user.c 4.21 KB
Newer Older
1
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
2
/*
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3
 * Copyright 1998-2000 The OpenLDAP Foundation, All Rights Reserved.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
4
5
 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
 */
6
7
/* user.c - set user id, group id and group access list
 *
Kurt Zeilenga's avatar
Kurt Zeilenga committed
8
 * Copyright 1999 by PM Lashley.
9
10
11
12
13
14
15
16
17
18
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms are permitted only
 * as authorized by the OpenLDAP Public License.  A copy of this
 * license is available at http://www.OpenLDAP.org/license.html or
 * in file LICENSE in the top-level directory of the distribution.
*/

#include "portable.h"

19
#if defined(HAVE_SETUID) && defined(HAVE_SETGID)
20
21

#include <stdio.h>
Kurt Zeilenga's avatar
Kurt Zeilenga committed
22
23

#include <ac/stdlib.h>
24
25

#ifdef HAVE_PWD_H
26
#include <pwd.h>
27
28
#endif
#ifdef HAVE_GRP_H
29
#include <grp.h>
30
#endif
31
32
33
34
35
36
37
38
39

#include <ac/ctype.h>
#include <ac/unistd.h>

#include "slap.h"


/*
 * Set real and effective user id and group id, and group access list
40
 * The user and group arguments are freed.
41
42
43
44
45
 */

void
slap_init_user( char *user, char *group )
{
46
47
    uid_t	uid;
    gid_t	gid;
Gary Williams's avatar
Gary Williams committed
48
    int		got_uid = 0, got_gid = 0;
49
50
51
52

    if ( user ) {
	struct passwd *pwd;
	if ( isdigit( (unsigned char) *user )) {
53
	    got_uid = 1;
54
55
56
57
	    uid = atoi( user );
#ifdef HAVE_GETPWUID
	    pwd = getpwuid( uid );
	    goto did_getpw;
58
59
60
#else
	    free( user );
	    user = NULL;
61
62
63
64
65
#endif
	} else {
	    pwd = getpwnam( user );
	did_getpw:
	    if ( pwd == NULL ) {
66
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
67
68
69
		    LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
			       "slap_init_user: No passwd entry for user %s\n",
			       user ));
70
#else
71
72
		Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
		       user, 0, 0 );
73
74
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
75
		exit( EXIT_FAILURE );
76
	    }
77
	    if ( got_uid ) {
78
79
80
		free( user );
		user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL);
	    } else {
81
		got_uid = 1;
82
83
		uid = pwd->pw_uid;
	    }
84
	    got_gid = 1;
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
	    gid = pwd->pw_gid;
#ifdef HAVE_ENDPWENT
	    endpwent();
#endif
	}
    }

    if ( group ) {
	struct group *grp;
	if ( isdigit( (unsigned char) *group )) {
	    gid = atoi( group );
#ifdef HAVE_GETGRGID
	    grp = getgrgid( gid );
	    goto did_group;
#endif
	} else {
	    grp = getgrnam( group );
	    if ( grp != NULL )
		gid = grp->gr_gid;
	did_group:
	    if ( grp == NULL ) {
106
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
107
108
		LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
			   "slap_init_user: No group entry for group %s\n", group));
109
#else
110
111
		Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
		       group, 0, 0 );
112
113
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
114
		exit( EXIT_FAILURE );
115
116
117
	    }
	}
	free( group );
118
	got_gid = 1;
119
120
121
122
    }

    if ( user ) {
	if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
123
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
124
125
	    LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
		       "slap_init_user: Could not set the group access (gid) list.\n" ));
126
#else
127
128
	    Debug( LDAP_DEBUG_ANY,
		   "Could not set the group access (gid) list\n", 0, 0, 0 );
129
130
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
131
	    exit( EXIT_FAILURE );
132
133
134
135
136
137
138
139
	}
	free( user );
    }

#ifdef HAVE_ENDGRENT
    endgrent();
#endif

140
    if ( got_gid ) {
141
	if ( setgid( gid ) != 0 ) {
142
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
143
144
	    LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
		       "slap_init_user: could not set real group id to %d\n", (int)gid));
145
#else
146
	    Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
147
		       (int) gid, 0, 0 );
148
149
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
150
	    exit( EXIT_FAILURE );
151
	}
152
#ifdef HAVE_SETEGID
153
	if ( setegid( gid ) != 0 ) {
154
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
155
156
	    LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
		       "slap_init_user: Could not set effective group id to %d\n",(int)gid));
157
#else
158
	    Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
159
		       (int) gid, 0, 0 );
160
161
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
162
	    exit( EXIT_FAILURE );
163
	}
164
#endif
165
166
    }

167
    if ( got_uid ) {
168
	if ( setuid( uid ) != 0 ) {
169
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
170
171
	    LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
		       "slap_init_user: Could not set real user id to %d\n", (int)uid ));
172
#else
Kurt Zeilenga's avatar
Kurt Zeilenga committed
173
	    Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
174
		       (int) uid, 0, 0 );
175
176
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
177
	    exit( EXIT_FAILURE );
178
	}
179
#ifdef HAVE_SETEUID
180
	if ( seteuid( uid ) != 0 ) {
181
#ifdef NEW_LOGGING
Gary Williams's avatar
Gary Williams committed
182
183
	    LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
		       "slap_init_user: Could not set effective user id to %d\n", (int)uid ));
184
#else
Kurt Zeilenga's avatar
Kurt Zeilenga committed
185
	    Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
Hallvard Furuseth's avatar
Hallvard Furuseth committed
186
		       (int) uid, 0, 0 );
187
188
#endif

Kurt Zeilenga's avatar
Kurt Zeilenga committed
189
	    exit( EXIT_FAILURE );
190
	}
191
#endif
192
193
194
195
    }
}

#endif /* HAVE_PWD_H && HAVE_GRP_H */