server, common: Split more code into utilities.

  * Move mystrieq to server/servutil.c where it belongs.

  * Move code to resolve user and group names, and to set user and
    group, into common/util.c where the client can get at it.  (This
    will eventually be useful for privilege separation.)

diff --git a/common/util.c b/common/util.c
index d78dd78d032a3a587fce1dc2b9adb75dc6e3f15c..92b9853d2cb789e3e7fdd0ace0ec2adef7d0a190 100644 (file)
--- a/common/util.c
+++ b/common/util.c
@@ -31,7 +31,14 @@
 #include <stdlib.h>
 #include <string.h>
 
 #include <stdlib.h>
 #include <string.h>
 

+#include <sys/types.h>
+#include <unistd.h>
+
+#include <pwd.h>
+#include <grp.h>
+

 #include <mLib/dstr.h>
 #include <mLib/dstr.h>

+#include <mLib/report.h>

 
 #include "util.h"
 
 
 #include "util.h"
 


@@ -65,4 +72,83 @@ void u_quotify(dstr *d, const char *p)
   }
 }
 
   }
 }
 

+/* --- @u_getuser@ --- *
+ *
+ * Arguments:  @const char *name@ = user name or id requested
+ *             @gid_t *gg@ = where to store corresponding gid
+ *
+ * Returns:    Corresponding uid.
+ *
+ * Use:                Resolves a user name into a uid.  Dies on failure; suitable
+ *             for use in argument parsing.
+ */
+
+uid_t u_getuser(const char *name, gid_t *gg)
+{
+  struct passwd *pw;
+  char *p;
+  unsigned long i = strtoul(name, &p, 0);
+
+  if (!*p)
+    pw = getpwuid(i);
+  else
+    pw = getpwnam(name);
+  if (!pw)
+    die(EXIT_FAILURE, "user `%s' not found", name);
+  if (gg && *gg == -1)
+    *gg = pw->pw_gid;
+  return (pw->pw_uid);
+}
+
+/* --- @u_getgroup@ --- *
+ *
+ * Arguments:  @const char *name@ = user name or id requested
+ *
+ * Returns:    Corresponding gid.
+ *
+ * Use:                Resolves a group name into a gid.  Dies on failure; suitable
+ *             for use in argument parsing.
+ */
+
+gid_t u_getgroup(const char *name)
+{
+  struct group *gr;
+  char *p;
+  unsigned long i = strtoul(name, &p, 0);
+
+  if (!*p)
+    gr = getgrgid(i);
+  else
+    gr = getgrnam(name);
+  if (!gr)
+    die(EXIT_FAILURE, "group `%s' not found", name);
+  return (gr->gr_gid);
+}
+
+/* --- @u_setugid@ --- *
+ *
+ * Arguments:  @uid_t u@ = user to set
+ *             @gid_t g@ = group to set
+ *
+ * Returns:    ---
+ *
+ * Use:                Sets user and group to the given values; aborts on failure.
+ */
+
+void u_setugid(uid_t u, gid_t g)
+{
+  if (g != (gid_t)-1) {
+    if (setgid(g) || (getuid() == 0 && setgroups(1, &g))) {
+      die(EXIT_FAILURE, "couldn't setgid to %u: %s",
+         (unsigned)g, strerror(errno));
+    }
+  }
+  if (u != (uid_t)-1) {
+    if (setuid(u)) {
+      die(EXIT_FAILURE, "couldn't setuid to %u: %s",
+         (unsigned)u, strerror(errno));
+    }
+  }
+}
+

 /*----- That's all, folks -------------------------------------------------*/
 /*----- That's all, folks -------------------------------------------------*/

diff --git a/common/util.h b/common/util.h
index aaef36f3ef5e1f3be478ab635a7ad8b5b311bc6f..1928c0428770a29607fa0377190aa66bdae54676 100644 (file)
--- a/common/util.h
+++ b/common/util.h
@@ -27,6 +27,12 @@
 #ifndef UTIL_H
 #define UTIL_H
 
 #ifndef UTIL_H
 #define UTIL_H
 

+#ifndef CONFIG_H
+#  include "config.h"
+#endif
+
+#include <sys/types.h>
+

 #ifdef __cplusplus
   extern "C" {
 #endif
 #ifdef __cplusplus
   extern "C" {
 #endif


@@ -46,6 +52,43 @@
 
 extern void u_quotify(dstr */*d*/, const char */*p*/);
 
 
 extern void u_quotify(dstr */*d*/, const char */*p*/);
 

+/* --- @u_getuser@ --- *
+ *
+ * Arguments:  @const char *name@ = user name or id requested
+ *             @gid_t *gg@ = where to store corresponding gid
+ *
+ * Returns:    Corresponding uid.
+ *
+ * Use:                Resolves a user name into a uid.  Dies on failure; suitable
+ *             for use in argument parsing.
+ */
+
+extern uid_t u_getuser(const char */*name*/, gid_t */*gg*/);
+
+/* --- @u_getgroup@ --- *
+ *
+ * Arguments:  @const char *name@ = user name or id requested
+ *
+ * Returns:    Corresponding gid.
+ *
+ * Use:                Resolves a group name into a gid.  Dies on failure; suitable
+ *             for use in argument parsing.
+ */
+
+extern gid_t u_getgroup(const char */*name*/);
+
+/* --- @u_setugid@ --- *
+ *
+ * Arguments:  @uid_t u@ = user to set
+ *             @gid_t g@ = group to set
+ *
+ * Returns:    ---
+ *
+ * Use:                Sets user and group to the given values; aborts on failure.
+ */
+
+extern void u_setugid(uid_t /*u*/, gid_t /*g*/);
+

 /*----- That's all, folks -------------------------------------------------*/
 
 #ifdef __cplusplus
 /*----- That's all, folks -------------------------------------------------*/
 
 #ifdef __cplusplus

diff --git a/server/servutil.c b/server/servutil.c
index c95b23fd26ee4bf8c1a52697acf0a00d8151c7ac..1f6301a4d14171e7928ddcf71151ede24b761c6e 100644 (file)
--- a/server/servutil.c
+++ b/server/servutil.c
@@ -89,6 +89,23 @@ const char *timestr(time_t t)
   return ((const char *)buf_t);
 }
 
   return ((const char *)buf_t);
 }
 

+/* --- @mystrieq@ --- *
+ *
+ * Arguments:  @const char *x, *y@ = two strings
+ *
+ * Returns:    True if @x@ and @y are equal, up to case.
+ */
+
+int mystrieq(const char *x, const char *y)
+{
+  for (;;) {
+    if (!*x && !*y) return (1);
+    if (tolower((unsigned char)*x) != tolower((unsigned char)*y))
+      return (0);
+    x++; y++;
+  }
+}
+

 /* --- @seq_reset@ --- *
  *
  * Arguments:  @seqwin *s@ = sequence-checking window
 /* --- @seq_reset@ --- *
  *
  * Arguments:  @seqwin *s@ = sequence-checking window

diff --git a/server/tripe.c b/server/tripe.c
index 280878c979b844180ced472218185591c7a2d050..60ab4fd883339492dc2679c2c3be749000d2709e 100644 (file)
--- a/server/tripe.c
+++ b/server/tripe.c
@@ -60,23 +60,6 @@ static void interval(struct timeval *tv, void *v)
   sel_addtimer(&sel, &it, &tvv, interval, v);
 }
 
   sel_addtimer(&sel, &it, &tvv, interval, v);
 }
 

-/* --- @mystrieq@ --- *
- *
- * Arguments:  @const char *x, *y@ = two strings
- *
- * Returns:    True if @x@ and @y are equal, up to case.
- */
-
-int mystrieq(const char *x, const char *y)
-{
-  for (;;) {
-    if (!*x && !*y) return (1);
-    if (tolower((unsigned char)*x) != tolower((unsigned char)*y))
-      return (0);
-    x++; y++;
-  }
-}
-

 /* --- @main@ --- *
  *
  * Arguments:  @int argc@ = number of command line arguments
 /* --- @main@ --- *
  *
  * Arguments:  @int argc@ = number of command line arguments


@@ -200,32 +183,12 @@ int main(int argc, char *argv[])
       case 'D':
        f |= f_daemon;
        break;
       case 'D':
        f |= f_daemon;
        break;

-      case 'U': {
-       struct passwd *pw;
-       char *p;
-       unsigned long i = strtoul(optarg, &p, 0);
-       if (!*p)
-         pw = getpwuid(i);
-       else
-         pw = getpwnam(optarg);
-       if (!pw)
-         die(EXIT_FAILURE, "user `%s' not found", optarg);
-       u = pw->pw_uid;
-       if (g == -1)
-         g = pw->pw_gid;
-      } break;
-      case 'G': {
-       struct group *gr;
-       char *p;
-       unsigned long i = strtoul(optarg, &p, 0);
-       if (!*p)
-         gr = getgrgid(i);
-       else
-         gr = getgrnam(optarg);
-       if (!gr)
-         die(EXIT_FAILURE, "group `%s' not found", optarg);
-       g = gr->gr_gid;
-      } break;
+      case 'U':
+       u = u_getuser(optarg, &g);
+       break;
+      case 'G':
+       g = u_getgroup(optarg);
+       break;

 
       case 'b': {
        struct hostent *h = gethostbyname(optarg);
 
       case 'b': {
        struct hostent *h = gethostbyname(optarg);


@@ -314,18 +277,7 @@ int main(int argc, char *argv[])
     a_create(STDIN_FILENO, STDOUT_FILENO, AF_WARN);
 #endif
   }
     a_create(STDIN_FILENO, STDOUT_FILENO, AF_WARN);
 #endif
   }

-  if (g != (gid_t)-1) {
-    if (setgid(g) || (getuid() == 0 && setgroups(1, &g))) {
-      die(EXIT_FAILURE, "couldn't setgid to %u: %s",
-         (unsigned)g, strerror(errno));
-    }
-  }
-  if (u != (uid_t)-1) {
-    if (setuid(u)) {
-      die(EXIT_FAILURE, "couldn't setuid to %u: %s",
-         (unsigned)u, strerror(errno));
-    }
-  }
+  u_setugid(u, g);

   km_init(kr_priv, kr_pub, tag_priv);
   a_init(csock);
   if (f & f_daemon) {
   km_init(kr_priv, kr_pub, tag_priv);
   a_init(csock);
   if (f & f_daemon) {