Mercurial > trustbridge
comparison cinst/nssstore_linux.c @ 648:e41a2537b84d
Implement root installation
We now iterate over all users that do not obviously have their
login shell disabled and look for NSS directories in their home
directory, dropping our privileges to do so.
| author | Andre Heinecke <andre.heinecke@intevation.de> |
|---|---|
| date | Wed, 25 Jun 2014 12:44:47 +0200 |
| parents | 214bf504c54f |
| children | 216a65d7fc4b |
comparison
equal
deleted
inserted
replaced
| 647:51830f4912c2 | 648:e41a2537b84d |
|---|---|
| 18 #include <sys/wait.h> | 18 #include <sys/wait.h> |
| 19 #include <string.h> | 19 #include <string.h> |
| 20 #include <stdlib.h> | 20 #include <stdlib.h> |
| 21 #include <limits.h> | 21 #include <limits.h> |
| 22 #include <errno.h> | 22 #include <errno.h> |
| 23 #include <pwd.h> | |
| 23 | 24 |
| 24 #include "nssstore.h" | 25 #include "nssstore.h" |
| 25 #include "logging.h" | 26 #include "logging.h" |
| 26 #include "strhelp.h" | 27 #include "strhelp.h" |
| 27 | 28 |
| 156 } | 157 } |
| 157 | 158 |
| 158 if (pid == (pid_t) 0) | 159 if (pid == (pid_t) 0) |
| 159 { | 160 { |
| 160 /* Drop privileges */ | 161 /* Drop privileges */ |
| 161 if (setuid (uid) || setgid (gid)) | 162 if (setgid (gid) || setuid (uid)) |
| 162 { | 163 { |
| 164 syslog_error_printf("Failed to drop privileges: %s", strerror(errno)); | |
| 163 exit(-1); | 165 exit(-1); |
| 164 } | 166 } |
| 165 | 167 |
| 166 close (pipe_fd[1]); | 168 close (pipe_fd[1]); |
| 167 dup2 (pipe_fd[0], 0); | 169 dup2 (pipe_fd[0], 0); |
| 168 close (pipe_fd[0]); | 170 close (pipe_fd[0]); |
| 169 /* TODO find path based on current executable */ | |
| 170 execve (argv[0], argv, envp); | 171 execve (argv[0], argv, envp); |
| 171 exit (127); | 172 exit (127); |
| 172 } | 173 } |
| 173 | 174 |
| 174 close (pipe_fd[0]); | 175 close (pipe_fd[0]); |
| 236 } | 237 } |
| 237 | 238 |
| 238 int | 239 int |
| 239 write_stores_nss (char **to_install, char **to_remove) | 240 write_stores_nss (char **to_install, char **to_remove) |
| 240 { | 241 { |
| 241 uid_t my_uid = getuid(); | 242 struct passwd *usr_it = NULL; |
| 243 uid_t my_uid = geteuid(); | |
| 242 | 244 |
| 243 if (my_uid != 0) | 245 if (my_uid != 0) |
| 244 { | 246 { |
| 245 /* Running as a user */ | 247 /* Running as a user */ |
| 246 char *homedir = getenv ("HOME"); | 248 char *homedir = getenv ("HOME"); |
| 267 return -1; | 269 return -1; |
| 268 } | 270 } |
| 269 | 271 |
| 270 return 0; | 272 return 0; |
| 271 } | 273 } |
| 272 printf ("Installation as root is not yet implemented\n"); | 274 |
| 273 /* TODO root parse /etc/passwd for users with a home directory */ | 275 setpwent(); |
| 276 | |
| 277 while ((usr_it = getpwent ()) != NULL) | |
| 278 { | |
| 279 /* Skip obvious system accounts */ | |
| 280 if (strcmp(usr_it->pw_shell, "/usr/sbin/nologin") == 0 || | |
| 281 strcmp(usr_it->pw_shell, "/bin/false") == 0) | |
| 282 { | |
| 283 continue; | |
| 284 } | |
| 285 /* A check if the home directory starts with /home might be | |
| 286 appropiate */ | |
| 287 start_procces_for_user (to_install, | |
| 288 to_remove, | |
| 289 usr_it->pw_uid, | |
| 290 usr_it->pw_gid, | |
| 291 usr_it->pw_dir); | |
| 292 | |
| 293 } | |
| 294 | |
| 295 endpwent(); | |
| 296 | |
| 297 waitpid (-1, NULL, 0); | |
| 298 | |
| 299 DEBUGPRINTF ("NSS installation done\n"); | |
| 274 return 0; | 300 return 0; |
| 275 } | 301 } |
| 276 #endif | 302 #endif |