aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSergey Poznyakoff <gray@gnu.org.ua>2009-02-25 22:51:33 +0200
committerSergey Poznyakoff <gray@gnu.org.ua>2009-02-25 22:51:33 +0200
commit2e027ea167726a3af7d9db366acef266752c6b1b (patch)
treed71b14fc10bc55d887e855c8c4e1283fadbd8025 /src
parent27d1256d331d45bf68d96e9a8aa8175df2584978 (diff)
downloadwydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.gz
wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.bz2
Fix privilege selection
Diffstat (limited to 'src')
-rw-r--r--src/directive.c4
-rw-r--r--src/diskio.c4
-rw-r--r--src/triplet.c4
-rw-r--r--src/verify.c10
-rw-r--r--src/wydawca.c26
-rw-r--r--src/wydawca.h4
6 files changed, 41 insertions, 11 deletions
diff --git a/src/directive.c b/src/directive.c
index ccea1ef..2915fee 100644
--- a/src/directive.c
+++ b/src/directive.c
@@ -334,15 +334,15 @@ process_directives (struct file_triplet *trp, const struct spool *spool)
trp->file[file_directive].name, val);
return 1;
}
break;
case filename_dir:
- wydawca_set_uid (0);
+ wydawca_set_root_privs ();
rc = verify_detached_signature (trp, spool);
- wydawca_set_uid (TRIPLET_UID (trp));
+ wydawca_set_triplet_privs (trp);
if (rc == 0)
{
if (move_file (trp, spool, file_dist, relative_dir)
|| move_file (trp, spool, file_signature, relative_dir))
return 1;
}
diff --git a/src/diskio.c b/src/diskio.c
index c068e49..fbd1050 100644
--- a/src/diskio.c
+++ b/src/diskio.c
@@ -121,15 +121,15 @@ create_directory (const char *base, const char *name, uid_t uid, gid_t gid)
size_t baselen;
char *dir = concat_dir (base, name, &baselen);
if (!dry_run_mode)
{
int rc;
- wydawca_set_uid (0);
+ wydawca_set_root_privs ();
rc = create_hierarchy (dir, baselen, uid, gid);
- wydawca_set_uid (uid);
+ wydawca_set_privs (uid, gid);
if (rc)
{
free (dir);
dir = NULL;
}
}
diff --git a/src/triplet.c b/src/triplet.c
index a79d28a..614e2b5 100644
--- a/src/triplet.c
+++ b/src/triplet.c
@@ -196,16 +196,16 @@ triplet_processor (void *data, void *proc_data)
switch (check_triplet_state (trp))
{
case triplet_directive:
case triplet_complete:
if (debug_level)
logmsg (LOG_DEBUG, _("processing triplet `%s'"), trp->name);
- if (wydawca_set_uid (TRIPLET_UID (trp)) == 0)
+ if (wydawca_set_triplet_privs (trp) == 0)
{
process_directives (trp, spool);
- wydawca_set_uid (0);
+ wydawca_set_root_privs ();
}
return true;
case triplet_incomplete:
if (debug_level)
logmsg (LOG_DEBUG, _("%s: incomplete triplet"), trp->name);
diff --git a/src/verify.c b/src/verify.c
index 522b865..d419df5 100644
--- a/src/verify.c
+++ b/src/verify.c
@@ -98,16 +98,22 @@ check_access_rights (struct file_triplet *trp, const struct spool *spool,
struct access_method *method = spool->access_method[verify_method];
int rc;
char *command;
const char *result;
struct metadef def[5];
void *md;
-
+ struct group *grp;
+
if (fill_project_name (trp))
return 1;
-
+ grp = getgrnam (trp->project);
+ if (grp)
+ trp->gid = grp->gr_gid;
+ else
+ logmsg (LOG_NOTICE, _("no such group: %s"), trp->project);
+
if (debug_level)
logmsg (LOG_DEBUG, _("verifying access rights for user %s to project %s"),
user, trp->project);
md = method_open (method);
if (!md)
diff --git a/src/wydawca.c b/src/wydawca.c
index b121959..48c27e9 100644
--- a/src/wydawca.c
+++ b/src/wydawca.c
@@ -262,13 +262,13 @@ collect_uids (int argc, char **argv)
else
uidv[i] = pw->pw_uid;
}
}
-int
+static int
wydawca_set_uid (uid_t uid)
{
int rc;
if (getuid () != 0)
return 0;
@@ -284,13 +284,13 @@ wydawca_set_uid (uid_t uid)
if (rc < 0)
logmsg (LOG_ERR, _("cannot switch to UID %d: %s (r=%d, e=%d)"),
uid, strerror (errno), getuid (), geteuid ());
return rc;
}
-int
+static int
wydawca_set_gid (gid_t gid)
{
int rc;
if (getuid () != 0)
return 0;
@@ -306,12 +306,34 @@ wydawca_set_gid (gid_t gid)
if (rc < 0)
logmsg (LOG_ERR, _("cannot switch to GID %d: %s (r=%d, e=%d)"),
gid, strerror (errno), getgid (), getegid ());
return rc;
}
+int
+wydawca_set_privs (uid_t uid, gid_t gid)
+{
+ if (wydawca_set_gid (gid))
+ return -1;
+ if (wydawca_set_uid (uid))
+ return -1;
+ return 0;
+}
+
+int
+wydawca_set_triplet_privs (struct file_triplet *trp)
+{
+ return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp));
+}
+
+int
+wydawca_set_root_privs ()
+{
+ return wydawca_set_privs (0, 0);
+}
+
char **x_argv;
extern int reconfigure;
void
wydawca_daemon ()
diff --git a/src/wydawca.h b/src/wydawca.h
index 863200f..f786271 100644
--- a/src/wydawca.h
+++ b/src/wydawca.h
@@ -425,13 +425,15 @@ int directive_next (struct file_triplet *trp, int n,
const char **pkey, const char **pval);
int process_directives (struct file_triplet *trp,
const struct spool *spool);
int enabled_spool_p (const struct spool *spool);
-int wydawca_set_uid (uid_t uid);
+int wydawca_set_privs (uid_t uid, gid_t gid);
+int wydawca_set_triplet_privs (struct file_triplet *trp);
+int wydawca_set_root_privs (void);
int parse_time_interval (const char *str, time_t *pint, const char **endp);
/* config.c */

Return to:

Send suggestions and report system problems to the System administrator.