user.c 3.57 KB
Newer Older
Kurt Zeilenga's avatar
Kurt Zeilenga committed
1
/* user.c - set user id, group id and group access list */
2
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
4
 *
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
5
 * Copyright 1998-2019 The OpenLDAP Foundation.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
6
 * Portions Copyright 1999 PM Lashley.
7
8
 * All rights reserved.
 *
Kurt Zeilenga's avatar
Kurt Zeilenga committed
9
10
11
12
13
14
15
16
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
 */
17
18
19

#include "portable.h"

20
#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
21
22

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
23
24

#include <ac/stdlib.h>
25
26

#ifdef HAVE_PWD_H
27
#include <pwd.h>
28
29
#endif
#ifdef HAVE_GRP_H
30
#include <grp.h>
31
#endif
32
33
34
35
36

#include <ac/ctype.h>
#include <ac/unistd.h>

#include "slap.h"
37
#include "lutil.h"
38
39
40

/*
 * Set real and effective user id and group id, and group access list
41
 * The user and group arguments are freed.
42
43
44
 */

void
45
slap_init_user( char *user, char *group )
46
{
Pierangelo Masarati's avatar
Pierangelo Masarati committed
47
48
    uid_t	uid = 0;
    gid_t	gid = 0;
Gary Williams's avatar
Gary Williams committed
49
    int		got_uid = 0, got_gid = 0;
50
51
52

    if ( user ) {
	struct passwd *pwd;
53
54
55
	if ( isdigit( (unsigned char) *user ) ) {
	    unsigned u;

56
	    got_uid = 1;
57
58
59
60
61
62
63
	    if ( lutil_atou( &u, user ) != 0 ) {
		Debug( LDAP_DEBUG_ANY, "Unble to parse user %s\n",
		       user, 0, 0 );

		exit( EXIT_FAILURE );
	    }
	    uid = (uid_t)u;
64
65
66
#ifdef HAVE_GETPWUID
	    pwd = getpwuid( uid );
	    goto did_getpw;
67
68
69
#else
	    free( user );
	    user = NULL;
70
71
72
73
74
75
76
#endif
	} else {
	    pwd = getpwnam( user );
	did_getpw:
	    if ( pwd == NULL ) {
		Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
		       user, 0, 0 );
77

Kurt Zeilenga's avatar
Kurt Zeilenga committed
78
		exit( EXIT_FAILURE );
79
	    }
80
	    if ( got_uid ) {
81
82
83
		free( user );
		user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL);
	    } else {
84
		got_uid = 1;
85
86
		uid = pwd->pw_uid;
	    }
87
	    got_gid = 1;
88
89
90
91
92
93
94
95
96
97
	    gid = pwd->pw_gid;
#ifdef HAVE_ENDPWENT
	    endpwent();
#endif
	}
    }

    if ( group ) {
	struct group *grp;
	if ( isdigit( (unsigned char) *group )) {
98
99
100
101
102
103
104
105
106
	    unsigned g;

	    if ( lutil_atou( &g, group ) != 0 ) {
		Debug( LDAP_DEBUG_ANY, "Unble to parse group %s\n",
		       group, 0, 0 );

		exit( EXIT_FAILURE );
	    }
	    gid = (uid_t)g;
107
108
109
110
111
112
113
114
115
116
117
118
#ifdef HAVE_GETGRGID
	    grp = getgrgid( gid );
	    goto did_group;
#endif
	} else {
	    grp = getgrnam( group );
	    if ( grp != NULL )
		gid = grp->gr_gid;
	did_group:
	    if ( grp == NULL ) {
		Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
		       group, 0, 0 );
119

Kurt Zeilenga's avatar
Kurt Zeilenga committed
120
		exit( EXIT_FAILURE );
121
122
123
	    }
	}
	free( group );
124
	got_gid = 1;
125
126
127
128
129
130
    }

    if ( user ) {
	if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
	    Debug( LDAP_DEBUG_ANY,
		   "Could not set the group access (gid) list\n", 0, 0, 0 );
131

Kurt Zeilenga's avatar
Kurt Zeilenga committed
132
	    exit( EXIT_FAILURE );
133
134
135
136
137
138
139
140
	}
	free( user );
    }

#ifdef HAVE_ENDGRENT
    endgrent();
#endif

141
    if ( got_gid ) {
142
143
	if ( setgid( gid ) != 0 ) {
	    Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
144
		       (int) gid, 0, 0 );
145

Kurt Zeilenga's avatar
Kurt Zeilenga committed
146
	    exit( EXIT_FAILURE );
147
	}
148
#ifdef HAVE_SETEGID
149
150
	if ( setegid( gid ) != 0 ) {
	    Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
151
		       (int) gid, 0, 0 );
152

Kurt Zeilenga's avatar
Kurt Zeilenga committed
153
	    exit( EXIT_FAILURE );
154
	}
155
#endif
156
157
    }

158
    if ( got_uid ) {
159
	if ( setuid( uid ) != 0 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
160
	    Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
161
		       (int) uid, 0, 0 );
162

Kurt Zeilenga's avatar
Kurt Zeilenga committed
163
	    exit( EXIT_FAILURE );
164
	}
165
#ifdef HAVE_SETEUID
166
	if ( seteuid( uid ) != 0 ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
167
	    Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
168
		       (int) uid, 0, 0 );
169

Kurt Zeilenga's avatar
Kurt Zeilenga committed
170
	    exit( EXIT_FAILURE );
171
	}
172
#endif
173
174
175
176
    }
}

#endif /* HAVE_PWD_H && HAVE_GRP_H */