h> 37 38 #include "slap.h" 39 #include "lutil.h" 40 41 /* 42 * Set real and effective user id and group id, and group access list 43 * The user and group arguments are freed. 44 */ 45 46 void 47 slap_init_user( char *user, char *group ) 48 { 49 uid_t uid = 0; 50 gid_t gid = 0; 51 int got_uid = 0, got_gid = 0; 52 53 if ( user ) { 54 struct passwd *pwd; 55 if ( isdigit( (unsigned char) *user ) ) { 56 unsigned u; 57 58 got_uid = 1; 59 if ( lutil_atou( &u, user ) != 0 ) { 60 Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n", 61 user, 0, 0 ); 62 63 exit( EXIT_FAILURE ); 64 } 65 uid = (uid_t)u; 66 #ifdef HAVE_GETPWUID 67 pwd = getpwuid( uid ); 68 goto did_getpw; 69 #else 70 free( user ); 71 user = NULL; 72 #endif 73 } else { 74 pwd = getpwnam( user ); 75 did_getpw: 76 if ( pwd == NULL ) { 77 Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n", 78 user, 0, 0 ); 79 80 exit( EXIT_FAILURE ); 81 } 82 if ( got_uid ) { 83 free( user ); 84 user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL); 85 } else { 86 got_uid = 1; 87 uid = pwd->pw_uid; 88 } 89 got_gid = 1; 90 gid = pwd->pw_gid; 91 #ifdef HAVE_ENDPWENT 92 endpwent(); 93 #endif 94 } 95 } 96 97 if ( group ) { 98 struct group *grp; 99 if ( isdigit( (unsigned char) *group )) { 100 unsigned g; 101 102 if ( lutil_atou( &g, group ) != 0 ) { 103 Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n", 104 group, 0, 0 ); 105 106 exit( EXIT_FAILURE ); 107 } 108 gid = (uid_t)g; 109 #ifdef HAVE_GETGRGID 110 grp = getgrgid( gid ); 111 goto did_group; 112 #endif 113 } else { 114 grp = getgrnam( group ); 115 if ( grp != NULL ) 116 gid = grp->gr_gid; 117 did_group: 118 if ( grp == NULL ) { 119 Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n", 120 group, 0, 0 ); 121 122 exit( EXIT_FAILURE ); 123 } 124 } 125 free( group ); 126 got_gid = 1; 127 } 128 129 if ( user ) { 130 if ( getuid() == 0 && initgroups( user, gid ) != 0 ) { 131 Debug( LDAP_DEBUG_ANY, 132 "Could not set the group access (gid) list\n", 0, 0, 0 ); 133 134 exit( EXIT_FAILURE ); 135 } 136 free( user ); 137 } 138 139 #ifdef HAVE_ENDGRENT 140 endgrent(); 141 #endif 142 143 if ( got_gid ) { 144 if ( setgid( gid ) != 0 ) { 145 Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n", 146 (int) gid, 0, 0 ); 147 148 exit( EXIT_FAILURE ); 149 } 150 #ifdef HAVE_SETEGID 151 if ( setegid( gid ) != 0 ) { 152 Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n", 153 (int) gid, 0, 0 ); 154 155 exit( EXIT_FAILURE ); 156 } 157 #endif 158 } 159 160 if ( got_uid ) { 161 if ( setuid( uid ) != 0 ) { 162 Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n", 163 (int) uid, 0, 0 ); 164 165 exit( EXIT_FAILURE ); 166 } 167 #ifdef HAVE_SETEUID 168 if ( seteuid( uid ) != 0 ) { 169 Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n", 170 (int) uid, 0, 0 ); 171 172 exit( EXIT_FAILURE ); 173 } 174 #endif 175 } 176 } 177 178 #endif /* HAVE_PWD_H && HAVE_GRP_H */ 179