36 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 37 uid_t PrivilegeHelper::s_normalUid = ::geteuid();
38 gid_t PrivilegeHelper::s_normalGid = ::getegid();
40 uid_t PrivilegeHelper::s_privilegedUid = ::geteuid();
41 gid_t PrivilegeHelper::s_privilegedGid = ::getegid();
42 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE 47 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 48 static const size_t MAX_GROUP_BUFFER_SIZE = 16384;
49 static const size_t MAX_PASSWD_BUFFER_SIZE = 16384;
51 static const size_t FALLBACK_GROUP_BUFFER_SIZE = 1024;
52 static const size_t FALLBACK_PASSWD_BUFFER_SIZE = 1024;
54 NFD_LOG_TRACE(
"initializing privilege helper with user \"" << userName <<
"\"" 55 <<
" group \"" << groupName <<
"\"");
59 if (!groupName.empty())
61 static int groupSize = ::sysconf(_SC_GETGR_R_SIZE_MAX);
65 groupSize = FALLBACK_GROUP_BUFFER_SIZE;
68 std::vector<char> groupBuffer(groupSize);
70 struct group* groupResult = 0;
72 int errorCode = getgrnam_r(groupName.c_str(), &group,
73 &groupBuffer[0], groupSize, &groupResult);
75 while (errorCode == ERANGE)
77 if (groupBuffer.size() * 2 > MAX_GROUP_BUFFER_SIZE)
82 groupBuffer.resize(groupBuffer.size() * 2);
84 errorCode = getgrnam_r(groupName.c_str(), &group,
85 &groupBuffer[0], groupBuffer.size(), &groupResult);
88 if (errorCode != 0 || !groupResult)
93 s_normalGid = group.gr_gid;
96 if (!userName.empty())
98 static int passwdSize = ::sysconf(_SC_GETPW_R_SIZE_MAX);
100 if (passwdSize == -1)
102 passwdSize = FALLBACK_PASSWD_BUFFER_SIZE;
105 std::vector<char> passwdBuffer(passwdSize);
106 struct passwd passwd;
107 struct passwd* passwdResult = 0;
110 getpwnam_r(userName.c_str(), &passwd,
111 &passwdBuffer[0], passwdBuffer.size(), &passwdResult);
113 while (errorCode == ERANGE)
115 if (passwdBuffer.size() * 2 > MAX_PASSWD_BUFFER_SIZE)
120 passwdBuffer.resize(passwdBuffer.size() * 2);
122 errorCode = getpwnam_r(userName.c_str(), &passwd,
123 &passwdBuffer[0], passwdBuffer.size(), &passwdResult);
126 if (errorCode != 0 || !passwdResult)
131 s_normalUid = passwd.pw_uid;
134 if (!userName.empty() || !groupName.empty()) {
135 throw Error(
"Dropping and raising privileges is not supported on this platform");
137 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE 143 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 145 if (::setegid(s_normalGid) != 0)
147 std::stringstream error;
148 error <<
"Failed to drop to effective gid=" << s_normalGid;
154 if (::seteuid(s_normalUid) != 0)
156 std::stringstream error;
157 error <<
"Failed to drop to effective uid=" << s_normalUid;
162 NFD_LOG_INFO(
"dropped to effective uid=" << ::geteuid() <<
" gid=" << ::getegid());
164 NFD_LOG_WARN(
"Dropping privileges is not supported on this platform");
165 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE 169 PrivilegeHelper::raise()
171 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 172 NFD_LOG_TRACE(
"elevating to effective uid=" << s_privilegedUid);
173 if (::seteuid(s_privilegedUid) != 0)
175 std::stringstream error;
176 error <<
"Failed to elevate to effective uid=" << s_privilegedUid;
181 NFD_LOG_TRACE(
"elevating to effective gid=" << s_privilegedGid);
182 if (::setegid(s_privilegedGid) != 0)
184 std::stringstream error;
185 error <<
"Failed to elevate to effective gid=" << s_privilegedGid;
189 NFD_LOG_INFO(
"elevated to effective uid=" << ::geteuid() <<
" gid=" << ::getegid());
191 NFD_LOG_WARN(
"Elevating privileges is not supported on this platform");
192 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE
static void runElevated(function< void()> f)
represents a serious seteuid/gid failure
#define NFD_LOG_INFO(expression)
#define NFD_LOG_TRACE(expression)
static void initialize(const std::string &userName, const std::string &groupName)
Copyright (c) 2011-2015 Regents of the University of California.
#define NFD_LOG_WARN(expression)
#define NFD_LOG_INIT(name)