Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / tlsdate / d9dd19dc919e17b4350801ca2f1373cbdc282f78 / . / src / util.c
blob: 90711c99d3723f809a921dc9408e5a978a8c1f1a [file] [log] [blame]
Elly Fong-Jones6fb0d4b2012-10-06 14:10:37 -0400[diff] [blame]1/*
2 * util.c - routeup/tlsdated utility functions
3 * Copyright (c) 2012 The Chromium Authors. All rights reserved.
4 * Use of this source code is governed by a BSD-style license that can be
5 * found in the LICENSE file.
6 */
7
Brian Akerb12abad2012-10-16 01:25:00 -0400[diff] [blame]8#include "config.h"
9
Elly Fong-Jonesa5e7fbb2013-01-08 14:08:33 -0500[diff] [blame]10#include <grp.h>
11#include <pwd.h>
Elly Fong-Jones6fb0d4b2012-10-06 14:10:37 -0400[diff] [blame]12#include <stdarg.h>
13#include <stdio.h>
ellydefa4652013-01-10 19:18:19 -0500[diff] [blame]14#include <sys/types.h>
Elly Fong-Jones6fb0d4b2012-10-06 14:10:37 -0400[diff] [blame]15#include <syslog.h>
ellydefa4652013-01-10 19:18:19 -0500[diff] [blame]16#include <unistd.h>
Elly Fong-Jones6fb0d4b2012-10-06 14:10:37 -0400[diff] [blame]17
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]18#ifdef WITH_EVENTS
19#include <event2/event.h>
20#endif
21
22#include "src/tlsdate.h"
Brian Akerb12abad2012-10-16 01:25:00 -0400[diff] [blame]23#include "src/util.h"
Elly Fong-Jones6fb0d4b2012-10-06 14:10:37 -0400[diff] [blame]24
Ben Chanab885bd2019-04-11 14:07:07 -0700[diff] [blame]25int verbose;
26
Jacob Appelbaumc88a9f72012-11-02 01:28:30 +0000[diff] [blame]27/** helper function to print message and die */
28void
29die (const char *fmt, ...)
30{
31 va_list ap;
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]32 va_start (ap, fmt);
33 vfprintf (stderr, fmt, ap);
34 va_end (ap);
Pavol Markod9dd19d2020-01-17 23:32:57 +0100[diff] [blame^]35 va_start (ap, fmt);
36 vsyslog (LOG_ERR, fmt, ap);
37 va_end (ap);
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]38 exit (1);
Jacob Appelbaumc88a9f72012-11-02 01:28:30 +0000[diff] [blame]39}
40
41/** helper function for 'verbose' output */
42void
43verb (const char *fmt, ...)
44{
45 va_list ap;
Jacob Appelbaumc88a9f72012-11-02 01:28:30 +0000[diff] [blame]46 if (! verbose) return;
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]47 va_start (ap, fmt);
48 vfprintf (stderr, fmt, ap);
49 va_end (ap);
Mike Frysinger1318d892018-05-29 06:47:49 -0400[diff] [blame]50 va_start (ap, fmt);
51 vsyslog (LOG_INFO, fmt, ap);
52 va_end (ap);
Jacob Appelbaumc88a9f72012-11-02 01:28:30 +0000[diff] [blame]53}
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]54void API logat (int isverbose, const char *fmt, ...)
Elly Fong-Jones6fb0d4b2012-10-06 14:10:37 -0400[diff] [blame]55{
Jacob Appelbaum8d751a02012-10-30 16:39:58 +0100[diff] [blame]56 if (isverbose && !verbose)
57 return;
58 va_list ap;
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]59 va_start (ap, fmt);
60 vfprintf (stderr, fmt, ap);
61 fprintf (stderr, "\n");
62 va_end (ap);
63 va_start (ap, fmt);
64 vsyslog (LOG_INFO, fmt, ap);
65 va_end (ap);
Elly Fong-Jones6fb0d4b2012-10-06 14:10:37 -0400[diff] [blame]66}
67
Elly Fong-Jonesa5e7fbb2013-01-08 14:08:33 -0500[diff] [blame]68void
69drop_privs_to (const char *user, const char *group)
70{
71 uid_t uid;
72 gid_t gid;
73 struct passwd *pw;
74 struct group *gr;
Elly Fong-Jonesa5e7fbb2013-01-08 14:08:33 -0500[diff] [blame]75 if (0 != getuid ())
76 return; /* not running as root to begin with; should (!) be harmless to continue
77 without dropping to 'nobody' (setting time will fail in the end) */
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]78 pw = getpwnam (user);
79 gr = getgrnam (group);
Elly Fong-Jonesa5e7fbb2013-01-08 14:08:33 -0500[diff] [blame]80 if (NULL == pw)
81 die ("Failed to obtain UID for `%s'\n", user);
82 if (NULL == gr)
83 die ("Failed to obtain GID for `%s'\n", group);
84 uid = pw->pw_uid;
85 if (0 == uid)
86 die ("UID for `%s' is 0, refusing to run SSL\n", user);
87 gid = pw->pw_gid;
88 if (0 == gid || 0 == gr->gr_gid)
89 die ("GID for `%s' is 0, refusing to run SSL\n", user);
90 if (pw->pw_gid != gr->gr_gid)
91 die ("GID for `%s' is not `%s' as expected, refusing to run SSL\n",
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]92 user, group);
93 if (0 != initgroups ( (const char *) user, gr->gr_gid))
Elly Fong-Jonesa5e7fbb2013-01-08 14:08:33 -0500[diff] [blame]94 die ("Unable to initgroups for `%s' in group `%s' as expected\n",
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]95 user, group);
Elly Fong-Jonesa5e7fbb2013-01-08 14:08:33 -0500[diff] [blame]96#ifdef HAVE_SETRESGID
97 if (0 != setresgid (gid, gid, gid))
98 die ("Failed to setresgid: %s\n", strerror (errno));
99#else
100 if (0 != (setgid (gid) | setegid (gid)))
101 die ("Failed to setgid: %s\n", strerror (errno));
102#endif
103#ifdef HAVE_SETRESUID
104 if (0 != setresuid (uid, uid, uid))
105 die ("Failed to setresuid: %s\n", strerror (errno));
106#else
107 if (0 != (setuid (uid) | seteuid (uid)))
108 die ("Failed to setuid: %s\n", strerror (errno));
109#endif
110}
111
Will Drewryc45952f2013-09-03 13:51:24 -0500[diff] [blame]112/* TODO(wad) rename to schedule_event */
113void
114trigger_event (struct state *state, enum event_id_t id, int sec)
115{
116#ifdef WITH_EVENTS
117 struct event *e = state->events[id];
118 struct timeval delay = { sec, 0 };
119 /* Fallthrough to tlsdate if there is no resolver. */
120 if (!e && id == E_RESOLVER)
121 e = state->events[E_TLSDATE];
122 if (!e)
123 {
124 info ("trigger_event with NULL |e|. I hope this is a test!");
125 return;
126 }
127 if (event_pending (e, EV_READ|EV_WRITE|EV_TIMEOUT|EV_SIGNAL, NULL))
128 event_del (e);
129 if (sec >= 0)
130 event_add (e, &delay);
131 else /* Note! This will not fire a TIMEOUT event. */
132 event_add (e, NULL);
133#endif
134}
135
136const char *
137sync_type_str (int sync_type)
138{
139 switch (sync_type)
140 {
141 case SYNC_TYPE_NONE:
142 return "none";
143 case SYNC_TYPE_BUILD:
144 return "build-timestamp";
145 case SYNC_TYPE_DISK:
146 return "disk-timestamp";
147 case SYNC_TYPE_RTC:
148 return "system-clock";
149 case SYNC_TYPE_PLATFORM:
150 return "platform-feature";
151 case SYNC_TYPE_NET:
152 return "network";
153 default:
154 return "error";
155 }
156}