diff cinst/nssstore_linux.c @ 648:e41a2537b84d

Implement root installation We now iterate over all users that do not obviously have their login shell disabled and look for NSS directories in their home directory, dropping our privileges to do so.
author Andre Heinecke <andre.heinecke@intevation.de>
date Wed, 25 Jun 2014 12:44:47 +0200
parents 214bf504c54f
children 216a65d7fc4b
line wrap: on
line diff
--- a/cinst/nssstore_linux.c	Wed Jun 25 10:56:31 2014 +0200
+++ b/cinst/nssstore_linux.c	Wed Jun 25 12:44:47 2014 +0200
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <limits.h>
 #include <errno.h>
+#include <pwd.h>
 
 #include "nssstore.h"
 #include "logging.h"
@@ -158,15 +159,15 @@
   if (pid == (pid_t) 0)
     {
       /* Drop privileges */
-      if (setuid (uid) || setgid (gid))
+      if (setgid (gid) || setuid (uid))
         {
+          syslog_error_printf("Failed to drop privileges: %s", strerror(errno));
           exit(-1);
         }
 
       close (pipe_fd[1]);
       dup2 (pipe_fd[0], 0);
       close (pipe_fd[0]);
-      /* TODO find path based on current executable */
       execve (argv[0], argv, envp);
       exit (127);
     }
@@ -238,7 +239,8 @@
 int
 write_stores_nss (char **to_install, char **to_remove)
 {
-  uid_t my_uid = getuid();
+  struct passwd *usr_it = NULL;
+  uid_t my_uid = geteuid();
 
   if (my_uid != 0)
     {
@@ -269,8 +271,32 @@
 
       return 0;
     }
-  printf ("Installation as root is not yet implemented\n");
-  /* TODO root parse /etc/passwd for users with a home directory */
+
+  setpwent();
+
+  while ((usr_it = getpwent ()) != NULL)
+    {
+      /* Skip obvious system accounts */
+      if (strcmp(usr_it->pw_shell, "/usr/sbin/nologin") == 0 ||
+          strcmp(usr_it->pw_shell, "/bin/false") == 0)
+        {
+          continue;
+        }
+      /* A check if the home directory starts with /home might be
+         appropiate */
+      start_procces_for_user (to_install,
+                              to_remove,
+                              usr_it->pw_uid,
+                              usr_it->pw_gid,
+                              usr_it->pw_dir);
+
+    }
+
+  endpwent();
+
+  waitpid (-1, NULL, 0);
+
+  DEBUGPRINTF ("NSS installation done\n");
   return 0;
 }
 #endif

http://wald.intevation.org/projects/trustbridge/