aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNathan Holstein <nathan.holstein@gmail.com>2015-08-02 15:52:15 -0400
committerNathan Holstein <nathan.holstein@gmail.com>2015-08-05 08:58:17 -0400
commit815f1670961bee0f8104f87feae89835249d51a6 (patch)
tree25abe455868e05d290833e18beb760df675ccaf4
parent5747d4f7d6c30a021e86d5f8dd73f99f146b7ebf (diff)
downloadopendoas-815f1670961bee0f8104f87feae89835249d51a6.tar.gz
Implement the semantics of setusercontext().
-rw-r--r--libopenbsd/setusercontext.c37
1 files changed, 32 insertions, 5 deletions
diff --git a/libopenbsd/setusercontext.c b/libopenbsd/setusercontext.c
index 692b51a..7a477b6 100644
--- a/libopenbsd/setusercontext.c
+++ b/libopenbsd/setusercontext.c
@@ -1,15 +1,21 @@
/* Copyright 2015 Nathan Holstein */
+#include <sys/resource.h>
+#include <sys/stat.h>
+#include <sys/types.h>
#include <errno.h>
-#include <stdio.h>
+#include <pwd.h>
#include <stdlib.h>
+#include <unistd.h>
#include "openbsd.h"
int
-setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, unsigned int flags)
+setusercontext(login_cap_t *lc, struct passwd *pw, uid_t uid, unsigned int flags)
{
- if (lc != NULL || pwd == NULL ||
+ int ret;
+
+ if (lc != NULL || pw == NULL ||
(flags & ~(LOGIN_SETGROUP | LOGIN_SETPRIORITY |
LOGIN_SETRESOURCES | LOGIN_SETUMASK |
LOGIN_SETUSER)) != 0) {
@@ -17,8 +23,29 @@ setusercontext(login_cap_t *lc, struct passwd *pwd, uid_t uid, unsigned int flag
return -1;
}
- fprintf(stderr, "failing setusercontext() for %d\n", (int) uid);
+ if (flags & LOGIN_SETGROUP) {
+ if ((ret = setgid(pw->pw_gid)) != 0)
+ return ret;
+ if ((ret = initgroups(pw->pw_name, pw->pw_gid)) != 0)
+ return ret;
+ }
+
+ if (flags & LOGIN_SETPRIORITY) {
+ if ((ret = setpriority(PRIO_PROCESS, getpid(), 0)) != 0)
+ return ret;
+ if ((ret = setpriority(PRIO_USER, uid, 0)) != 0)
+ return ret;
+ }
+
+ if (flags & LOGIN_SETRESOURCES) {
+ }
+
+ if (flags & LOGIN_SETUMASK)
+ umask(S_IWGRP | S_IWOTH);
+
+ if (flags & LOGIN_SETUSER)
+ return setuid(uid);
- return -1;
+ return 0;
}