| /* Licensed to the Apache Software Foundation (ASF) under one or more |
| * contributor license agreements. See the NOTICE file distributed with |
| * this work for additional information regarding copyright ownership. |
| * The ASF licenses this file to You under the Apache License, Version 2.0 |
| * (the "License"); you may not use this file except in compliance with |
| * the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| /* |
| * Given one or more group identifiers on the command line (e.g., |
| * "httpd" or "#-1"), figure out whether they'll be valid for |
| * the server to use at run-time. |
| * |
| * If a groupname isn't found, or we can't setgid() to it, return |
| * -1. If all groups are valid, return 0. |
| * |
| * This may need to be run as the superuser for the setgid() to |
| * succeed; running it as any other user may result in a false |
| * negative. |
| */ |
| |
| #include "ap_config.h" |
| #if APR_HAVE_STDIO_H |
| #include <stdio.h> |
| #endif |
| #if APR_HAVE_STDLIB_H |
| #include <stdlib.h> |
| #endif |
| #if APR_HAVE_SYS_TYPES_H |
| #include <sys/types.h> |
| #endif |
| #if HAVE_GRP_H |
| #include <grp.h> |
| #endif |
| #if APR_HAVE_UNISTD_H |
| #include <unistd.h> |
| #endif |
| |
| int main(int argc, char *argv[]) |
| { |
| int i; |
| int result; |
| gid_t gid; |
| struct group *grent; |
| struct group fake_grent; |
| |
| /* |
| * Assume success. :-) |
| */ |
| result = 0; |
| for (i = 1; i < argc; ++i) { |
| char *arg; |
| arg = argv[i]; |
| |
| /* |
| * If it's from a 'Group #-1' statement, get the numeric value |
| * and skip the group lookup stuff. |
| */ |
| if (*arg == '#') { |
| gid = atoi(&arg[1]); |
| fake_grent.gr_gid = gid; |
| grent = &fake_grent; |
| } |
| else { |
| grent = getgrnam(arg); |
| } |
| |
| /* |
| * A NULL return means no such group was found, so we're done |
| * with this one. |
| */ |
| if (grent == NULL) { |
| fprintf(stderr, "%s: group '%s' not found\n", argv[0], arg); |
| result = -1; |
| } |
| else { |
| int check; |
| |
| /* |
| * See if we can switch to the numeric GID we have. If so, |
| * all well and good; if not, well.. |
| */ |
| gid = grent->gr_gid; |
| check = setgid(gid); |
| if (check != 0) { |
| fprintf(stderr, "%s: invalid group '%s'\n", argv[0], arg); |
| perror(argv[0]); |
| result = -1; |
| } |
| } |
| } |
| /* |
| * Worst-case return value. |
| */ |
| return result; |
| } |
| /* |
| * Local Variables: |
| * mode: C |
| * c-file-style: "bsd" |
| * End: |
| */ |