Fix privilege selection

author: Sergey Poznyakoff <gray@gnu.org.ua> 2009-02-25 22:51:33 +0200
committer: Sergey Poznyakoff <gray@gnu.org.ua> 2009-02-25 22:51:33 +0200
commit: 2e027ea167726a3af7d9db366acef266752c6b1b (patch)
tree: d71b14fc10bc55d887e855c8c4e1283fadbd8025
parent: 27d1256d331d45bf68d96e9a8aa8175df2584978 (diff)
download: wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.gz
wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.bz2
6 files changed, 41 insertions, 11 deletions
diff --git a/src/directive.c b/src/directive.c
index ccea1ef..2915fee 100644
--- a/src/directive.c
+++ b/src/directive.c
@@ -337,9 +337,9 @@ process_directives (struct file_triplet *trp, const struct spool *spool)
          break;
        case filename_dir:
-          wydawca_set_uid (0);
+          wydawca_set_root_privs ();
          rc = verify_detached_signature (trp, spool);
-          wydawca_set_uid (TRIPLET_UID (trp));
+          wydawca_set_triplet_privs (trp);
          if (rc == 0)
            {
              if (move_file (trp, spool, file_dist, relative_dir)
diff --git a/src/diskio.c b/src/diskio.c
index c068e49..fbd1050 100644
--- a/src/diskio.c
+++ b/src/diskio.c
@@ -124,9 +124,9 @@ create_directory (const char *base, const char *name, uid_t uid, gid_t gid)
  if (!dry_run_mode)
    {
      int rc;
-      wydawca_set_uid (0);
+      wydawca_set_root_privs ();
      rc = create_hierarchy (dir, baselen, uid, gid);
-      wydawca_set_uid (uid);
+      wydawca_set_privs (uid, gid);
      if (rc)
        {
          free (dir);
diff --git a/src/triplet.c b/src/triplet.c
index a79d28a..614e2b5 100644
--- a/src/triplet.c
+++ b/src/triplet.c
@@ -199,10 +199,10 @@ triplet_processor (void *data, void *proc_data)
    case triplet_complete:
      if (debug_level)
        logmsg (LOG_DEBUG, _("processing triplet `%s'"), trp->name);
-      if (wydawca_set_uid (TRIPLET_UID (trp)) == 0)
+      if (wydawca_set_triplet_privs (trp) == 0)
        {
          process_directives (trp, spool);
-          wydawca_set_uid (0);
+          wydawca_set_root_privs ();
        }
      return true;
diff --git a/src/verify.c b/src/verify.c
index 522b865..d419df5 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -101,10 +101,16 @@ check_access_rights (struct file_triplet *trp, const struct spool *spool,
  const char *result;
  struct metadef def[5];
  void *md;
+  struct group *grp;
+  
  if (fill_project_name (trp))
    return 1;
+  grp = getgrnam (trp->project);
+  if (grp)
+          trp->gid = grp->gr_gid;
+  else
+          logmsg (LOG_NOTICE, _("no such group: %s"), trp->project);
+  
  if (debug_level)
    logmsg (LOG_DEBUG, _("verifying access rights for user %s to project %s"),
            user, trp->project);
diff --git a/src/wydawca.c b/src/wydawca.c
index b121959..48c27e9 100644
--- a/src/wydawca.c
+++ b/src/wydawca.c
@@ -265,7 +265,7 @@ collect_uids (int argc, char **argv)
 }
-int
+static int
 wydawca_set_uid (uid_t uid)
 {
  int rc;
@@ -287,7 +287,7 @@ wydawca_set_uid (uid_t uid)
  return rc;
 }
-int
+static int
 wydawca_set_gid (gid_t gid)
 {
  int rc;
@@ -309,6 +309,28 @@ wydawca_set_gid (gid_t gid)
  return rc;
 }
+int
+wydawca_set_privs (uid_t uid, gid_t gid)
+{
+        if (wydawca_set_gid (gid))
+                return -1;
+        if (wydawca_set_uid (uid))
+                return -1;
+        return 0;
+}
+int
+wydawca_set_triplet_privs (struct file_triplet *trp)
+{
+        return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp));
+}
+int
+wydawca_set_root_privs ()
+{
+        return wydawca_set_privs (0, 0);
+}
 char **x_argv;
 extern int reconfigure;
diff --git a/src/wydawca.h b/src/wydawca.h
index 863200f..f786271 100644
--- a/src/wydawca.h
+++ b/src/wydawca.h
@@ -428,7 +428,9 @@ int process_directives (struct file_triplet *trp,
 int enabled_spool_p (const struct spool *spool);
-int wydawca_set_uid (uid_t uid);
+int wydawca_set_privs (uid_t uid, gid_t gid);
+int wydawca_set_triplet_privs (struct file_triplet *trp);
+int wydawca_set_root_privs (void);
 int parse_time_interval (const char *str, time_t *pint, const char **endp);
author	Sergey Poznyakoff <gray@gnu.org.ua>	2009-02-25 22:51:33 +0200
committer	Sergey Poznyakoff <gray@gnu.org.ua>	2009-02-25 22:51:33 +0200
commit	2e027ea167726a3af7d9db366acef266752c6b1b (patch)
tree	d71b14fc10bc55d887e855c8c4e1283fadbd8025
parent	27d1256d331d45bf68d96e9a8aa8175df2584978 (diff)
download	wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.gz wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.bz2

diff --git a/src/directive.c b/src/directive.c index ccea1ef..2915fee 100644 --- a/src/directive.c +++ b/src/directive.c
@@ -337,9 +337,9 @@ process_directives (struct file_triplet trp, const struct spool spool)
337	break;	337	break;
338		338
339	case filename_dir:	339	case filename_dir:
340	wydawca_set_uid (0);	340	wydawca_set_root_privs ();
341	rc = verify_detached_signature (trp, spool);	341	rc = verify_detached_signature (trp, spool);
342	wydawca_set_uid (TRIPLET_UID (trp));	342	wydawca_set_triplet_privs (trp);
343	if (rc == 0)	343	if (rc == 0)
344	{	344	{
345	if (move_file (trp, spool, file_dist, relative_dir)	345	if (move_file (trp, spool, file_dist, relative_dir)


diff --git a/src/diskio.c b/src/diskio.c index c068e49..fbd1050 100644 --- a/src/diskio.c +++ b/src/diskio.c
@@ -124,9 +124,9 @@ create_directory (const char base, const char name, uid_t uid, gid_t gid)
124	if (!dry_run_mode)	124	if (!dry_run_mode)
125	{	125	{
126	int rc;	126	int rc;
127	wydawca_set_uid (0);	127	wydawca_set_root_privs ();
128	rc = create_hierarchy (dir, baselen, uid, gid);	128	rc = create_hierarchy (dir, baselen, uid, gid);
129	wydawca_set_uid (uid);	129	wydawca_set_privs (uid, gid);
130	if (rc)	130	if (rc)
131	{	131	{
132	free (dir);	132	free (dir);


diff --git a/src/triplet.c b/src/triplet.c index a79d28a..614e2b5 100644 --- a/src/triplet.c +++ b/src/triplet.c
@@ -199,10 +199,10 @@ triplet_processor (void data, void proc_data)
199	case triplet_complete:	199	case triplet_complete:
200	if (debug_level)	200	if (debug_level)
201	logmsg (LOG_DEBUG, _("processing triplet `%s'"), trp->name);	201	logmsg (LOG_DEBUG, _("processing triplet `%s'"), trp->name);
202	if (wydawca_set_uid (TRIPLET_UID (trp)) == 0)	202	if (wydawca_set_triplet_privs (trp) == 0)
203	{	203	{
204	process_directives (trp, spool);	204	process_directives (trp, spool);
205	wydawca_set_uid (0);	205	wydawca_set_root_privs ();
206	}	206	}
207	return true;	207	return true;
208		208


diff --git a/src/verify.c b/src/verify.c index 522b865..d419df5 100644 --- a/src/verify.c +++ b/src/verify.c
@@ -101,10 +101,16 @@ check_access_rights (struct file_triplet trp, const struct spool spool,
101	const char *result;	101	const char *result;
102	struct metadef def[5];	102	struct metadef def[5];
103	void *md;	103	void *md;
104		104	struct group *grp;
		105
105	if (fill_project_name (trp))	106	if (fill_project_name (trp))
106	return 1;	107	return 1;
107		108	grp = getgrnam (trp->project);
		109	if (grp)
		110	trp->gid = grp->gr_gid;
		111	else
		112	logmsg (LOG_NOTICE, _("no such group: %s"), trp->project);
		113
108	if (debug_level)	114	if (debug_level)
109	logmsg (LOG_DEBUG, _("verifying access rights for user %s to project %s"),	115	logmsg (LOG_DEBUG, _("verifying access rights for user %s to project %s"),
110	user, trp->project);	116	user, trp->project);


diff --git a/src/wydawca.c b/src/wydawca.c index b121959..48c27e9 100644 --- a/src/wydawca.c +++ b/src/wydawca.c
@@ -265,7 +265,7 @@ collect_uids (int argc, char **argv)
265	}	265	}
266		266
267		267
268	int	268	static int
269	wydawca_set_uid (uid_t uid)	269	wydawca_set_uid (uid_t uid)
270	{	270	{
271	int rc;	271	int rc;
@@ -287,7 +287,7 @@ wydawca_set_uid (uid_t uid)
287	return rc;	287	return rc;
288	}	288	}
289		289
290	int	290	static int
291	wydawca_set_gid (gid_t gid)	291	wydawca_set_gid (gid_t gid)
292	{	292	{
293	int rc;	293	int rc;
@@ -309,6 +309,28 @@ wydawca_set_gid (gid_t gid)
309	return rc;	309	return rc;
310	}	310	}
311		311
		312	int
		313	wydawca_set_privs (uid_t uid, gid_t gid)
		314	{
		315	if (wydawca_set_gid (gid))
		316	return -1;
		317	if (wydawca_set_uid (uid))
		318	return -1;
		319	return 0;
		320	}
		321
		322	int
		323	wydawca_set_triplet_privs (struct file_triplet *trp)
		324	{
		325	return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp));
		326	}
		327
		328	int
		329	wydawca_set_root_privs ()
		330	{
		331	return wydawca_set_privs (0, 0);
		332	}
		333
312		334
313	char **x_argv;	335	char **x_argv;
314	extern int reconfigure;	336	extern int reconfigure;


diff --git a/src/wydawca.h b/src/wydawca.h index 863200f..f786271 100644 --- a/src/wydawca.h +++ b/src/wydawca.h
@@ -428,7 +428,9 @@ int process_directives (struct file_triplet *trp,
428		428
429	int enabled_spool_p (const struct spool *spool);	429	int enabled_spool_p (const struct spool *spool);
430		430
431	int wydawca_set_uid (uid_t uid);	431	int wydawca_set_privs (uid_t uid, gid_t gid);
		432	int wydawca_set_triplet_privs (struct file_triplet *trp);
		433	int wydawca_set_root_privs (void);
432		434
433		435
434	int parse_time_interval (const char str, time_t pint, const char **endp);	436	int parse_time_interval (const char str, time_t pint, const char **endp);