user.c 2.92 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
/* user.c - set user id, group id and group access list
 *
 * Copyright 1999 by PM Lashley and The OpenLDAP Foundation.
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted only
 * as authorized by the OpenLDAP Public License.  A copy of this
 * license is available at http://www.OpenLDAP.org/license.html or
 * in file LICENSE in the top-level directory of the distribution.
*/

#include "portable.h"

14
#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
15
16

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
17
18

#include <ac/stdlib.h>
19
20

#ifdef HAVE_PWD_H
21
#include <pwd.h>
22
23
#endif
#ifdef HAVE_GRP_H
24
#include <grp.h>
25
#endif
26
27
28
29
30
31
32
33
34

#include <ac/ctype.h>
#include <ac/unistd.h>

#include "slap.h"


/*
 * Set real and effective user id and group id, and group access list
35
 * The user and group arguments are freed.
36
37
38
39
40
 */

void
slap_init_user( char *user, char *group )
{
41
42
43
    uid_t	uid;
    gid_t	gid;
    int  	got_uid = 0, got_gid = 0;
44
45
46
47

    if ( user ) {
	struct passwd *pwd;
	if ( isdigit( (unsigned char) *user )) {
48
	    got_uid = 1;
49
50
51
52
	    uid = atoi( user );
#ifdef HAVE_GETPWUID
	    pwd = getpwuid( uid );
	    goto did_getpw;
53
54
55
#else
	    free( user );
	    user = NULL;
56
57
58
59
60
61
62
63
64
#endif
	} else {
	    pwd = getpwnam( user );
	did_getpw:
	    if ( pwd == NULL ) {
		Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
		       user, 0, 0 );
		exit( 1 );
	    }
65
	    if ( got_uid ) {
66
67
68
		free( user );
		user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL);
	    } else {
69
		got_uid = 1;
70
71
		uid = pwd->pw_uid;
	    }
72
	    got_gid = 1;
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
	    gid = pwd->pw_gid;
#ifdef HAVE_ENDPWENT
	    endpwent();
#endif
	}
    }

    if ( group ) {
	struct group *grp;
	if ( isdigit( (unsigned char) *group )) {
	    gid = atoi( group );
#ifdef HAVE_GETGRGID
	    grp = getgrgid( gid );
	    goto did_group;
#endif
	} else {
	    grp = getgrnam( group );
	    if ( grp != NULL )
		gid = grp->gr_gid;
	did_group:
	    if ( grp == NULL ) {
		Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
		       group, 0, 0 );
		exit( 1 );
	    }
	}
	free( group );
100
	got_gid = 1;
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
    }

    if ( user ) {
	if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
	    Debug( LDAP_DEBUG_ANY,
		   "Could not set the group access (gid) list\n", 0, 0, 0 );
	    exit( 1 );
	}
	free( user );
    }

#ifdef HAVE_ENDGRENT
    endgrent();
#endif

116
    if ( got_gid ) {
117
118
119
120
121
	if ( setgid( gid ) != 0 ) {
	    Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
		   gid, 0, 0 );
	    exit( 1 );
	}
122
#ifdef HAVE_SETEGID
123
124
125
126
127
	if ( setegid( gid ) != 0 ) {
	    Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
		   gid, 0, 0 );
	    exit( 1 );
	}
128
#endif
129
130
    }

131
    if ( got_uid ) {
132
	if ( setuid( uid ) != 0 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
133
	    Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
134
135
136
		   uid, 0, 0 );
	    exit( 1 );
	}
137
#ifdef HAVE_SETEUID
138
	if ( seteuid( uid ) != 0 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
139
	    Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
140
141
142
		   uid, 0, 0 );
	    exit( 1 );
	}
143
#endif
144
145
146
147
    }
}

#endif /* HAVE_PWD_H && HAVE_GRP_H */