X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=servers%2Fslapd%2Fuser.c;h=2613fbcfa42c8095cf77714973a2a3acd4d888d6;hb=00ac49a1fd4edff795faf81ed890774ca0bdbf58;hp=e7d7252e01394f2af3dcc443f229b037bcb4e12e;hpb=9ebd9a02892b0233080df2c2b435930b3b9f683b;p=openldap diff --git a/servers/slapd/user.c b/servers/slapd/user.c index e7d7252e01..2613fbcfa4 100644 --- a/servers/slapd/user.c +++ b/servers/slapd/user.c @@ -1,6 +1,10 @@ +/* + * Copyright 1998-1999 The OpenLDAP Foundation, All Rights Reserved. + * COPYING RESTRICTIONS APPLY, see COPYRIGHT file + */ /* user.c - set user id, group id and group access list * - * Copyright 1999 by PM Lashley and The OpenLDAP Foundation. + * Copyright 1999 by PM Lashley. * All rights reserved. * * Redistribution and use in source and binary forms are permitted only @@ -11,12 +15,18 @@ #include "portable.h" -#if defined(HAVE_PWD_H) && defined(HAVE_GRP_H) +#if defined(HAVE_SETUID) && defined(HAVE_SETGID) #include -#include + +#include + +#ifdef HAVE_PWD_H #include +#endif +#ifdef HAVE_GRP_H #include +#endif #include #include @@ -26,21 +36,27 @@ /* * Set real and effective user id and group id, and group access list + * The user and group arguments are freed. */ void slap_init_user( char *user, char *group ) { - uid_t uid = (gid_t) -1; - gid_t gid = (gid_t) -1; + uid_t uid; + gid_t gid; + int got_uid = 0, got_gid = 0; if ( user ) { struct passwd *pwd; if ( isdigit( (unsigned char) *user )) { + got_uid = 1; uid = atoi( user ); #ifdef HAVE_GETPWUID pwd = getpwuid( uid ); goto did_getpw; +#else + free( user ); + user = NULL; #endif } else { pwd = getpwnam( user ); @@ -48,14 +64,16 @@ slap_init_user( char *user, char *group ) if ( pwd == NULL ) { Debug( LDAP_DEBUG_ANY, "No passwd entry for user %s\n", user, 0, 0 ); - exit( 1 ); + exit( EXIT_FAILURE ); } - if ( uid >= 0 ) { + if ( got_uid ) { free( user ); user = (pwd != NULL ? ch_strdup( pwd->pw_name ) : NULL); } else { + got_uid = 1; uid = pwd->pw_uid; } + got_gid = 1; gid = pwd->pw_gid; #ifdef HAVE_ENDPWENT endpwent(); @@ -79,17 +97,18 @@ slap_init_user( char *user, char *group ) if ( grp == NULL ) { Debug( LDAP_DEBUG_ANY, "No group entry for group %s\n", group, 0, 0 ); - exit( 1 ); + exit( EXIT_FAILURE ); } } free( group ); + got_gid = 1; } if ( user ) { if ( getuid() == 0 && initgroups( user, gid ) != 0 ) { Debug( LDAP_DEBUG_ANY, "Could not set the group access (gid) list\n", 0, 0, 0 ); - exit( 1 ); + exit( EXIT_FAILURE ); } free( user ); } @@ -98,30 +117,34 @@ slap_init_user( char *user, char *group ) endgrent(); #endif - if ( gid >= 0 ) { + if ( got_gid ) { if ( setgid( gid ) != 0 ) { Debug( LDAP_DEBUG_ANY, "Could not set real group id to %d\n", gid, 0, 0 ); - exit( 1 ); + exit( EXIT_FAILURE ); } +#ifdef HAVE_SETEGID if ( setegid( gid ) != 0 ) { Debug( LDAP_DEBUG_ANY, "Could not set effective group id to %d\n", gid, 0, 0 ); - exit( 1 ); + exit( EXIT_FAILURE ); } +#endif } - if ( uid >= 0 ) { + if ( got_uid ) { if ( setuid( uid ) != 0 ) { - Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n", + Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n", uid, 0, 0 ); - exit( 1 ); + exit( EXIT_FAILURE ); } +#ifdef HAVE_SETEUID if ( seteuid( uid ) != 0 ) { - Debug( LDAP_DEBUG_ANY, "Could not set real user id to %d\n", + Debug( LDAP_DEBUG_ANY, "Could not set effective user id to %d\n", uid, 0, 0 ); - exit( 1 ); + exit( EXIT_FAILURE ); } +#endif } }