69 my_shutdown = TRUE; |
69 my_shutdown = TRUE; |
70 } |
70 } |
71 |
71 |
72 |
72 |
73 |
73 |
74 int server(void) { |
74 /** |
75 uid_t myuid; |
75 * @brief Drop privileges in a safe way. |
|
76 * @return 0 on success and -1 on failure. |
|
77 */ |
|
78 int drop_root_privileges(uid_t pw_uid, gid_t pw_gid, char *pw_dir) |
|
79 { |
|
80 // no need to "drop" the privileges that you don't have in the first place! |
|
81 if (getuid() == pw_uid && getgid() == pw_gid) { |
|
82 syslog(LOG_NOTICE, "No need to drop privileges"); |
|
83 } else { |
|
84 if (setgid(pw_gid) != 0) { |
|
85 syslog(LOG_NOTICE, "setgid: %s", strerror(errno)); |
|
86 return -1; |
|
87 } |
|
88 if (setuid(pw_uid) != 0) { |
|
89 syslog(LOG_NOTICE, "setgid: %s", strerror(errno)); |
|
90 return -1; |
|
91 } |
|
92 } |
|
93 |
|
94 /* Change to the home directory */ |
|
95 if (chdir(pw_dir) != 0) { |
|
96 syslog(LOG_NOTICE, "chdir(%s): %s", pw_dir, strerror(errno)); |
|
97 return -1; |
|
98 } |
|
99 |
|
100 /* check if we successfully dropped the root privileges */ |
|
101 if (setuid(0) == 0 || seteuid(0) == 0) { |
|
102 syslog(LOG_NOTICE, "could not drop root privileges!"); |
|
103 return -1; |
|
104 } |
|
105 |
|
106 syslog(LOG_NOTICE, "Privileges dropped to %d:%d", pw_uid, pw_gid); |
|
107 return 0; |
|
108 } |
|
109 |
|
110 |
|
111 |
|
112 int server(void) |
|
113 { |
76 struct passwd *mypwd; |
114 struct passwd *mypwd; |
77 int rc = 0; |
115 int rc = 0; |
78 char *tmppath = NULL; |
116 char *tmppath = NULL; |
79 |
117 |
80 myuid = getuid(); |
118 mypwd = getpwnam("brewery"); |
81 mypwd = getpwuid(myuid); |
|
82 if (mypwd == NULL) { |
119 if (mypwd == NULL) { |
83 fprintf(stderr, "[main] Could not find passwd entry\n"); |
120 fprintf(stderr, "[main] Could not find passwd entry\n"); |
84 return 1; |
121 return 1; |
85 } |
122 } |
86 |
123 |
87 Private_Path = xstrcpy(mypwd->pw_dir); |
124 Private_Path = xstrcpy(mypwd->pw_dir); |
88 Private_Path = xstrcat(Private_Path, (char *)"/.bms"); |
125 Private_Path = xstrcat(Private_Path, (char *)"/.bms"); |
|
126 |
|
127 if (drop_root_privileges(mypwd->pw_uid, mypwd->pw_gid, mypwd->pw_dir) < 0) { |
|
128 syslog(LOG_NOTICE, "Can't drop privileges"); |
|
129 return 1; |
|
130 } |
89 |
131 |
90 if (lockprog((char *)"bmsd")) { |
132 if (lockprog((char *)"bmsd")) { |
91 syslog(LOG_NOTICE, "Can't lock"); |
133 syslog(LOG_NOTICE, "Can't lock"); |
92 return 1; |
134 return 1; |
93 } |
135 } |