3 * Copyright 1998-2002 The OpenLDAP Foundation, All Rights Reserved.
4 * COPYING RESTRICTIONS APPLY, see COPYRIGHT file
6 /* user.c - set user id, group id and group access list
8 * Copyright 1999 by PM Lashley.
11 * Redistribution and use in source and binary forms are permitted only
12 * as authorized by the OpenLDAP Public License. A copy of this
13 * license is available at http://www.OpenLDAP.org/license.html or
14 * in file LICENSE in the top-level directory of the distribution.
19 #if defined(HAVE_SETUID) && defined(HAVE_SETGID)
23 #include <ac/stdlib.h>
33 #include <ac/unistd.h>
39 * Set real and effective user id and group id, and group access list
40 * The user and group arguments are freed.
44 slap_init_user( char *user, char *group )
48 int got_uid = 0, got_gid = 0;
52 if ( isdigit( (unsigned char) *user )) {
56 pwd = getpwuid( uid );
63 pwd = getpwnam( user );
67 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
68 "slap_init_user: No passwd entry for user %s\n",
71 Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n",
79 user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL);
94 if ( isdigit( (unsigned char) *group )) {
97 grp = getgrgid( gid );
101 grp = getgrnam( group );
107 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
108 "slap_init_user: No group entry for group %s\n", group));
110 Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n",
114 exit( EXIT_FAILURE );
122 if ( getuid() == 0 && initgroups( user, gid ) != 0 ) {
124 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
125 "slap_init_user: Could not set the group access (gid) list.\n" ));
127 Debug( LDAP_DEBUG_ANY,
128 "Could not set the group access (gid) list\n", 0, 0, 0 );
131 exit( EXIT_FAILURE );
141 if ( setgid( gid ) != 0 ) {
143 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
144 "slap_init_user: could not set real group id to %d\n", (int)gid));
146 Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n",
150 exit( EXIT_FAILURE );
153 if ( setegid( gid ) != 0 ) {
155 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
156 "slap_init_user: Could not set effective group id to %d\n",(int)gid));
158 Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n",
162 exit( EXIT_FAILURE );
168 if ( setuid( uid ) != 0 ) {
170 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
171 "slap_init_user: Could not set real user id to %d\n", (int)uid ));
173 Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n",
177 exit( EXIT_FAILURE );
180 if ( seteuid( uid ) != 0 ) {
182 LDAP_LOG(( "operation", LDAP_LEVEL_INFO,
183 "slap_init_user: Could not set effective user id to %d\n", (int)uid ));
185 Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n",
189 exit( EXIT_FAILURE );
195 #endif /* HAVE_PWD_H && HAVE_GRP_H */