38 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 39 uid_t PrivilegeHelper::s_normalUid = ::geteuid();
40 gid_t PrivilegeHelper::s_normalGid = ::getegid();
42 uid_t PrivilegeHelper::s_privilegedUid = ::geteuid();
43 gid_t PrivilegeHelper::s_privilegedGid = ::getegid();
44 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE 49 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 50 static const size_t MAX_GROUP_BUFFER_SIZE = 16384;
51 static const size_t MAX_PASSWD_BUFFER_SIZE = 16384;
53 static const size_t FALLBACK_GROUP_BUFFER_SIZE = 1024;
54 static const size_t FALLBACK_PASSWD_BUFFER_SIZE = 1024;
56 NFD_LOG_TRACE(
"initializing privilege helper with user \"" << userName <<
"\"" 57 <<
" group \"" << groupName <<
"\"");
61 if (!groupName.empty())
63 static int groupSize = ::sysconf(_SC_GETGR_R_SIZE_MAX);
67 groupSize = FALLBACK_GROUP_BUFFER_SIZE;
70 std::vector<char> groupBuffer(groupSize);
72 struct group* groupResult = 0;
74 int errorCode = getgrnam_r(groupName.c_str(), &group,
75 &groupBuffer[0], groupSize, &groupResult);
77 while (errorCode == ERANGE)
79 if (groupBuffer.size() * 2 > MAX_GROUP_BUFFER_SIZE)
84 groupBuffer.resize(groupBuffer.size() * 2);
86 errorCode = getgrnam_r(groupName.c_str(), &group,
87 &groupBuffer[0], groupBuffer.size(), &groupResult);
90 if (errorCode != 0 || !groupResult)
95 s_normalGid = group.gr_gid;
98 if (!userName.empty())
100 static int passwdSize = ::sysconf(_SC_GETPW_R_SIZE_MAX);
102 if (passwdSize == -1)
104 passwdSize = FALLBACK_PASSWD_BUFFER_SIZE;
107 std::vector<char> passwdBuffer(passwdSize);
108 struct passwd passwd;
109 struct passwd* passwdResult = 0;
112 getpwnam_r(userName.c_str(), &passwd,
113 &passwdBuffer[0], passwdBuffer.size(), &passwdResult);
115 while (errorCode == ERANGE)
117 if (passwdBuffer.size() * 2 > MAX_PASSWD_BUFFER_SIZE)
122 passwdBuffer.resize(passwdBuffer.size() * 2);
124 errorCode = getpwnam_r(userName.c_str(), &passwd,
125 &passwdBuffer[0], passwdBuffer.size(), &passwdResult);
128 if (errorCode != 0 || !passwdResult)
133 s_normalUid = passwd.pw_uid;
136 if (!userName.empty() || !groupName.empty()) {
137 throw Error(
"Dropping and raising privileges is not supported on this platform");
139 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE 145 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 147 if (::setegid(s_normalGid) != 0)
149 std::stringstream error;
150 error <<
"Failed to drop to effective gid=" << s_normalGid;
156 if (::seteuid(s_normalUid) != 0)
158 std::stringstream error;
159 error <<
"Failed to drop to effective uid=" << s_normalUid;
164 NFD_LOG_INFO(
"dropped to effective uid=" << ::geteuid() <<
" gid=" << ::getegid());
166 NFD_LOG_WARN(
"Dropping privileges is not supported on this platform");
167 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE 171 PrivilegeHelper::raise()
173 #ifdef HAVE_PRIVILEGE_DROP_AND_ELEVATE 174 NFD_LOG_TRACE(
"elevating to effective uid=" << s_privilegedUid);
175 if (::seteuid(s_privilegedUid) != 0)
177 std::stringstream error;
178 error <<
"Failed to elevate to effective uid=" << s_privilegedUid;
183 NFD_LOG_TRACE(
"elevating to effective gid=" << s_privilegedGid);
184 if (::setegid(s_privilegedGid) != 0)
186 std::stringstream error;
187 error <<
"Failed to elevate to effective gid=" << s_privilegedGid;
191 NFD_LOG_INFO(
"elevated to effective uid=" << ::geteuid() <<
" gid=" << ::getegid());
193 NFD_LOG_WARN(
"Elevating privileges is not supported on this platform");
194 #endif // HAVE_PRIVILEGE_DROP_AND_ELEVATE
static void runElevated(function< void()> f)
represents a serious seteuid/gid failure
#define NFD_LOG_INFO(expression)
#define NFD_LOG_TRACE(expression)
static void initialize(const std::string &userName, const std::string &groupName)
Copyright (c) 2011-2015 Regents of the University of California.
#define NFD_LOG_WARN(expression)
#define NFD_LOG_INIT(name)