2 Unix SMB/CIFS implementation.
3 run a command as a specified user
4 Copyright (C) Andrew Tridgell 1992-1998
6 This program is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 2 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program; if not, write to the Free Software
18 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 modified for netatalk dgautheron@magic.fr
25 #endif /* HAVE_CONFIG_H */
30 #include <sys/types.h>
36 #ifdef HAVE_SYS_WAIT_H
40 #include <sys/param.h>
44 #define USE_SETRESUID 1
47 #include <atalk/logger.h>
49 /**************************************************************************n
50 Find a suitable temporary directory. The result should be copied immediately
51 as it may be overwritten by a subsequent call.
52 ****************************************************************************/
54 static const char *tmpdir(void)
58 if ((p = getenv("TMPDIR")))
63 /****************************************************************************
64 This is a utility function of afprun().
65 ****************************************************************************/
67 static int setup_out_fd(void)
70 char path[MAXPATHLEN +1];
72 snprintf(path, sizeof(path)-1, "%s/afp.XXXXXX", tmpdir());
74 /* now create the file */
78 LOG(log_error, logtype_afpd, "setup_out_fd: Failed to create file %s. (%s)\n",path, strerror(errno) );
82 /* Ensure file only kept around by open fd. */
87 /****************************************************************************
88 Gain root privilege before doing something.
89 We want to end up with ruid==euid==0
90 ****************************************************************************/
91 static void gain_root_privilege(void)
96 /****************************************************************************
97 Ensure our real and effective groups are zero.
98 we want to end up with rgid==egid==0
99 ****************************************************************************/
100 static void gain_root_group_privilege(void)
105 /****************************************************************************
106 Become the specified uid and gid - permanently !
107 there should be no way back if possible
108 ****************************************************************************/
109 static void become_user_permanently(uid_t uid, gid_t gid)
112 * First - gain root privilege. We do this to ensure
113 * we can lose it again.
116 gain_root_privilege();
117 gain_root_group_privilege();
120 setresgid(gid,gid,gid);
122 setresuid(uid,uid,uid);
142 setgidx(ID_REAL, gid);
143 setgidx(ID_EFFECTIVE, gid);
145 setuidx(ID_REAL, uid);
146 setuidx(ID_EFFECTIVE, uid);
151 /****************************************************************************
152 run a command being careful about uid/gid handling and putting the output in
153 outfd (or discard it if outfd is NULL).
154 ****************************************************************************/
156 int afprun(int root, char *cmd, int *outfd)
159 uid_t uid = geteuid();
160 gid_t gid = getegid();
162 /* point our stdout at the file we want output to go into */
163 if (outfd && ((*outfd = setup_out_fd()) == -1)) {
166 LOG(log_debug, logtype_afpd, "running %s as user %d", cmd, root?0:uid);
167 /* in this method we will exec /bin/sh with the correct
168 arguments, after first setting stdout to point at the file */
170 if ((pid=fork()) < 0) {
171 LOG(log_error, logtype_afpd, "afprun: fork failed with error %s\n", strerror(errno) );
186 /* the parent just waits for the child to exit */
187 while((wpid = waitpid(pid,&status,0)) < 0) {
188 if (errno == EINTR) {
195 LOG(log_error, logtype_afpd, "waitpid(%d) : %s\n",(int)pid, strerror(errno) );
202 /* Reset the seek pointer. */
204 lseek(*outfd, 0, SEEK_SET);
207 #if defined(WIFEXITED) && defined(WEXITSTATUS)
208 if (WIFEXITED(status)) {
209 return WEXITSTATUS(status);
215 /* we are in the child. we exec /bin/sh to do the work for us. we
216 don't directly exec the command we want because it may be a
217 pipeline or anything else the config file specifies */
219 /* point our stdout at the file we want output to go into */
222 if (dup2(*outfd,1) != 1) {
223 LOG(log_error, logtype_afpd, "Failed to create stdout file descriptor\n");
228 /* now completely lose our privileges. This is a fairly paranoid
229 way of doing it, but it does work on all systems that I know of */
231 become_user_permanently(0, 0);
235 become_user_permanently(uid, gid);
237 if (getuid() != uid || geteuid() != uid || getgid() != gid || getegid() != gid) {
238 /* we failed to lose our privileges - do not execute the command */
239 exit(81); /* we can't print stuff at this stage, instead use exit codes for debugging */
242 /* close all other file descriptors, leaving only 0, 1 and 2. 0 and
243 2 point to /dev/null from the startup code */
246 for (fd=3;fd<256;fd++) close(fd);
249 execl("/bin/sh","sh","-c",cmd,NULL);
projects / netatalk.git / blob