123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147 |
- --- /dev/null
- +++ b/modules/droproot.cpp
- @@ -0,0 +1,144 @@
- +/*
- + * droproot.cpp
- + *
- + * Copyright (c) 2009 Vadtec (vadtec@vadtec.net)
- + * This program is free software; you can redistribute it and/or modify it
- + * under the terms of the GNU General Public License version 2 as published
- + * by the Free Software Foundation.
- + *
- + * Copyright (C) 2004-2012 See the AUTHORS file for details.
- + *
- + * This program is free software; you can redistribute it and/or modify it
- + * under the terms of the GNU General Public License version 2 as published
- + * by the Free Software Foundation.
- + */
- +
- +#include <znc/znc.h>
- +#include <znc/User.h>
- +#include <pwd.h>
- +#include <grp.h>
- +
- +class CDroproot : public CModule {
- +
- +public:
- + MODCONSTRUCTOR(CDroproot) {
- + }
- +
- + virtual ~CDroproot() {
- + }
- +
- + uid_t GetUser(const CString& sUser, CString& sMessage) {
- + uid_t ret = sUser.ToUInt();
- +
- + if (ret != 0)
- + return ret;
- +
- + struct passwd *pUser = getpwnam(sUser.c_str());
- +
- + if (!pUser) {
- + sMessage = "User [" + sUser + "] not found!";
- + return 0;
- + }
- +
- + return pUser->pw_uid;
- + }
- +
- + gid_t GetGroup(const CString& sGroup, CString& sMessage) {
- + gid_t ret = sGroup.ToUInt();
- +
- + if (ret != 0)
- + return ret;
- +
- + struct group *pGroup = getgrnam(sGroup.c_str());
- +
- + if (!pGroup) {
- + sMessage = "Group [" + sGroup + "] not found!";
- + return 0;
- + }
- +
- + return pGroup->gr_gid;
- + }
- +
- + virtual bool OnLoad(const CString& sArgs, CString& sMessage) {
- + CString sUser = sArgs.Token(0);
- + CString sGroup = sArgs.Token(1, true);
- +
- + if (sUser.empty() || sGroup.empty()) {
- + sMessage = "Usage: LoadModule = Droproot <uid> <gid>";
- + return false;
- + }
- +
- + m_user = GetUser(sUser, sMessage);
- +
- + if (m_user == 0) {
- + sMessage
- + = "Error: Cannot run as root, check your config file | Useage: LoadModule = Droproot <uid> <gid>";
- + return false;
- + }
- +
- + m_group = GetGroup(sGroup, sMessage);
- +
- + if (m_group == 0) {
- + sMessage
- + = "Error: Cannot run as root, check your config file | Useage: LoadModule = Droproot <uid> <gid>";
- + return false;
- + }
- +
- + return true;
- + }
- +
- + virtual bool OnBoot() {
- + int u, eu, g, eg, sg;
- +
- + if ((geteuid() == 0) || (getuid() == 0) || (getegid() == 0) || (getgid()
- + == 0)) {
- +
- + CUtils::PrintAction("Dropping root permissions");
- +
- + // Clear all the supplementary groups
- + sg = setgroups(0, NULL);
- +
- + if (sg < 0) {
- + CUtils::PrintStatus(false,
- + "Could not remove supplementary groups! ["
- + + CString(strerror(errno)) + "]");
- +
- + return false;
- + }
- +
- + // Set the group (if we are root, this sets all three group IDs)
- + g = setgid(m_group);
- + eg = setegid(m_group);
- +
- + if ((g < 0) || (eg < 0)) {
- + CUtils::PrintStatus(false, "Could not switch group id! ["
- + + CString(strerror(errno)) + "]");
- +
- + return false;
- + }
- +
- + // and set the user (if we are root, this sets all three user IDs)
- + u = setuid(m_user);
- + eu = seteuid(m_user);
- +
- + if ((u < 0) || (eu < 0)) {
- + CUtils::PrintStatus(false, "Could not switch user id! ["
- + + CString(strerror(errno)) + "]");
- +
- + return false;
- + }
- +
- + CUtils::PrintStatus(true);
- +
- + return true;
- + }
- +
- + return true;
- + }
- +
- +protected:
- + uid_t m_user;
- + gid_t m_group;
- +};
- +
- +GLOBALMODULEDEFS(CDroproot, "Allows ZNC to drop root privileges and run as an un-privileged user.")
|