* userv - process.c
* daemon code to process one request (is parent of service process)
*
- * Copyright (C)1996-1997 Ian Jackson
+ * Copyright (C)1996-1999 Ian Jackson
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by
#include <ctype.h>
#include <limits.h>
#include <sys/wait.h>
-#include <sys/types.h>
+#include <sys/time.h>
+#include <sys/resource.h>
#include <sys/fcntl.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include "config.h"
#include "common.h"
+#include "both.h"
#include "daemon.h"
#include "lib.h"
#include "tokens.h"
int restfdwantstate= tokv_word_rejectfd, restfdwantrw;
int service_ngids;
char **argarray;
-char *serviceuser, *service, *logname, *cwd;
+char *serviceuser, *service, *loginname, *cwd;
char *overridedata, *userrcfile;
char *serviceuser_dir, *serviceuser_shell, *callinguser_shell;
gid_t *calling_gids, *service_gids;
static void xfread(void *p, size_t sz) {
size_t nr;
- nr= fread(p,1,sz,srfile); if (nr == sz) return;
+ nr= working_fread(p,sz,srfile); if (nr == sz) return;
if (ferror(srfile)) syscallerror("reading from client");
blocksignals();
assert(feof(srfile));
serviceuser= xfreadsetstring(request_mbuf.serviceuserlen);
service= xfreadsetstring(request_mbuf.servicelen);
assert(request_mbuf.spoofed==0 || request_mbuf.spoofed==1);
- logname= xfreadsetstring(request_mbuf.lognamelen);
+ loginname= xfreadsetstring(request_mbuf.loginnamelen);
cwd= xfreadsetstring(request_mbuf.cwdlen);
if (request_mbuf.overridelen >= 0) {
assert(request_mbuf.overridelen <= MAX_OVERRIDE_LEN);
static void lookup_uidsgids(void) {
struct passwd *pw;
- pw= getpwnam(logname);
+ pw= getpwnam(loginname);
if (!pw) miscerror("look up calling user");
- assert(!strcmp(pw->pw_name,logname));
+ assert(!strcmp(pw->pw_name,loginname));
callinguser_shell= xstrsave(pw->pw_shell);
pw= getpwnam(serviceuser);
serviceuser_shell= xstrsave(pw->pw_shell);
serviceuser_uid= pw->pw_uid;
+ if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 1");
if (initgroups(pw->pw_name,pw->pw_gid)) syscallerror("initgroups");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 1");
if (setreuid(pw->pw_uid,pw->pw_uid)) syscallerror("setreuid 2");
if (!setreuid(pw->pw_uid,0)) miscerror("setreuid 3 unexpectedly succeeded");
if (errno != EPERM) syscallerror("setreuid 3 failed in unexpected way");
}
+ if (setregid(pw->pw_gid,pw->pw_gid)) syscallerror("setregid 2");
service_ngids= getgroups(0,0); if (service_ngids == -1) syscallerror("getgroups(0,0)");
if (service_ngids > MAX_GIDS) miscerror("service user is in far too many groups");
if (fdarray[fd].holdfd != -1) {
if (close(fdarray[fd].holdfd))
syscallfailure("close unwanted hold descriptor for %d",fd);
+ fdarray[fd].holdfd= -1;
}
}
}
debug_dumprequest(mypid);
syslog(LOG_INFO,"%s %s -> %s %c %s",
request_mbuf.spoofed ? "spoof" : "user",
- logname, serviceuser, overridedata?'!':':', service);
+ loginname, serviceuser, overridedata?'!':':', service);
if (overridedata)
r= parse_string(TOPLEVEL_OVERRIDDEN_CONFIGURATION,