Changeset 1042 for trunk/src/ifd

Timestamp:

05/14/08 15:22:03 (4 years ago)

Author:

alonbl

Message:

Non privileged operation

As OpenCT is a security component, it best to use least privileged mode, and udev allows this now.
The attached patch allows users to run the ifdhandler as none root user.

The configuration file was modified, not the ifdhandler is a node in the following format:

#
# Path to ifdhandler
ifdhandler {

program = SBINDIR/ifdhandler;

# user = openctd;
# groups = {
# usb,
# };
};

I believe this place is correct, but if people want to keep backward compatibility I guess
this can be splitted, and keep current ifdhandler key.

The openct-control running from init.d script or udev rule script will fork the ifdhandler using
the specified user and set the context to the specified groups. There may be more than one
group as there are more than one device type.

It also set the /var/run/openct/status owner to the specified user.

M src/tools/openct-control.c
M src/ifd/utils.c
M src/ifd/init.c
M src/include/openct/openct.h
M src/ct/status.c
M etc/openct.conf.in

Location:

trunk/src/ifd

Files:

• init.c (modified) (1 diff)
• utils.c (modified) (3 diffs)

trunk/src/ifd/init.c

@@ -62 +62 @@
                 ct_config.debug = ival;
 
-        if (ifd_conf_get_string("ifdhandler", &sval) >= 0)
+        if (ifd_conf_get_string("ifdhandler.program", &sval) >= 0)
                 ct_config.ifdhandler = sval;
 

trunk/src/ifd/utils.c

@@ -14 +14 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
 
 #ifndef __GNUC__
@@ -87 +90 @@
         int argc, n;
         pid_t pid;
+        char *user = NULL;
 
         ifd_debug(1, "driver=%s, devtype=%s, index=%d", driver, devtype, idx);
@@ -141 +145 @@
         while (--n > 2)
                 close(n);
+        
+        if ((n = ifd_conf_get_string_list("ifdhandler.groups", NULL, 0)) > 0) {
+                char **groups = (char **)calloc(n, sizeof(char *));
+                gid_t *gids = (gid_t *)calloc(n, sizeof(gid_t));
+                int j;
+                if (!groups || !gids) {
+                        ct_error("out of memory");
+                        exit(1);
+                }
+                n = ifd_conf_get_string_list("ifdhandler.groups", groups, n);
+                for (j = 0; j < n; j++) {
+                        struct group *g = getgrnam(groups[j]);
+                        if (g == NULL) {
+                                ct_error("failed to parse group %s", groups[j]);
+                                exit(1);
+                        }
+                        gids[j] = g->gr_gid;
+                }
+                if (setgroups(n-1, &gids[1]) == -1) {
+                        ct_error("failed set groups %m");
+                        exit(1);
+                }
+                if (setgid(gids[0]) == -1) {
+                        ct_error("failed setgid %d %m", gids[0]);
+                        exit(1);
+                }
+                free(groups);
+                free(gids);
+        }
+
+        if (ifd_conf_get_string("ifdhandler.user", &user) >= 0) {
+                struct passwd *p = getpwnam(user);
+
+                if (p == NULL) {
+                        ct_error("failed to parse user %s", user);
+                        exit(1);
+                }
+
+                if (setuid(p->pw_uid) == -1) {
+                        ct_error("failed to set*uid user %s %m", user);
+                        exit(1);
+                }
+        }
 
         execv(ct_config.ifdhandler, (char **)argv);