2020-06-15 03:14:08 +03:00
|
|
|
//
|
2023-01-01 00:28:08 +03:00
|
|
|
// Copyright Aliaksei Levin (levlam@telegram.org), Arseny Smirnov (arseny30@gmail.com) 2014-2023
|
2020-06-15 03:14:08 +03:00
|
|
|
//
|
|
|
|
// Distributed under the Boost Software License, Version 1.0. (See accompanying
|
|
|
|
// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt)
|
|
|
|
//
|
|
|
|
#include "td/utils/port/user.h"
|
|
|
|
|
|
|
|
#include "td/utils/port/config.h"
|
|
|
|
|
|
|
|
#if TD_PORT_POSIX
|
2021-05-17 15:21:11 +03:00
|
|
|
#include "td/utils/SliceBuilder.h"
|
2020-06-26 02:24:13 +03:00
|
|
|
|
2020-06-15 03:14:08 +03:00
|
|
|
#include <grp.h>
|
|
|
|
#include <pwd.h>
|
|
|
|
#if TD_DARWIN || TD_FREEBSD || TD_NETBSD
|
|
|
|
#include <sys/param.h>
|
|
|
|
#endif
|
|
|
|
#include <sys/types.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
#endif
|
|
|
|
|
|
|
|
namespace td {
|
|
|
|
|
|
|
|
Status change_user(CSlice username, CSlice groupname) {
|
|
|
|
#if TD_PORT_POSIX
|
|
|
|
passwd *pw = getpwnam(username.c_str());
|
|
|
|
if (pw == nullptr) {
|
|
|
|
return OS_ERROR(PSTRING() << "Can't find the user '" << username << "' to switch to");
|
|
|
|
}
|
|
|
|
uid_t uid = pw->pw_uid;
|
|
|
|
gid_t gid = pw->pw_gid;
|
|
|
|
if (setgroups(1, &gid) == -1) {
|
|
|
|
return OS_ERROR("Failed to clear supplementary group list");
|
|
|
|
}
|
|
|
|
if (!groupname.empty()) {
|
|
|
|
group *g = getgrnam(groupname.c_str());
|
|
|
|
if (g == nullptr) {
|
|
|
|
return OS_ERROR("Can't find the group to switch to");
|
|
|
|
}
|
|
|
|
gid = g->gr_gid;
|
|
|
|
} else if (initgroups(username.c_str(), gid) == -1) {
|
|
|
|
return OS_ERROR("Failed to load groups of user");
|
|
|
|
}
|
|
|
|
if (setgid(gid) == -1) {
|
|
|
|
return OS_ERROR("failed to set effective group ID");
|
|
|
|
}
|
|
|
|
if (setuid(uid) == -1) {
|
|
|
|
return OS_ERROR("failed to set effective user ID");
|
|
|
|
}
|
|
|
|
return Status::OK();
|
|
|
|
#else
|
|
|
|
return Status::Error("Changing effective user is not supported");
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace td
|