summaryrefslogtreecommitdiffabout
authorSergey Poznyakoff <gray@gnu.org.ua>2009-02-25 20:51:33 (GMT)
committer Sergey Poznyakoff <gray@gnu.org.ua>2009-02-25 20:51:33 (GMT)
commit2e027ea167726a3af7d9db366acef266752c6b1b (patch) (side-by-side diff)
treed71b14fc10bc55d887e855c8c4e1283fadbd8025
parent27d1256d331d45bf68d96e9a8aa8175df2584978 (diff)
downloadwydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.gz
wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.bz2
Fix privilege selection
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--src/directive.c4
-rw-r--r--src/diskio.c4
-rw-r--r--src/triplet.c4
-rw-r--r--src/verify.c10
-rw-r--r--src/wydawca.c26
-rw-r--r--src/wydawca.h4
6 files changed, 41 insertions, 11 deletions
diff --git a/src/directive.c b/src/directive.c
index ccea1ef..2915fee 100644
--- a/src/directive.c
+++ b/src/directive.c
@@ -337,9 +337,9 @@ process_directives (struct file_triplet *trp, const struct spool *spool)
break;
case filename_dir:
- wydawca_set_uid (0);
+ wydawca_set_root_privs ();
rc = verify_detached_signature (trp, spool);
- wydawca_set_uid (TRIPLET_UID (trp));
+ wydawca_set_triplet_privs (trp);
if (rc == 0)
{
if (move_file (trp, spool, file_dist, relative_dir)
diff --git a/src/diskio.c b/src/diskio.c
index c068e49..fbd1050 100644
--- a/src/diskio.c
+++ b/src/diskio.c
@@ -124,9 +124,9 @@ create_directory (const char *base, const char *name, uid_t uid, gid_t gid)
if (!dry_run_mode)
{
int rc;
- wydawca_set_uid (0);
+ wydawca_set_root_privs ();
rc = create_hierarchy (dir, baselen, uid, gid);
- wydawca_set_uid (uid);
+ wydawca_set_privs (uid, gid);
if (rc)
{
free (dir);
diff --git a/src/triplet.c b/src/triplet.c
index a79d28a..614e2b5 100644
--- a/src/triplet.c
+++ b/src/triplet.c
@@ -199,10 +199,10 @@ triplet_processor (void *data, void *proc_data)
case triplet_complete:
if (debug_level)
logmsg (LOG_DEBUG, _("processing triplet `%s'"), trp->name);
- if (wydawca_set_uid (TRIPLET_UID (trp)) == 0)
+ if (wydawca_set_triplet_privs (trp) == 0)
{
process_directives (trp, spool);
- wydawca_set_uid (0);
+ wydawca_set_root_privs ();
}
return true;
diff --git a/src/verify.c b/src/verify.c
index 522b865..d419df5 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -101,10 +101,16 @@ check_access_rights (struct file_triplet *trp, const struct spool *spool,
const char *result;
struct metadef def[5];
void *md;
-
+ struct group *grp;
+
if (fill_project_name (trp))
return 1;
-
+ grp = getgrnam (trp->project);
+ if (grp)
+ trp->gid = grp->gr_gid;
+ else
+ logmsg (LOG_NOTICE, _("no such group: %s"), trp->project);
+
if (debug_level)
logmsg (LOG_DEBUG, _("verifying access rights for user %s to project %s"),
user, trp->project);
diff --git a/src/wydawca.c b/src/wydawca.c
index b121959..48c27e9 100644
--- a/src/wydawca.c
+++ b/src/wydawca.c
@@ -265,7 +265,7 @@ collect_uids (int argc, char **argv)
}
-int
+static int
wydawca_set_uid (uid_t uid)
{
int rc;
@@ -287,7 +287,7 @@ wydawca_set_uid (uid_t uid)
return rc;
}
-int
+static int
wydawca_set_gid (gid_t gid)
{
int rc;
@@ -309,6 +309,28 @@ wydawca_set_gid (gid_t gid)
return rc;
}
+int
+wydawca_set_privs (uid_t uid, gid_t gid)
+{
+ if (wydawca_set_gid (gid))
+ return -1;
+ if (wydawca_set_uid (uid))
+ return -1;
+ return 0;
+}
+
+int
+wydawca_set_triplet_privs (struct file_triplet *trp)
+{
+ return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp));
+}
+
+int
+wydawca_set_root_privs ()
+{
+ return wydawca_set_privs (0, 0);
+}
+
char **x_argv;
extern int reconfigure;
diff --git a/src/wydawca.h b/src/wydawca.h
index 863200f..f786271 100644
--- a/src/wydawca.h
+++ b/src/wydawca.h
@@ -428,7 +428,9 @@ int process_directives (struct file_triplet *trp,
int enabled_spool_p (const struct spool *spool);
-int wydawca_set_uid (uid_t uid);
+int wydawca_set_privs (uid_t uid, gid_t gid);
+int wydawca_set_triplet_privs (struct file_triplet *trp);
+int wydawca_set_root_privs (void);
int parse_time_interval (const char *str, time_t *pint, const char **endp);

Return to:

Send suggestions and report system problems to the System administrator.