Greenbone Vulnerability Management Libraries  22.8.0
drop_privileges.c
Go to the documentation of this file.
1 /* SPDX-FileCopyrightText: 2010-2023 Greenbone AG
2  *
3  * SPDX-License-Identifier: GPL-2.0-or-later
4  */
5 
11 #include "drop_privileges.h"
12 
13 #include <grp.h> /* for initgroups */
14 #include <pwd.h> /* for passwd, getpwnam */
15 #include <sys/types.h>
16 #include <unistd.h> /* for geteuid, setgid, setuid */
17 
18 #undef G_LOG_DOMAIN
19 
22 #define G_LOG_DOMAIN "libgvm base"
23 
34 static gint
35 drop_privileges_error (GError **error, gint errorcode, const gchar *message)
36 {
37  g_set_error (error, GVM_DROP_PRIVILEGES, errorcode, "%s", message);
38  return errorcode;
39 }
40 
57 int
58 drop_privileges (gchar *username, GError **error)
59 {
60  g_return_val_if_fail (*error == NULL, GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET);
61 
62  if (username == NULL)
63  username = "nobody";
64 
65  if (geteuid () == 0)
66  {
67  struct passwd *user_pw = NULL;
68 
69  if ((user_pw = getpwnam (username)))
70  {
71  if (initgroups (username, user_pw->pw_gid) != 0)
72  return drop_privileges_error (
73  error, GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY,
74  "Failed to drop supplementary groups privileges!\n");
75  if (setgid (user_pw->pw_gid) != 0)
76  return drop_privileges_error (error,
77  GVM_DROP_PRIVILEGES_FAIL_DROP_GID,
78  "Failed to drop group privileges!\n");
79  if (setuid (user_pw->pw_uid) != 0)
80  return drop_privileges_error (error,
81  GVM_DROP_PRIVILEGES_FAIL_DROP_UID,
82  "Failed to drop user privileges!\n");
83  }
84  else
85  {
86  g_set_error (error, GVM_DROP_PRIVILEGES,
87  GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER,
88  "Failed to get gid and uid for user %s.", username);
89  return GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER;
90  }
91  return GVM_DROP_PRIVILEGES_OK;
92  }
93  else
94  {
95  return drop_privileges_error (error, GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT,
96  "Only root can drop its privileges.");
97  }
98 }
drop_privileges_error
static gint drop_privileges_error(GError **error, gint errorcode, const gchar *message)
Sets an error and return errorcode.
Definition: drop_privileges.c:35
GVM_DROP_PRIVILEGES_FAIL_DROP_UID
#define GVM_DROP_PRIVILEGES_FAIL_DROP_UID
Definition of the return code FAIL_DROP_UID.
Definition: drop_privileges.h:50
GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET
#define GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET
Definition of the return code ERROR_ALREADY_SET.
Definition: drop_privileges.h:25
drop_privileges
int drop_privileges(gchar *username, GError **error)
Drop privileges.
Definition: drop_privileges.c:58
GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT
#define GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT
Definition of the return code FAIL_NOT_ROOT.
Definition: drop_privileges.h:35
drop_privileges.h
Privilege dropping header file.
GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY
#define GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY
Definition of the return code FAIL_SUPPLEMENTARY.
Definition: drop_privileges.h:55
GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER
#define GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER
Definition of the return code FAIL_UNKNOWN_USER.
Definition: drop_privileges.h:40
GVM_DROP_PRIVILEGES_FAIL_DROP_GID
#define GVM_DROP_PRIVILEGES_FAIL_DROP_GID
Definition of the return code FAIL_DROP_GID.
Definition: drop_privileges.h:45
GVM_DROP_PRIVILEGES
#define GVM_DROP_PRIVILEGES
The GQuark for privilege dropping errors.
Definition: drop_privileges.h:19
GVM_DROP_PRIVILEGES_OK
#define GVM_DROP_PRIVILEGES_OK
Definition of the return code OK.
Definition: drop_privileges.h:30