[PATCH 3 of 3] Implement root installation

Wald Commits scm-commit at wald.intevation.org
Wed Jun 25 12:46:05 CEST 2014


# HG changeset patch
# User Andre Heinecke <andre.heinecke at intevation.de>
# Date 1403693087 -7200
# Node ID e41a2537b84d7a93abc36960541484c6e7ef90e1
# Parent  51830f4912c29a067f9d6977c410221c9c13ca99
Implement root installation

    We now iterate over all users that do not obviously have their
    login shell disabled and look for NSS directories in their home
    directory, dropping our privileges to do so.

diff -r 51830f4912c2 -r e41a2537b84d cinst/nssstore_linux.c
--- a/cinst/nssstore_linux.c	Wed Jun 25 10:56:31 2014 +0200
+++ b/cinst/nssstore_linux.c	Wed Jun 25 12:44:47 2014 +0200
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <limits.h>
 #include <errno.h>
+#include <pwd.h>
 
 #include "nssstore.h"
 #include "logging.h"
@@ -158,15 +159,15 @@
   if (pid == (pid_t) 0)
     {
       /* Drop privileges */
-      if (setuid (uid) || setgid (gid))
+      if (setgid (gid) || setuid (uid))
         {
+          syslog_error_printf("Failed to drop privileges: %s", strerror(errno));
           exit(-1);
         }
 
       close (pipe_fd[1]);
       dup2 (pipe_fd[0], 0);
       close (pipe_fd[0]);
-      /* TODO find path based on current executable */
       execve (argv[0], argv, envp);
       exit (127);
     }
@@ -238,7 +239,8 @@
 int
 write_stores_nss (char **to_install, char **to_remove)
 {
-  uid_t my_uid = getuid();
+  struct passwd *usr_it = NULL;
+  uid_t my_uid = geteuid();
 
   if (my_uid != 0)
     {
@@ -269,8 +271,32 @@
 
       return 0;
     }
-  printf ("Installation as root is not yet implemented\n");
-  /* TODO root parse /etc/passwd for users with a home directory */
+
+  setpwent();
+
+  while ((usr_it = getpwent ()) != NULL)
+    {
+      /* Skip obvious system accounts */
+      if (strcmp(usr_it->pw_shell, "/usr/sbin/nologin") == 0 ||
+          strcmp(usr_it->pw_shell, "/bin/false") == 0)
+        {
+          continue;
+        }
+      /* A check if the home directory starts with /home might be
+         appropiate */
+      start_procces_for_user (to_install,
+                              to_remove,
+                              usr_it->pw_uid,
+                              usr_it->pw_gid,
+                              usr_it->pw_dir);
+
+    }
+
+  endpwent();
+
+  waitpid (-1, NULL, 0);
+
+  DEBUGPRINTF ("NSS installation done\n");
   return 0;
 }
 #endif


More information about the Trustbridge-commits mailing list