diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-02-25 22:51:33 +0200 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2009-02-25 22:51:33 +0200 |
commit | 2e027ea167726a3af7d9db366acef266752c6b1b (patch) | |
tree | d71b14fc10bc55d887e855c8c4e1283fadbd8025 | |
parent | 27d1256d331d45bf68d96e9a8aa8175df2584978 (diff) | |
download | wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.gz wydawca-2e027ea167726a3af7d9db366acef266752c6b1b.tar.bz2 |
Fix privilege selection
-rw-r--r-- | src/directive.c | 4 | ||||
-rw-r--r-- | src/diskio.c | 4 | ||||
-rw-r--r-- | src/triplet.c | 4 | ||||
-rw-r--r-- | src/verify.c | 10 | ||||
-rw-r--r-- | src/wydawca.c | 26 | ||||
-rw-r--r-- | src/wydawca.h | 4 |
6 files changed, 41 insertions, 11 deletions
diff --git a/src/directive.c b/src/directive.c index ccea1ef..2915fee 100644 --- a/src/directive.c +++ b/src/directive.c @@ -337,9 +337,9 @@ process_directives (struct file_triplet *trp, const struct spool *spool) break; case filename_dir: - wydawca_set_uid (0); + wydawca_set_root_privs (); rc = verify_detached_signature (trp, spool); - wydawca_set_uid (TRIPLET_UID (trp)); + wydawca_set_triplet_privs (trp); if (rc == 0) { if (move_file (trp, spool, file_dist, relative_dir) diff --git a/src/diskio.c b/src/diskio.c index c068e49..fbd1050 100644 --- a/src/diskio.c +++ b/src/diskio.c @@ -124,9 +124,9 @@ create_directory (const char *base, const char *name, uid_t uid, gid_t gid) if (!dry_run_mode) { int rc; - wydawca_set_uid (0); + wydawca_set_root_privs (); rc = create_hierarchy (dir, baselen, uid, gid); - wydawca_set_uid (uid); + wydawca_set_privs (uid, gid); if (rc) { free (dir); diff --git a/src/triplet.c b/src/triplet.c index a79d28a..614e2b5 100644 --- a/src/triplet.c +++ b/src/triplet.c @@ -199,10 +199,10 @@ triplet_processor (void *data, void *proc_data) case triplet_complete: if (debug_level) logmsg (LOG_DEBUG, _("processing triplet `%s'"), trp->name); - if (wydawca_set_uid (TRIPLET_UID (trp)) == 0) + if (wydawca_set_triplet_privs (trp) == 0) { process_directives (trp, spool); - wydawca_set_uid (0); + wydawca_set_root_privs (); } return true; diff --git a/src/verify.c b/src/verify.c index 522b865..d419df5 100644 --- a/src/verify.c +++ b/src/verify.c @@ -101,10 +101,16 @@ check_access_rights (struct file_triplet *trp, const struct spool *spool, const char *result; struct metadef def[5]; void *md; - + struct group *grp; + if (fill_project_name (trp)) return 1; - + grp = getgrnam (trp->project); + if (grp) + trp->gid = grp->gr_gid; + else + logmsg (LOG_NOTICE, _("no such group: %s"), trp->project); + if (debug_level) logmsg (LOG_DEBUG, _("verifying access rights for user %s to project %s"), user, trp->project); diff --git a/src/wydawca.c b/src/wydawca.c index b121959..48c27e9 100644 --- a/src/wydawca.c +++ b/src/wydawca.c @@ -265,7 +265,7 @@ collect_uids (int argc, char **argv) } -int +static int wydawca_set_uid (uid_t uid) { int rc; @@ -287,7 +287,7 @@ wydawca_set_uid (uid_t uid) return rc; } -int +static int wydawca_set_gid (gid_t gid) { int rc; @@ -309,6 +309,28 @@ wydawca_set_gid (gid_t gid) return rc; } +int +wydawca_set_privs (uid_t uid, gid_t gid) +{ + if (wydawca_set_gid (gid)) + return -1; + if (wydawca_set_uid (uid)) + return -1; + return 0; +} + +int +wydawca_set_triplet_privs (struct file_triplet *trp) +{ + return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp)); +} + +int +wydawca_set_root_privs () +{ + return wydawca_set_privs (0, 0); +} + char **x_argv; extern int reconfigure; diff --git a/src/wydawca.h b/src/wydawca.h index 863200f..f786271 100644 --- a/src/wydawca.h +++ b/src/wydawca.h @@ -428,7 +428,9 @@ int process_directives (struct file_triplet *trp, int enabled_spool_p (const struct spool *spool); -int wydawca_set_uid (uid_t uid); +int wydawca_set_privs (uid_t uid, gid_t gid); +int wydawca_set_triplet_privs (struct file_triplet *trp); +int wydawca_set_root_privs (void); int parse_time_interval (const char *str, time_t *pint, const char **endp); |