# HG changeset patch # User Andre Heinecke # Date 1403693087 -7200 # Node ID e41a2537b84d7a93abc36960541484c6e7ef90e1 # Parent 51830f4912c29a067f9d6977c410221c9c13ca99 Implement root installation We now iterate over all users that do not obviously have their login shell disabled and look for NSS directories in their home directory, dropping our privileges to do so. diff -r 51830f4912c2 -r e41a2537b84d cinst/nssstore_linux.c --- a/cinst/nssstore_linux.c Wed Jun 25 10:56:31 2014 +0200 +++ b/cinst/nssstore_linux.c Wed Jun 25 12:44:47 2014 +0200 @@ -20,6 +20,7 @@ #include #include #include +#include #include "nssstore.h" #include "logging.h" @@ -158,15 +159,15 @@ if (pid == (pid_t) 0) { /* Drop privileges */ - if (setuid (uid) || setgid (gid)) + if (setgid (gid) || setuid (uid)) { + syslog_error_printf("Failed to drop privileges: %s", strerror(errno)); exit(-1); } close (pipe_fd[1]); dup2 (pipe_fd[0], 0); close (pipe_fd[0]); - /* TODO find path based on current executable */ execve (argv[0], argv, envp); exit (127); } @@ -238,7 +239,8 @@ int write_stores_nss (char **to_install, char **to_remove) { - uid_t my_uid = getuid(); + struct passwd *usr_it = NULL; + uid_t my_uid = geteuid(); if (my_uid != 0) { @@ -269,8 +271,32 @@ return 0; } - printf ("Installation as root is not yet implemented\n"); - /* TODO root parse /etc/passwd for users with a home directory */ + + setpwent(); + + while ((usr_it = getpwent ()) != NULL) + { + /* Skip obvious system accounts */ + if (strcmp(usr_it->pw_shell, "/usr/sbin/nologin") == 0 || + strcmp(usr_it->pw_shell, "/bin/false") == 0) + { + continue; + } + /* A check if the home directory starts with /home might be + appropiate */ + start_procces_for_user (to_install, + to_remove, + usr_it->pw_uid, + usr_it->pw_gid, + usr_it->pw_dir); + + } + + endpwent(); + + waitpid (-1, NULL, 0); + + DEBUGPRINTF ("NSS installation done\n"); return 0; } #endif