/***************************************************************************** * * $Id$ * Purpose ...............: MBSE BBS Shadow Password Suite * Original Source .......: Shadow Password Suite * Original Copyright ....: Julianne Frances Haugh and others. * ***************************************************************************** * Copyright (C) 1997-2001 * * Michiel Broek FIDO: 2:280/2802 * Beekmansbos 10 * 1971 BV IJmuiden * the Netherlands * * This file is part of MBSE BBS. * * This BBS is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the * Free Software Foundation; either version 2, or (at your option) any * later version. * * MBSE BBS is distributed in the hope that it will be useful, but * WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * General Public License for more details. * * You should have received a copy of the GNU General Public License * along with MBSE BBS; see the file COPYING. If not, write to the Free * Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. *****************************************************************************/ /* * Separated from setup.c. --marekm */ #include "../config.h" #include #include #include #include "mblogin.h" #include #include "getdef.h" #include "setugid.h" /* * setup_uid_gid() split in two functions for PAM support - * pam_setcred() needs to be called after initgroups(), but * before setuid(). */ int setup_groups(const struct passwd *info) { /* * Set the real group ID to the primary group ID in the password * file. */ if (setgid (info->pw_gid) == -1) { perror("setgid"); syslog(LOG_ERR, "bad group ID `%d' for user `%s': %m\n", info->pw_gid, info->pw_name); closelog(); return -1; } #ifdef HAVE_INITGROUPS /* * For systems which support multiple concurrent groups, go get * the group set from the /etc/group file. */ if (initgroups(info->pw_name, info->pw_gid) == -1) { perror("initgroups"); syslog(LOG_ERR, "initgroups failed for user `%s': %m\n", info->pw_name); closelog(); return -1; } #endif return 0; } int change_uid(const struct passwd *info) { /* * Set the real UID to the UID value in the password file. */ #ifndef BSD if (setuid(info->pw_uid)) #else if (setreuid(info->pw_uid, info->pw_uid)) #endif { perror("setuid"); syslog(LOG_ERR, "bad user ID `%d' for user `%s': %m\n", (int) info->pw_uid, info->pw_name); closelog(); return -1; } return 0; } /* * setup_uid_gid() performs the following steps - * * set the group ID to the value from the password file entry * set the supplementary group IDs * optionally call specified function which may add more groups * set the user ID to the value from the password file entry * * Returns 0 on success, or -1 on failure. */ int setup_uid_gid(const struct passwd *info, int is_console) { if (setup_groups(info) < 0) return -1; #ifdef HAVE_INITGROUPS if (is_console) { char *cp = getdef_str("CONSOLE_GROUPS"); if (cp && add_groups(cp)) perror("Warning: add_groups"); } #endif /* HAVE_INITGROUPS */ if (change_uid(info) < 0) return -1; return 0; }