Greenbone Vulnerability Management Libraries 22.32.0
drop_privileges.c
Go to the documentation of this file.
1/* SPDX-FileCopyrightText: 2010-2023 Greenbone AG
2 *
3 * SPDX-License-Identifier: GPL-2.0-or-later
4 */
5
10
11#include "drop_privileges.h"
12
13#include <grp.h> /* for initgroups */
14#include <pwd.h> /* for passwd, getpwnam */
15#include <sys/types.h>
16#include <unistd.h> /* for geteuid, setgid, setuid */
17
18#undef G_LOG_DOMAIN
22#define G_LOG_DOMAIN "libgvm base"
23
34static gint
35drop_privileges_error (GError **error, gint errorcode, const gchar *message)
36{
37 g_set_error (error, GVM_DROP_PRIVILEGES, errorcode, "%s", message);
38 return errorcode;
39}
40
57int
58drop_privileges (gchar *username, GError **error)
59{
60 g_return_val_if_fail (*error == NULL, GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET);
61
62 if (username == NULL)
63 username = "nobody";
64
65 if (geteuid () == 0)
66 {
67 struct passwd *user_pw;
68
69 user_pw = getpwnam (username);
70 if (user_pw)
71 {
72 if (initgroups (username, user_pw->pw_gid) != 0)
73 return drop_privileges_error (
74 error, GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY,
75 "Failed to drop supplementary groups privileges!\n");
76 if (setgid (user_pw->pw_gid) != 0)
77 return drop_privileges_error (error,
78 GVM_DROP_PRIVILEGES_FAIL_DROP_GID,
79 "Failed to drop group privileges!\n");
80 if (setuid (user_pw->pw_uid) != 0)
81 return drop_privileges_error (error,
82 GVM_DROP_PRIVILEGES_FAIL_DROP_UID,
83 "Failed to drop user privileges!\n");
84 }
85 else
86 {
87 g_set_error (error, GVM_DROP_PRIVILEGES,
88 GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER,
89 "Failed to get gid and uid for user %s.", username);
90 return GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER;
91 }
92 return GVM_DROP_PRIVILEGES_OK;
93 }
94 else
95 {
96 return drop_privileges_error (error, GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT,
97 "Only root can drop its privileges.");
98 }
99}
drop_privileges_error
static gint drop_privileges_error(GError **error, gint errorcode, const gchar *message)
Sets an error and return errorcode.
Definition drop_privileges.c:35
drop_privileges
int drop_privileges(gchar *username, GError **error)
Drop privileges.
Definition drop_privileges.c:58
drop_privileges.h
Privilege dropping header file.
GVM_DROP_PRIVILEGES_FAIL_DROP_GID
#define GVM_DROP_PRIVILEGES_FAIL_DROP_GID
Definition of the return code FAIL_DROP_GID.
Definition drop_privileges.h:45
GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER
#define GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER
Definition of the return code FAIL_UNKNOWN_USER.
Definition drop_privileges.h:40
GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET
#define GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET
Definition of the return code ERROR_ALREADY_SET.
Definition drop_privileges.h:25
GVM_DROP_PRIVILEGES_FAIL_DROP_UID
#define GVM_DROP_PRIVILEGES_FAIL_DROP_UID
Definition of the return code FAIL_DROP_UID.
Definition drop_privileges.h:50
GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY
#define GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY
Definition of the return code FAIL_SUPPLEMENTARY.
Definition drop_privileges.h:55
GVM_DROP_PRIVILEGES_OK
#define GVM_DROP_PRIVILEGES_OK
Definition of the return code OK.
Definition drop_privileges.h:30
GVM_DROP_PRIVILEGES
#define GVM_DROP_PRIVILEGES
The GQuark for privilege dropping errors.
Definition drop_privileges.h:19
GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT
#define GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT
Definition of the return code FAIL_NOT_ROOT.
Definition drop_privileges.h:35