[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] fixed a bug in the id switching code -- setgid has to happe...
- To: or-cvs@freehaven.net
- Subject: [or-cvs] fixed a bug in the id switching code -- setgid has to happe...
- From: sah@seul.org (Steven Hazel)
- Date: Wed, 22 Oct 2003 07:21:33 -0400 (EDT)
- Delivered-to: archiver@seul.org
- Delivered-to: or-cvs-outgoing@seul.org
- Delivered-to: or-cvs@seul.org
- Delivery-date: Wed, 22 Oct 2003 07:21:53 -0400
- Reply-to: or-dev@freehaven.net
- Sender: owner-or-cvs@freehaven.net
Update of /home/or/cvsroot/src/common
In directory moria.mit.edu:/home/sah/tor/src/common
Modified Files:
util.h util.c
Log Message:
- fixed a bug in the id switching code -- setgid has to happen before
setuid, because after we setuid we don't have the priviledges we
need to setgid anymore, duh. merged switch_user() and
switch_group() into switch_id(), since that code has to be wound
together.
- return -1 from switch_id() if it's not defined to do anything else.
- moved daemoinize(), write_pidfile(), and switch_id() from main.c to
util.c
Index: util.h
===================================================================
RCS file: /home/or/cvsroot/src/common/util.h,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -d -r1.20 -r1.21
--- util.h 21 Oct 2003 09:48:58 -0000 1.20
+++ util.h 22 Oct 2003 11:21:29 -0000 1.21
@@ -64,6 +64,10 @@
const char *get_uname(void);
+void daemonize(void);
+void write_pidfile(char *filename);
+int switch_id(char *user, char *group);
+
/* For stupid historical reasons, windows sockets have an independent set of
* errnos which they use as the fancy strikes them.
*/
Index: util.c
===================================================================
RCS file: /home/or/cvsroot/src/common/util.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -d -r1.33 -r1.34
--- util.c 20 Oct 2003 20:19:56 -0000 1.33
+++ util.c 22 Oct 2003 11:21:29 -0000 1.34
@@ -547,3 +547,91 @@
return uname_result;
}
+void daemonize(void) {
+#ifndef MS_WINDOWS
+ /* Fork; parent exits. */
+ if (fork())
+ exit(0);
+
+ /* Create new session; make sure we never get a terminal */
+ setsid();
+ if (fork())
+ exit(0);
+
+ chdir("/");
+ umask(000);
+
+ fclose(stdin);
+ fclose(stdout);
+ fclose(stderr);
+#endif
+}
+
+void write_pidfile(char *filename) {
+#ifndef MS_WINDOWS
+ FILE *pidfile;
+
+ if ((pidfile = fopen(filename, "w")) == NULL) {
+ log_fn(LOG_WARN, "unable to open %s for writing: %s", filename,
+ strerror(errno));
+ } else {
+ fprintf(pidfile, "%d", getpid());
+ fclose(pidfile);
+ }
+#endif
+}
+
+int switch_id(char *user, char *group) {
+#ifndef MS_WINDOWS
+ int status;
+ struct passwd *pw = NULL;
+ struct group *gr = NULL;
+
+ if (user) {
+ pw = getpwnam(user);
+ if (pw == NULL) {
+ log_fn(LOG_ERR,"User '%s' not found.", user);
+ return -1;
+ }
+ }
+
+ /* switch the group first, while we still have the priveledges to do so */
+ if (group) {
+ gr = getgrnam(group);
+ if (gr == NULL) {
+ log_fn(LOG_ERR,"Group '%s' not found.", group);
+ return -1;
+ }
+
+ status = setgid(gr->gr_gid);
+ if (status != 0) {
+ log_fn(LOG_ERR,"Error setting GID: %s", strerror(errno));
+ return -1;
+ }
+ } else if (user) {
+ status = setgid(pw->pw_gid);
+ if (status != 0) {
+ log_fn(LOG_ERR,"Error setting GID: %s", strerror(errno));
+ return -1;
+ }
+ }
+
+ /* now that the group is switched, we can switch users and lose
+ priviledges */
+ if (user) {
+ status = setuid(pw->pw_uid);
+ if (status != 0) {
+ log_fn(LOG_ERR,"Error setting UID: %s", strerror(errno));
+ return -1;
+ }
+ }
+
+ return 0;
+#endif
+
+ log_fn(LOG_ERR,
+ "User '%s' specified, but switching users is not supported.",
+ user);
+
+ return -1;
+}