[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH 4/4] utils: add nullauth utility
|
From: |
Justus Winter |
|
Subject: |
[PATCH 4/4] utils: add nullauth utility |
|
Date: |
Sat, 27 Jul 2013 15:32:06 +0200 |
nullauth drops all authentication credentials and runs the given
program. This is also useful to drop privileges on behalf of
translators that do not need any credentials in some circumstances,
e.g.
% settrans -ap /hurd/nullauth -- /hurd/storeio -Tzero
makes storeio run without any credentials.
* utils/nullauth.c: New file.
* utils/Makefile: Build nullauth.
---
utils/Makefile | 8 +++--
utils/nullauth.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 95 insertions(+), 3 deletions(-)
create mode 100644 utils/nullauth.c
diff --git a/utils/Makefile b/utils/Makefile
index e3bed0b..a6319c7 100644
--- a/utils/Makefile
+++ b/utils/Makefile
@@ -21,14 +21,16 @@ makemode := utilities
targets = shd ps settrans showtrans syncfs fsysopts \
storeinfo login w uptime ids loginpr sush vmstat portinfo \
devprobe vminfo addauth rmauth unsu setauth ftpcp ftpdir storecat \
- storeread msgport rpctrace mount gcore fakeauth fakeroot remap
+ storeread msgport rpctrace mount gcore fakeauth fakeroot remap \
+ nullauth
special-targets = loginpr sush uptime fakeroot remap
SRCS = shd.c ps.c settrans.c syncfs.c showtrans.c addauth.c rmauth.c \
fsysopts.c storeinfo.c login.c loginpr.sh sush.sh w.c \
uptime.sh psout.c ids.c vmstat.c portinfo.c devprobe.c vminfo.c \
parse.c frobauth.c frobauth-mod.c setauth.c pids.c nonsugid.c \
unsu.c ftpcp.c ftpdir.c storeread.c storecat.c msgport.c \
- rpctrace.c mount.c gcore.c fakeauth.c fakeroot.sh remap.sh
+ rpctrace.c mount.c gcore.c fakeauth.c fakeroot.sh remap.sh \
+ nullauth.c
OBJS = $(filter-out %.sh,$(SRCS:.c=.o))
HURDLIBS = ps ihash store fshelp ports ftpconn shouldbeinlibc
@@ -56,7 +58,7 @@ ftpcp ftpdir: ../libftpconn/libftpconn.a
settrans: ../libfshelp/libfshelp.a ../libports/libports.a
ps w ids settrans syncfs showtrans fsysopts storeinfo login vmstat portinfo \
devprobe vminfo addauth rmauth setauth unsu ftpcp ftpdir storeread \
- storecat msgport mount: \
+ storecat msgport mount nullauth: \
../libshouldbeinlibc/libshouldbeinlibc.a
$(filter-out $(special-targets), $(targets)): %: %.o
diff --git a/utils/nullauth.c b/utils/nullauth.c
new file mode 100644
index 0000000..a0d5d1b
--- /dev/null
+++ b/utils/nullauth.c
@@ -0,0 +1,90 @@
+/* Utility to drop all authentication credentials.
+
+ Copyright (C) 2013 Free Software Foundation, Inc.
+
+ Written by Justus Winter <4winter@informatik.uni-hamburg.de>
+
+ This file is part of the GNU Hurd.
+
+ This program is free software; you can redistribute it and/or
+ modify it under the terms of the GNU General Public License as
+ published by the Free Software Foundation; either version 2, or (at
+ your option) any later version.
+
+ This program is distributed in the hope that it will be useful, but
+ WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#include <argp.h>
+#include <error.h>
+#include <nullauth.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#include <version.h>
+
+static char **args;
+
+const char const *argp_program_version = STANDARD_HURD_VERSION (nullauth);
+
+static const struct argp_option const options[] =
+{
+ { 0 }
+};
+
+static const char const doc[] =
+ "Drop all authentication credentials and run the given program.";
+static const char const args_doc[] =
+ "PROGRAM [ARGUMENTS...]\tThe program to run";
+
+error_t
+parse_opt (int key, char *arg, struct argp_state *state)
+{
+ switch (key)
+ {
+ case ARGP_KEY_ARGS:
+ args = state->argv + state->next;
+ break;
+
+ case ARGP_KEY_NO_ARGS:
+ argp_error (state, "expected program to run");
+ return EINVAL;
+
+ default:
+ return ARGP_ERR_UNKNOWN;
+ }
+
+ return 0;
+}
+
+static struct argp argp = {
+ options,
+ parse_opt,
+ args_doc,
+ doc,
+ NULL,
+};
+�
+int
+main (int argc, char *argv[])
+{
+ error_t err;
+
+ /* Parse our command line. This shouldn't ever return an error. */
+ argp_parse (&argp, argc, argv, 0, 0, NULL);
+
+ /* Drop all privileges. */
+ err = setnullauth();
+ if (err)
+ error (1, err, "Could not drop privileges");
+
+ execv (args[0], args);
+ error (1, errno, "execv");
+
+ /* Not reached. */
+ return EXIT_FAILURE;
+}
--
1.7.10.4