test/acl
1
0
Fork 0
mirror of https://gitee.com/acl-dev/acl.git synced 2024-12-02 11:57:43 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

add return value to show the result of acl_chroot_uid than just broken when error happened.

Browse Source
This commit is contained in:
zhengshuxin 2017-08-11 21:41:26 +08:00
parent 7fbebad954
commit 8bb4c91b58
3 changed files with 37 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib_acl/changes.txt
View File

@ -1,6 +1,9 @@
修改历史列表: 修改历史列表:
------------------------------------------------------------------------ ------------------------------------------------------------------------
603) 2017.8.11
603.1) stable: acl_chroot_uid 内部如果出错则不会自动崩溃,给是返回 -1 通知上层
602) 2017.8.10 602) 2017.8.10
602.1) rename: acl_sane_bind 改名为 acl_inet_bind 602.1) rename: acl_sane_bind 改名为 acl_inet_bind
602.2) feature: acl_inet_listen/acl_inet_bind/acl_vstream_listen_ex 增 flag 标志位 602.2) feature: acl_inet_listen/acl_inet_bind/acl_vstream_listen_ex 增 flag 标志位

2
lib_acl/include/stdlib/unix/acl_chroot_uid.h
View File

@ -10,7 +10,7 @@ extern "C" {
/* External interface. */ /* External interface. */
extern void acl_chroot_uid(const char *, const char *); extern int acl_chroot_uid(const char *, const char *);
#endif /* ACL_UNIX */ #endif /* ACL_UNIX */

52
lib_acl/src/stdlib/sys/unix/acl_chroot_uid.c
View File

@ -24,51 +24,60 @@
/* chroot_uid - restrict the damage that this program can do */ /* chroot_uid - restrict the damage that this program can do */
void acl_chroot_uid(const char *root_dir, const char *user_name) int acl_chroot_uid(const char *root_dir, const char *user_name)
{ {
struct passwd *pwd; struct passwd *pwd;
uid_t uid = 0; uid_t uid = 0;
gid_t gid; gid_t gid;
char tbuf[256]; int err = 0;
/* /*
* Look up the uid/gid before entering the jail, and save them so they * Look up the uid/gid before entering the jail, and save them so they
* can't be clobbered. Set up the primary and secondary groups. * can't be clobbered. Set up the primary and secondary groups.
*/ */
if (user_name != 0) { if (user_name != 0) {
if ((pwd = getpwnam(user_name)) == 0) if ((pwd = getpwnam(user_name)) == 0) {
acl_msg_fatal("unknown user: %s", user_name); acl_msg_error("unknown user: %s", user_name);
return -1;
}
uid = pwd->pw_uid; uid = pwd->pw_uid;
gid = pwd->pw_gid; gid = pwd->pw_gid;
if (setgid(gid) < 0) if (setgid(gid) < 0) {
acl_msg_fatal("setgid(%ld): %s", (long) gid, acl_msg_error("setgid(%ld): %s", (long) gid,
acl_last_strerror(tbuf, sizeof(tbuf))); acl_last_serror());
if (initgroups(user_name, gid) < 0) err++;
acl_msg_fatal("initgroups: %s", }
acl_last_strerror(tbuf, sizeof(tbuf))); if (initgroups(user_name, gid) < 0) {
acl_msg_error("initgroups: %s", acl_last_serror());
err++;
}
} }
/* /*
* Enter the jail. * Enter the jail.
*/ */
if (root_dir) { if (root_dir) {
if (chroot(root_dir)) if (chroot(root_dir)) {
acl_msg_fatal("chroot(%s): %s", root_dir, acl_msg_error("chroot(%s): %s",
acl_last_strerror(tbuf, sizeof(tbuf))); root_dir, acl_last_serror());
if (chdir("/")) err++;
acl_msg_fatal("chdir(/): %s", } else if (chdir("/")) {
acl_last_strerror(tbuf, sizeof(tbuf))); acl_msg_error("chdir(/): %s", acl_last_serror());
err++;
}
} }
/* /*
* Drop the user privileges. * Drop the user privileges.
*/ */
if (user_name != 0) { if (user_name != 0) {
if (setuid(uid) < 0) if (setuid(uid) < 0) {
acl_msg_fatal("setuid(%ld): %s", (long) uid, acl_msg_error("setuid(%ld): %s",
acl_last_strerror(tbuf, sizeof(tbuf))); (long) uid, acl_last_serror());
err++;
}
} }
/* /*
* Give the desperate developer a clue of what is happening. * Give the desperate developer a clue of what is happening.
@ -77,6 +86,7 @@ void acl_chroot_uid(const char *root_dir, const char *user_name)
acl_msg_info("chroot %s user %s", acl_msg_info("chroot %s user %s",
root_dir ? root_dir : "(none)", root_dir ? root_dir : "(none)",
user_name ? user_name : "(none)"); user_name ? user_name : "(none)");
return err ? -1 : 0;
} }
#endif /* ACL_UNIX */ #endif /* ACL_UNIX */