Greenbone Vulnerability Management Libraries  11.0.0
drop_privileges.c
Go to the documentation of this file.
1 /* Copyright (C) 2010-2019 Greenbone Networks GmbH
2  *
3  * SPDX-License-Identifier: GPL-2.0-or-later
4  *
5  * This program is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU General Public License
7  * as published by the Free Software Foundation; either version 2
8  * of the License, or (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18  */
19 
25 #include "drop_privileges.h"
26 
27 #include <grp.h> /* for initgroups */
28 #include <pwd.h> /* for passwd, getpwnam */
29 #include <sys/types.h>
30 #include <unistd.h> /* for geteuid, setgid, setuid */
31 
42 static gint
43 drop_privileges_error (GError **error, gint errorcode, const gchar *message)
44 {
45  g_set_error (error, GVM_DROP_PRIVILEGES, errorcode, "%s", message);
46  return errorcode;
47 }
48 
65 int
66 drop_privileges (gchar *username, GError **error)
67 {
68  g_return_val_if_fail (*error == NULL, GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET);
69 
70  if (username == NULL)
71  username = "nobody";
72 
73  if (geteuid () == 0)
74  {
75  struct passwd *user_pw = NULL;
76 
77  if ((user_pw = getpwnam (username)))
78  {
79  if (initgroups (username, user_pw->pw_gid) != 0)
80  return drop_privileges_error (
82  "Failed to drop supplementary groups privileges!\n");
83  if (setgid (user_pw->pw_gid) != 0)
84  return drop_privileges_error (error,
86  "Failed to drop group privileges!\n");
87  if (setuid (user_pw->pw_uid) != 0)
88  return drop_privileges_error (error,
90  "Failed to drop user privileges!\n");
91  }
92  else
93  {
94  g_set_error (error, GVM_DROP_PRIVILEGES,
96  "Failed to get gid and uid for user %s.", username);
98  }
100  }
101  else
102  {
104  "Only root can drop its privileges.");
105  }
106 }
drop_privileges_error
static gint drop_privileges_error(GError **error, gint errorcode, const gchar *message)
Sets an error and return errorcode.
Definition: drop_privileges.c:43
GVM_DROP_PRIVILEGES_FAIL_DROP_UID
#define GVM_DROP_PRIVILEGES_FAIL_DROP_UID
Definition of the return code FAIL_DROP_UID.
Definition: drop_privileges.h:64
GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET
#define GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET
Definition of the return code ERROR_ALREADY_SET.
Definition: drop_privileges.h:39
drop_privileges
int drop_privileges(gchar *username, GError **error)
Drop privileges.
Definition: drop_privileges.c:66
GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT
#define GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT
Definition of the return code FAIL_NOT_ROOT.
Definition: drop_privileges.h:49
drop_privileges.h
Privilege dropping header file.
GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY
#define GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY
Definition of the return code FAIL_SUPPLEMENTARY.
Definition: drop_privileges.h:69
GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER
#define GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER
Definition of the return code FAIL_UNKNOWN_USER.
Definition: drop_privileges.h:54
GVM_DROP_PRIVILEGES_FAIL_DROP_GID
#define GVM_DROP_PRIVILEGES_FAIL_DROP_GID
Definition of the return code FAIL_DROP_GID.
Definition: drop_privileges.h:59
GVM_DROP_PRIVILEGES
#define GVM_DROP_PRIVILEGES
The GQuark for privilege dropping errors.
Definition: drop_privileges.h:33
GVM_DROP_PRIVILEGES_OK
#define GVM_DROP_PRIVILEGES_OK
Definition of the return code OK.
Definition: drop_privileges.h:44