273 lines
6.4 KiB
C
273 lines
6.4 KiB
C
/* ftrustee.c, 19.09.99 */
|
|
/* (C)opyright (C) 1999 Martin Stover, Marburg, Germany
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*/
|
|
|
|
#include "net.h"
|
|
#include "trustee.h"
|
|
#include "nwvolume.h"
|
|
|
|
int default_uid=-1;
|
|
int default_gid=-1;
|
|
|
|
int act_uid=0; // unix uid
|
|
int act_gid=0; // unix uid
|
|
|
|
int act_id_flags=0; /* &1 == supervisor equivalence !!! */
|
|
int act_obj_id=0L; /* mars_nwe UID, 0=not logged in, 1=supervisor */
|
|
|
|
static gid_t *act_grouplist=NULL; /* first element is counter !! */
|
|
|
|
void set_default_guid(void)
|
|
{
|
|
seteuid(0);
|
|
setgroups(0, NULL);
|
|
if (setegid(default_gid) < 0 || seteuid(default_uid) < 0) {
|
|
errorp(1, "set_default_guid, !! SecurityAbort !!",
|
|
"Cannot set default gid=%d and uid=%d" , default_gid, default_uid);
|
|
exit(1);
|
|
}
|
|
act_gid = default_gid;
|
|
act_uid = default_uid;
|
|
xfree(act_grouplist);
|
|
}
|
|
|
|
void set_guid(int gid, int uid)
|
|
{
|
|
if ( gid < 0 || uid < 0
|
|
|| seteuid(0)
|
|
|| setegid(gid)
|
|
|| seteuid(uid) ) {
|
|
set_default_guid();
|
|
if (gid < 0 && uid < 0) {
|
|
/* don't print error */
|
|
gid = act_gid;
|
|
uid = act_uid;
|
|
}
|
|
} else if (act_gid != gid || act_uid != uid) {
|
|
struct passwd *pw = getpwuid(uid);
|
|
if (NULL != pw) {
|
|
seteuid(0);
|
|
initgroups(pw->pw_name, gid);
|
|
}
|
|
act_gid = gid;
|
|
act_uid = uid;
|
|
xfree(act_grouplist);
|
|
if (seteuid(uid))
|
|
set_default_guid();
|
|
else {
|
|
int k=getgroups(0, NULL);
|
|
if (k > 0) {
|
|
act_grouplist=(gid_t*)xmalloc((k+1) * sizeof(gid_t));
|
|
getgroups(k, act_grouplist+1);
|
|
*act_grouplist=(gid_t)k;
|
|
}
|
|
}
|
|
|
|
}
|
|
XDPRINTF((5,0,"SET GID=%d, UID=%d %s", gid, uid,
|
|
(gid==act_gid && uid == act_uid) ? "OK" : "failed"));
|
|
}
|
|
|
|
void reset_guid(void)
|
|
{
|
|
set_guid(act_gid, act_uid);
|
|
}
|
|
|
|
void reseteuid(void)
|
|
{
|
|
if (seteuid(act_uid))
|
|
reset_guid();
|
|
}
|
|
|
|
int in_act_groups(gid_t gid)
|
|
/* returns 1 if gid is member of act_grouplist else 0 */
|
|
{
|
|
int k;
|
|
gid_t *g;
|
|
if (!act_grouplist) return(0);
|
|
k=(int)*act_grouplist;
|
|
g = act_grouplist;
|
|
while (k--) {
|
|
if (*(++g) == gid) return(1);
|
|
}
|
|
return(0);
|
|
}
|
|
|
|
/* pcz:01-Sep-00 */
|
|
int get_unix_access_rights(struct stat *stb, uint8 *unixname)
|
|
/* returns F_OK, R_OK, W_OK, X_OK */
|
|
/* ----- old ----------------------*/
|
|
/* ORED with 0x10 if owner access */
|
|
/* ORED with 0x20 if group access */
|
|
/* ----- corrent-------------------*/
|
|
/* ORED with 0x20 if W_OK access */
|
|
/* --------------------------------*/
|
|
{
|
|
int mode=0;
|
|
uid_t ruid, euid, rgid;
|
|
|
|
ruid=getuid();
|
|
euid=geteuid();
|
|
rgid=getgid();
|
|
|
|
setreuid(act_uid,0);
|
|
setgid(act_gid);
|
|
|
|
if (!access(unixname, F_OK)) {
|
|
|
|
if (!access(unixname, R_OK))
|
|
mode |= R_OK;
|
|
if (!access(unixname, W_OK))
|
|
/* mode |= W_OK; */
|
|
mode |= W_OK | 0x20;
|
|
if (!access(unixname, X_OK))
|
|
mode |= X_OK;
|
|
|
|
/* mode |= get_unix_eff_rights(stb) & ~(R_OK|W_OK|X_OK); */
|
|
}
|
|
setgid(rgid);
|
|
setreuid(ruid, euid);
|
|
|
|
return(mode);
|
|
}
|
|
|
|
|
|
int get_unix_eff_rights(struct stat *stb)
|
|
/* returns F_OK, R_OK, W_OK, X_OK */
|
|
/* ORED with 0x10 if owner access */
|
|
/* ORED with 0x20 if group access */
|
|
{
|
|
int mode = 0;
|
|
if (!act_uid)
|
|
return(0x10 | R_OK | W_OK | X_OK) ; /* root */
|
|
else {
|
|
if (act_uid == stb->st_uid) {
|
|
mode |= 0x10;
|
|
if (stb->st_mode & S_IXUSR)
|
|
mode |= X_OK;
|
|
if (stb->st_mode & S_IRUSR)
|
|
mode |= R_OK;
|
|
if (stb->st_mode & S_IWUSR)
|
|
mode |= W_OK;
|
|
} else if ( (act_gid == stb->st_gid)
|
|
|| in_act_groups(stb->st_gid) ) {
|
|
mode |= 0x20;
|
|
if (stb->st_mode & S_IXGRP)
|
|
mode |= X_OK;
|
|
if (stb->st_mode & S_IRGRP)
|
|
mode |= R_OK;
|
|
if (stb->st_mode & S_IWGRP)
|
|
mode |= W_OK;
|
|
} else {
|
|
if (stb->st_mode & S_IXOTH)
|
|
mode |= X_OK;
|
|
if (stb->st_mode & S_IROTH)
|
|
mode |= R_OK;
|
|
if (stb->st_mode & S_IWOTH)
|
|
mode |= W_OK;
|
|
}
|
|
}
|
|
return(mode);
|
|
}
|
|
|
|
#if 0
|
|
FILE *open_trustee_file(char *volname, char *opmode)
|
|
{
|
|
FILE *f=fopen(
|
|
return(f);
|
|
}
|
|
#endif
|
|
|
|
int do_export_trustees(char *expfn)
|
|
{
|
|
int j=0;
|
|
NW_VOL *v = nw_volumes;
|
|
while (j++ < used_nw_volumes) {
|
|
FILE *f=NULL;
|
|
if (v->options & VOL_OPTION_TRUSTEES) {
|
|
char fn[300];
|
|
memcpy(fn, v->unixname, v->unixnamlen);
|
|
strmaxcpy(fn+v->unixnamlen, ".trustees", 300-v->unixnamlen-1);
|
|
printf("volume %d, '%s', '%s', '%s'\n",
|
|
j, v->sysname, v->unixname, fn);
|
|
if (NULL != (f=fopen(fn, "w")) ) {
|
|
chmod(fn, 0600);
|
|
chown(fn, 0, 0);
|
|
|
|
|
|
fclose(f);
|
|
} else
|
|
errorp(0, "do_export_trustees", "cannot open '%s'", fn);
|
|
}
|
|
v++;
|
|
}
|
|
return(-1);
|
|
}
|
|
|
|
int do_import_trustees(char *expfn)
|
|
{
|
|
return(-1);
|
|
}
|
|
|
|
|
|
static int localinit(void)
|
|
{
|
|
FILE *f= open_nw_ini();
|
|
if (f != (FILE*) NULL){
|
|
int k=-1;
|
|
nw_init_volumes(f);
|
|
fclose(f);
|
|
printf("Count Volumes = %d, trusteepath=%s\n",
|
|
used_nw_volumes, path_trustees);
|
|
#if 1
|
|
while (++k < used_nw_volumes) {
|
|
NW_VOL *v = nw_volumes+k;
|
|
printf("volume %2d|%-15s|%s\n", k, v->sysname, v->unixname);
|
|
}
|
|
#endif
|
|
} else
|
|
printf("open_nw_ini failed\n");
|
|
return(0);
|
|
}
|
|
|
|
|
|
static int usage(char *s)
|
|
{
|
|
char *p=strrchr(s, '/');
|
|
fprintf(stderr, "usage:\t%s e | i | r [path]\n", p ? p+1 : s);
|
|
fprintf(stderr, "\te = export\n");
|
|
fprintf(stderr, "\ti = import\n");
|
|
fprintf(stderr, "\tr = repair\n");
|
|
return(1);
|
|
}
|
|
|
|
int main(int argc, char *argv[])
|
|
{
|
|
init_tools(0, 0);
|
|
nw_debug = 5;
|
|
localinit();
|
|
if (argc < 2) return(usage(argv[0]));
|
|
if (*argv[1] == 'e') return(do_export_trustees(argv[2]));
|
|
else if (*argv[1] == 'i') return(do_import_trustees(argv[2]));
|
|
else if (*argv[1] == 'r') if (!do_export_trustees(argv[2]))
|
|
return(do_import_trustees(argv[2]));
|
|
else return(1);
|
|
else usage(argv[0]);
|
|
return(0);
|
|
}
|
|
|