opendoas

A portable version of the OpenBSD `doas` command
git clone https://pi.duncano.de/git/opendoas.git
Log | Files | Refs | README | LICENSE

commit 815f1670961bee0f8104f87feae89835249d51a6
parent 5747d4f7d6c30a021e86d5f8dd73f99f146b7ebf
Author: Nathan Holstein <nathan.holstein@gmail.com>
Date:   Sun,  2 Aug 2015 15:52:15 -0400

Implement the semantics of setusercontext().

Diffstat:
libopenbsd/setusercontext.c | 37++++++++++++++++++++++++++++++++-----
1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/libopenbsd/setusercontext.c b/libopenbsd/setusercontext.c @@ -1,15 +1,21 @@ /* Copyright 2015 Nathan Holstein */ +#include <sys/resource.h> +#include <sys/stat.h> +#include <sys/types.h> #include <errno.h> -#include <stdio.h> +#include <pwd.h> #include <stdlib.h> +#include <unistd.h> #include "openbsd.h" int -setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, unsigned int flags) +setusercontext(login_cap_t *lc, struct passwd *pw, uid_t uid, unsigned int flags) { - if (lc != NULL || pwd == NULL || + int ret; + + if (lc != NULL || pw == NULL || (flags & ~(LOGIN_SETGROUP | LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK | LOGIN_SETUSER)) != 0) { @@ -17,8 +23,29 @@ setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, unsigned int flag return -1; } - fprintf(stderr, "failing setusercontext() for %d\n", (int) uid); + if (flags & LOGIN_SETGROUP) { + if ((ret = setgid(pw->pw_gid)) != 0) + return ret; + if ((ret = initgroups(pw->pw_name, pw->pw_gid)) != 0) + return ret; + } + + if (flags & LOGIN_SETPRIORITY) { + if ((ret = setpriority(PRIO_PROCESS, getpid(), 0)) != 0) + return ret; + if ((ret = setpriority(PRIO_USER, uid, 0)) != 0) + return ret; + } + + if (flags & LOGIN_SETRESOURCES) { + } + + if (flags & LOGIN_SETUMASK) + umask(S_IWGRP | S_IWOTH); + + if (flags & LOGIN_SETUSER) + return setuid(uid); - return -1; + return 0; }