diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-07-30 15:25:32 +0200 |
|---|---|---|
| committer | Stef Walter <stefw@redhat.com> | 2014-09-25 09:46:53 +0200 |
| commit | 59a66c779c9c56c0d2169317b52641dcbc48d29b (patch) | |
| tree | d66a635055a4c5ecc2e0ddbf0151d722fff7c305 | |
| parent | 85e5d09e80c14c618d1d8826284f827f720ea20e (diff) | |
| download | p11-kit-59a66c779c9c56c0d2169317b52641dcbc48d29b.tar.gz | |
remote: provide the options --run-as-user and --run-as-group
| -rw-r--r-- | p11-kit/p11-kit.c | 64 |
1 files changed, 54 insertions, 10 deletions
diff --git a/p11-kit/p11-kit.c b/p11-kit/p11-kit.c index 345b1e8..807e4b2 100644 --- a/p11-kit/p11-kit.c +++ b/p11-kit/p11-kit.c @@ -135,10 +135,12 @@ p11_kit_remote (int argc, { char *socket_file = NULL; CK_FUNCTION_LIST *module; - uid_t uid = -1; - gid_t gid = -1; + uid_t uid = -1, run_as_uid = -1; + gid_t gid = -1, run_as_gid = -1; int opt; - int ret; + int ret, e; + const struct passwd* pwd; + const struct group* grp; enum { opt_verbose = 'v', @@ -146,6 +148,8 @@ p11_kit_remote (int argc, opt_socket = 's', opt_user = 'u', opt_group = 'g', + opt_run_as_user = 'a', + opt_run_as_group = 'z', }; struct option options[] = { @@ -154,11 +158,15 @@ p11_kit_remote (int argc, { "socket", required_argument, NULL, opt_socket }, { "user", required_argument, NULL, opt_user }, { "group", required_argument, NULL, opt_group }, + { "run-as-user", required_argument, NULL, opt_run_as_user }, + { "run-as-group", required_argument, NULL, opt_run_as_group }, { 0 }, }; p11_tool_desc usages[] = { - { 0, "usage: p11-kit remote <module> -s <socket-file> -u <allowed-user> -g <allowed-group>" }, + { 0, "usage: p11-kit remote --help" }, + { 0, "usage: p11-kit remote <module> -s <socket-file>" }, + { 0, "usage: p11-kit remote <module> -s <socket-file> -u <allowed-user> -g <allowed-group> --run-as-user <user> --run-as-group <group>" }, { 0 }, }; @@ -170,24 +178,38 @@ p11_kit_remote (int argc, case opt_socket: socket_file = strdup(optarg); break; - case opt_group: { - const struct group* grp = getgrnam(optarg); + case opt_group: + grp = getgrnam(optarg); if (grp == NULL) { p11_message ("unknown group: %s", optarg); return 2; } gid = grp->gr_gid; break; - } - case opt_user: { - const struct passwd* pwd = getpwnam(optarg); + case opt_user: + pwd = getpwnam(optarg); if (pwd == NULL) { p11_message ("unknown user: %s", optarg); return 2; } uid = pwd->pw_uid; break; - } + case opt_run_as_group: + grp = getgrnam(optarg); + if (grp == NULL) { + p11_message ("unknown group: %s", optarg); + return 2; + } + run_as_gid = grp->gr_gid; + break; + case opt_run_as_user: + pwd = getpwnam(optarg); + if (pwd == NULL) { + p11_message ("unknown user: %s", optarg); + return 2; + } + run_as_uid = pwd->pw_uid; + break; case opt_help: case '?': p11_tool_usage (usages, options); @@ -206,6 +228,28 @@ p11_kit_remote (int argc, return 2; } + if (run_as_gid != -1) { + if (setgid(run_as_gid) == -1) { + e = errno; + p11_message("cannot set gid to %u: %s\n", (unsigned)run_as_gid, strerror(e)); + return 1; + } + + if (setgroups(1, &run_as_gid) == -1) { + e = errno; + p11_message("cannot setgroups to %u: %s\n", (unsigned)run_as_gid, strerror(e)); + return 1; + } + } + + if (run_as_uid != -1) { + if (setuid(run_as_uid) == -1) { + e = errno; + p11_message("cannot set uid to %u: %s\n", (unsigned)run_as_uid, strerror(e)); + return 1; + } + } + if (argc != 1) { p11_message ("specify the module to remote"); return 2; |