Back to index

openldap  2.4.31
user.c
Go to the documentation of this file.
00001 /* user.c - set user id, group id and group access list */
00002 /* $OpenLDAP$ */
00003 /* This work is part of OpenLDAP Software <http://www.openldap.org/>.
00004  *
00005  * Copyright 1998-2012 The OpenLDAP Foundation.
00006  * Portions Copyright 1999 PM Lashley.
00007  * All rights reserved.
00008  *
00009  * Redistribution and use in source and binary forms, with or without
00010  * modification, are permitted only as authorized by the OpenLDAP
00011  * Public License.
00012  *
00013  * A copy of this license is available in the file LICENSE in the
00014  * top-level directory of the distribution or, alternatively, at
00015  * <http://www.OpenLDAP.org/license.html>.
00016  */
00017 
00018 #include "portable.h"
00019 
00020 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
00021 
00022 #include <stdio.h>
00023 
00024 #include <ac/stdlib.h>
00025 
00026 #ifdef HAVE_PWD_H
00027 #include <pwd.h>
00028 #endif
00029 #ifdef HAVE_GRP_H
00030 #include <grp.h>
00031 #endif
00032 
00033 #include <ac/ctype.h>
00034 #include <ac/unistd.h>
00035 
00036 #include "slap.h"
00037 #include "lutil.h"
00038 
00039 /*
00040  * Set real and effective user id and group id, and group access list
00041  * The user and group arguments are freed.
00042  */
00043 
00044 void
00045 slap_init_user( char *user, char *group )
00046 {
00047     uid_t     uid = 0;
00048     gid_t     gid = 0;
00049     int              got_uid = 0, got_gid = 0;
00050 
00051     if ( user ) {
00052        struct passwd *pwd;
00053        if ( isdigit( (unsigned char) *user ) ) {
00054            unsigned u;
00055 
00056            got_uid = 1;
00057            if ( lutil_atou( &u, user ) != 0 ) {
00058               Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n",
00059                      user, 0, 0 );
00060 
00061               exit( EXIT_FAILURE );
00062            }
00063            uid = (uid_t)u;
00064 #ifdef HAVE_GETPWUID
00065            pwd = getpwuid( uid );
00066            goto did_getpw;
00067 #else
00068            free( user );
00069            user = NULL;
00070 #endif
00071        } else {
00072            pwd = getpwnam( user );
00073        did_getpw:
00074            if ( pwd == NULL ) {
00075               Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
00076                      user, 0, 0 );
00077 
00078               exit( EXIT_FAILURE );
00079            }
00080            if ( got_uid ) {
00081               free( user );
00082               user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL);
00083            } else {
00084               got_uid = 1;
00085               uid = pwd->pw_uid;
00086            }
00087            got_gid = 1;
00088            gid = pwd->pw_gid;
00089 #ifdef HAVE_ENDPWENT
00090            endpwent();
00091 #endif
00092        }
00093     }
00094 
00095     if ( group ) {
00096        struct group *grp;
00097        if ( isdigit( (unsigned char) *group )) {
00098            unsigned g;
00099 
00100            if ( lutil_atou( &g, group ) != 0 ) {
00101               Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n",
00102                      group, 0, 0 );
00103 
00104               exit( EXIT_FAILURE );
00105            }
00106            gid = (uid_t)g;
00107 #ifdef HAVE_GETGRGID
00108            grp = getgrgid( gid );
00109            goto did_group;
00110 #endif
00111        } else {
00112            grp = getgrnam( group );
00113            if ( grp != NULL )
00114               gid = grp->gr_gid;
00115        did_group:
00116            if ( grp == NULL ) {
00117               Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
00118                      group, 0, 0 );
00119 
00120               exit( EXIT_FAILURE );
00121            }
00122        }
00123        free( group );
00124        got_gid = 1;
00125     }
00126 
00127     if ( user ) {
00128        if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
00129            Debug( LDAP_DEBUG_ANY,
00130                  "Could not set the group access (gid) list\n", 0, 0, 0 );
00131 
00132            exit( EXIT_FAILURE );
00133        }
00134        free( user );
00135     }
00136 
00137 #ifdef HAVE_ENDGRENT
00138     endgrent();
00139 #endif
00140 
00141     if ( got_gid ) {
00142        if ( setgid( gid ) != 0 ) {
00143            Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
00144                      (int) gid, 0, 0 );
00145 
00146            exit( EXIT_FAILURE );
00147        }
00148 #ifdef HAVE_SETEGID
00149        if ( setegid( gid ) != 0 ) {
00150            Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
00151                      (int) gid, 0, 0 );
00152 
00153            exit( EXIT_FAILURE );
00154        }
00155 #endif
00156     }
00157 
00158     if ( got_uid ) {
00159        if ( setuid( uid ) != 0 ) {
00160            Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
00161                      (int) uid, 0, 0 );
00162 
00163            exit( EXIT_FAILURE );
00164        }
00165 #ifdef HAVE_SETEUID
00166        if ( seteuid( uid ) != 0 ) {
00167            Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
00168                      (int) uid, 0, 0 );
00169 
00170            exit( EXIT_FAILURE );
00171        }
00172 #endif
00173     }
00174 }
00175 
00176 #endif /* HAVE_PWD_H && HAVE_GRP_H */