util.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755
  1. /* Copyright 2003 Roger Dingledine */
  2. /* See LICENSE for licensing information */
  3. /* $Id$ */
  4. #include "../or/or.h"
  5. #ifdef HAVE_UNAME
  6. #include <sys/utsname.h>
  7. #endif
  8. /*
  9. * Memory wrappers
  10. */
  11. void *tor_malloc(size_t size) {
  12. void *result;
  13. result = malloc(size);
  14. if(!result) {
  15. log_fn(LOG_ERR, "Out of memory. Dying.");
  16. exit(1);
  17. }
  18. // memset(result,'X',size); /* deadbeef to encourage bugs */
  19. return result;
  20. }
  21. void *tor_malloc_zero(size_t size) {
  22. void *result = tor_malloc(size);
  23. memset(result, 0, size);
  24. return result;
  25. }
  26. void *tor_realloc(void *ptr, size_t size) {
  27. void *result;
  28. result = realloc(ptr, size);
  29. if (!result) {
  30. log_fn(LOG_ERR, "Out of memory. Dying.");
  31. exit(1);
  32. }
  33. return result;
  34. }
  35. char *tor_strdup(const char *s) {
  36. char *dup;
  37. assert(s);
  38. dup = strdup(s);
  39. if(!dup) {
  40. log_fn(LOG_ERR,"Out of memory. Dying.");
  41. exit(1);
  42. }
  43. return dup;
  44. }
  45. char *tor_strndup(const char *s, size_t n) {
  46. char *dup;
  47. assert(s);
  48. dup = tor_malloc(n+1);
  49. strncpy(dup, s, n);
  50. dup[n] = 0;
  51. return dup;
  52. }
  53. /*
  54. * A simple smartlist interface to make an unordered list of acceptable
  55. * nodes and then choose a random one.
  56. * smartlist_create() mallocs the list, _free() frees the list,
  57. * _add() adds an element, _remove() removes an element if it's there,
  58. * _choose() returns a random element.
  59. */
  60. smartlist_t *smartlist_create(int max_elements) {
  61. smartlist_t *sl = tor_malloc(sizeof(smartlist_t));
  62. sl->list = tor_malloc(sizeof(void *) * max_elements);
  63. sl->num_used = 0;
  64. sl->max = max_elements;
  65. return sl;
  66. }
  67. void smartlist_free(smartlist_t *sl) {
  68. free(sl->list);
  69. free(sl);
  70. }
  71. /* add element to the list, but only if there's room */
  72. void smartlist_add(smartlist_t *sl, void *element) {
  73. if(sl->num_used < sl->max)
  74. sl->list[sl->num_used++] = element;
  75. else
  76. log_fn(LOG_WARN,"We've already got %d elements, discarding.",sl->max);
  77. }
  78. void smartlist_remove(smartlist_t *sl, void *element) {
  79. int i;
  80. if(element == NULL)
  81. return;
  82. for(i=0; i < sl->num_used; i++)
  83. if(sl->list[i] == element) {
  84. sl->list[i] = sl->list[--sl->num_used]; /* swap with the end */
  85. i--; /* so we process the new i'th element */
  86. }
  87. }
  88. void *smartlist_choose(smartlist_t *sl) {
  89. if(sl->num_used)
  90. return sl->list[crypto_pseudo_rand_int(sl->num_used)];
  91. return NULL; /* no elements to choose from */
  92. }
  93. /*
  94. * String manipulation
  95. */
  96. /* return the first char of s that is not whitespace and not a comment */
  97. const char *eat_whitespace(const char *s) {
  98. assert(s);
  99. while(isspace(*s) || *s == '#') {
  100. while(isspace(*s))
  101. s++;
  102. if(*s == '#') { /* read to a \n or \0 */
  103. while(*s && *s != '\n')
  104. s++;
  105. if(!*s)
  106. return s;
  107. }
  108. }
  109. return s;
  110. }
  111. const char *eat_whitespace_no_nl(const char *s) {
  112. while(*s == ' ' || *s == '\t')
  113. ++s;
  114. return s;
  115. }
  116. /* return the first char of s that is whitespace or '#' or '\0 */
  117. const char *find_whitespace(const char *s) {
  118. assert(s);
  119. while(*s && !isspace(*s) && *s != '#')
  120. s++;
  121. return s;
  122. }
  123. /*
  124. * Time
  125. */
  126. void tor_gettimeofday(struct timeval *timeval) {
  127. #ifdef HAVE_GETTIMEOFDAY
  128. if (gettimeofday(timeval, NULL)) {
  129. log_fn(LOG_ERR, "gettimeofday failed.");
  130. /* If gettimeofday dies, we have either given a bad timezone (we didn't),
  131. or segfaulted.*/
  132. exit(1);
  133. }
  134. #elif defined(HAVE_FTIME)
  135. ftime(timeval);
  136. #else
  137. #error "No way to get time."
  138. #endif
  139. return;
  140. }
  141. long
  142. tv_udiff(struct timeval *start, struct timeval *end)
  143. {
  144. long udiff;
  145. long secdiff = end->tv_sec - start->tv_sec;
  146. if (secdiff+1 > LONG_MAX/1000000) {
  147. log_fn(LOG_WARN, "comparing times too far apart.");
  148. return LONG_MAX;
  149. }
  150. udiff = secdiff*1000000L + (end->tv_usec - start->tv_usec);
  151. if(udiff < 0) {
  152. log_fn(LOG_INFO, "start (%ld.%ld) is after end (%ld.%ld). Returning 0.",
  153. (long)start->tv_sec, (long)start->tv_usec, (long)end->tv_sec, (long)end->tv_usec);
  154. return 0;
  155. }
  156. return udiff;
  157. }
  158. int tv_cmp(struct timeval *a, struct timeval *b) {
  159. if (a->tv_sec > b->tv_sec)
  160. return 1;
  161. if (a->tv_sec < b->tv_sec)
  162. return -1;
  163. if (a->tv_usec > b->tv_usec)
  164. return 1;
  165. if (a->tv_usec < b->tv_usec)
  166. return -1;
  167. return 0;
  168. }
  169. void tv_add(struct timeval *a, struct timeval *b) {
  170. a->tv_usec += b->tv_usec;
  171. a->tv_sec += b->tv_sec + (a->tv_usec / 1000000);
  172. a->tv_usec %= 1000000;
  173. }
  174. void tv_addms(struct timeval *a, long ms) {
  175. a->tv_usec += (ms * 1000) % 1000000;
  176. a->tv_sec += ((ms * 1000) / 1000000) + (a->tv_usec / 1000000);
  177. a->tv_usec %= 1000000;
  178. }
  179. #define IS_LEAPYEAR(y) (!(y % 4) && ((y % 100) || !(y % 400)))
  180. static int n_leapdays(int y1, int y2) {
  181. --y1;
  182. --y2;
  183. return (y2/4 - y1/4) - (y2/100 - y1/100) + (y2/400 - y1/400);
  184. }
  185. static const int days_per_month[] =
  186. { 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
  187. time_t tor_timegm (struct tm *tm) {
  188. /* This is a pretty ironclad timegm implementation, snarfed from Python2.2.
  189. * It's way more brute-force than fiddling with tzset().
  190. */
  191. time_t ret;
  192. unsigned long year, days, hours, minutes;
  193. int i;
  194. year = tm->tm_year + 1900;
  195. assert(year >= 1970);
  196. assert(tm->tm_mon >= 0 && tm->tm_mon <= 11);
  197. days = 365 * (year-1970) + n_leapdays(1970,year);
  198. for (i = 0; i < tm->tm_mon; ++i)
  199. days += days_per_month[i];
  200. if (tm->tm_mon > 1 && IS_LEAPYEAR(year))
  201. ++days;
  202. days += tm->tm_mday - 1;
  203. hours = days*24 + tm->tm_hour;
  204. minutes = hours*60 + tm->tm_min;
  205. ret = minutes*60 + tm->tm_sec;
  206. return ret;
  207. }
  208. /*
  209. * Low-level I/O.
  210. */
  211. /* a wrapper for write(2) that makes sure to write all count bytes.
  212. * Only use if fd is a blocking fd. */
  213. int write_all(int fd, const char *buf, size_t count) {
  214. int written = 0;
  215. int result;
  216. while(written != count) {
  217. result = write(fd, buf+written, count-written);
  218. if(result<0)
  219. return -1;
  220. written += result;
  221. }
  222. return count;
  223. }
  224. /* a wrapper for read(2) that makes sure to read all count bytes.
  225. * Only use if fd is a blocking fd. */
  226. int read_all(int fd, char *buf, size_t count) {
  227. int numread = 0;
  228. int result;
  229. while(numread != count) {
  230. result = read(fd, buf+numread, count-numread);
  231. if(result<=0)
  232. return -1;
  233. numread += result;
  234. }
  235. return count;
  236. }
  237. void set_socket_nonblocking(int socket)
  238. {
  239. #ifdef MS_WINDOWS
  240. /* Yes means no and no means yes. Do you not want to be nonblocking? */
  241. int nonblocking = 0;
  242. ioctlsocket(socket, FIONBIO, (unsigned long*) &nonblocking);
  243. #else
  244. fcntl(socket, F_SETFL, O_NONBLOCK);
  245. #endif
  246. }
  247. /*
  248. * Process control
  249. */
  250. /* Minimalist interface to run a void function in the background. On
  251. * unix calls fork, on win32 calls beginthread. Returns -1 on failure.
  252. * func should not return, but rather should call spawn_exit.
  253. */
  254. int spawn_func(int (*func)(void *), void *data)
  255. {
  256. #ifdef MS_WINDOWS
  257. int rv;
  258. rv = _beginthread(func, 0, data);
  259. if (rv == (unsigned long) -1)
  260. return -1;
  261. return 0;
  262. #else
  263. pid_t pid;
  264. pid = fork();
  265. if (pid<0)
  266. return -1;
  267. if (pid==0) {
  268. /* Child */
  269. func(data);
  270. assert(0); /* Should never reach here. */
  271. return 0; /* suppress "control-reaches-end-of-non-void" warning. */
  272. } else {
  273. /* Parent */
  274. return 0;
  275. }
  276. #endif
  277. }
  278. void spawn_exit()
  279. {
  280. #ifdef MS_WINDOWS
  281. _endthread();
  282. #else
  283. exit(0);
  284. #endif
  285. }
  286. /*
  287. * Windows compatibility.
  288. */
  289. int
  290. tor_socketpair(int family, int type, int protocol, int fd[2])
  291. {
  292. #ifdef HAVE_SOCKETPAIR_XXXX
  293. /* For testing purposes, we never fall back to real socketpairs. */
  294. return socketpair(family, type, protocol, fd);
  295. #else
  296. int listener = -1;
  297. int connector = -1;
  298. int acceptor = -1;
  299. struct sockaddr_in listen_addr;
  300. struct sockaddr_in connect_addr;
  301. int size;
  302. if (protocol
  303. #ifdef AF_UNIX
  304. || family != AF_UNIX
  305. #endif
  306. ) {
  307. #ifdef MS_WINDOWS
  308. errno = WSAEAFNOSUPPORT;
  309. #else
  310. errno = EAFNOSUPPORT;
  311. #endif
  312. return -1;
  313. }
  314. if (!fd) {
  315. errno = EINVAL;
  316. return -1;
  317. }
  318. listener = socket(AF_INET, type, 0);
  319. if (listener == -1)
  320. return -1;
  321. memset (&listen_addr, 0, sizeof (listen_addr));
  322. listen_addr.sin_family = AF_INET;
  323. listen_addr.sin_addr.s_addr = htonl (INADDR_LOOPBACK);
  324. listen_addr.sin_port = 0; /* kernel choses port. */
  325. if (bind(listener, (struct sockaddr *) &listen_addr, sizeof (listen_addr))
  326. == -1)
  327. goto tidy_up_and_fail;
  328. if (listen(listener, 1) == -1)
  329. goto tidy_up_and_fail;
  330. connector = socket(AF_INET, type, 0);
  331. if (connector == -1)
  332. goto tidy_up_and_fail;
  333. /* We want to find out the port number to connect to. */
  334. size = sizeof (connect_addr);
  335. if (getsockname(listener, (struct sockaddr *) &connect_addr, &size) == -1)
  336. goto tidy_up_and_fail;
  337. if (size != sizeof (connect_addr))
  338. goto abort_tidy_up_and_fail;
  339. if (connect(connector, (struct sockaddr *) &connect_addr,
  340. sizeof (connect_addr)) == -1)
  341. goto tidy_up_and_fail;
  342. size = sizeof (listen_addr);
  343. acceptor = accept(listener, (struct sockaddr *) &listen_addr, &size);
  344. if (acceptor == -1)
  345. goto tidy_up_and_fail;
  346. if (size != sizeof(listen_addr))
  347. goto abort_tidy_up_and_fail;
  348. close(listener);
  349. /* Now check we are talking to ourself by matching port and host on the
  350. two sockets. */
  351. if (getsockname(connector, (struct sockaddr *) &connect_addr, &size) == -1)
  352. goto tidy_up_and_fail;
  353. if (size != sizeof (connect_addr)
  354. || listen_addr.sin_family != connect_addr.sin_family
  355. || listen_addr.sin_addr.s_addr != connect_addr.sin_addr.s_addr
  356. || listen_addr.sin_port != connect_addr.sin_port) {
  357. goto abort_tidy_up_and_fail;
  358. }
  359. fd[0] = connector;
  360. fd[1] = acceptor;
  361. return 0;
  362. abort_tidy_up_and_fail:
  363. #ifdef MS_WINDOWS
  364. errno = WSAECONNABORTED;
  365. #else
  366. errno = ECONNABORTED; /* I hope this is portable and appropriate. */
  367. #endif
  368. tidy_up_and_fail:
  369. {
  370. int save_errno = errno;
  371. if (listener != -1)
  372. close(listener);
  373. if (connector != -1)
  374. close(connector);
  375. if (acceptor != -1)
  376. close(acceptor);
  377. errno = save_errno;
  378. return -1;
  379. }
  380. #endif
  381. }
  382. #ifdef MS_WINDOWS
  383. int correct_socket_errno(int s)
  384. {
  385. int optval, optvallen=sizeof(optval);
  386. assert(errno == WSAEWOULDBLOCK);
  387. if (getsockopt(s, SOL_SOCKET, SO_ERROR, (void*)&optval, &optvallen))
  388. return errno;
  389. if (optval)
  390. return optval;
  391. return WSAEWOULDBLOCK;
  392. }
  393. #endif
  394. /*
  395. * Filesystem operations.
  396. */
  397. /* Return FN_ERROR if filename can't be read, FN_NOENT if it doesn't
  398. * exist, FN_FILE if it is a regular file, or FN_DIR if it's a
  399. * directory. */
  400. file_status_t file_status(const char *fname)
  401. {
  402. struct stat st;
  403. if (stat(fname, &st)) {
  404. if (errno == ENOENT) {
  405. return FN_NOENT;
  406. }
  407. return FN_ERROR;
  408. }
  409. if (st.st_mode & S_IFDIR)
  410. return FN_DIR;
  411. else if (st.st_mode & S_IFREG)
  412. return FN_FILE;
  413. else
  414. return FN_ERROR;
  415. }
  416. /* Check whether dirname exists and is private. If yes returns
  417. 0. Else returns -1. */
  418. int check_private_dir(const char *dirname, int create)
  419. {
  420. struct stat st;
  421. if (stat(dirname, &st)) {
  422. if (errno != ENOENT) {
  423. log(LOG_WARN, "Directory %s cannot be read: %s", dirname,
  424. strerror(errno));
  425. return -1;
  426. }
  427. if (!create) {
  428. log(LOG_WARN, "Directory %s does not exist.", dirname);
  429. return -1;
  430. }
  431. log(LOG_INFO, "Creating directory %s", dirname);
  432. if (mkdir(dirname, 0700)) {
  433. log(LOG_WARN, "Error creating directory %s: %s", dirname,
  434. strerror(errno));
  435. return -1;
  436. } else {
  437. return 0;
  438. }
  439. }
  440. if (!(st.st_mode & S_IFDIR)) {
  441. log(LOG_WARN, "%s is not a directory", dirname);
  442. return -1;
  443. }
  444. if (st.st_uid != getuid()) {
  445. log(LOG_WARN, "%s is not owned by this UID (%d)", dirname, getuid());
  446. return -1;
  447. }
  448. if (st.st_mode & 0077) {
  449. log(LOG_WARN, "Fixing permissions on directory %s", dirname);
  450. if (chmod(dirname, 0700)) {
  451. log(LOG_WARN, "Could not chmod directory %s: %s", dirname,
  452. strerror(errno));
  453. return -1;
  454. } else {
  455. return 0;
  456. }
  457. }
  458. return 0;
  459. }
  460. int
  461. write_str_to_file(const char *fname, const char *str)
  462. {
  463. char tempname[1024];
  464. int fd;
  465. FILE *file;
  466. if (strlen(fname) > 1000) {
  467. log(LOG_WARN, "Filename %s is too long.", fname);
  468. return -1;
  469. }
  470. strcpy(tempname,fname);
  471. strcat(tempname,".tmp");
  472. if ((fd = open(tempname, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
  473. log(LOG_WARN, "Couldn't open %s for writing: %s", tempname,
  474. strerror(errno));
  475. return -1;
  476. }
  477. if (!(file = fdopen(fd, "w"))) {
  478. log(LOG_WARN, "Couldn't fdopen %s for writing: %s", tempname,
  479. strerror(errno));
  480. close(fd); return -1;
  481. }
  482. if (fputs(str,file) == EOF) {
  483. log(LOG_WARN, "Error writing to %s: %s", tempname, strerror(errno));
  484. fclose(file); return -1;
  485. }
  486. fclose(file);
  487. if (rename(tempname, fname)) {
  488. log(LOG_WARN, "Error replacing %s: %s", fname, strerror(errno));
  489. return -1;
  490. }
  491. return 0;
  492. }
  493. char *read_file_to_str(const char *filename) {
  494. int fd; /* router file */
  495. struct stat statbuf;
  496. char *string;
  497. assert(filename);
  498. if(strcspn(filename,CONFIG_LEGAL_FILENAME_CHARACTERS) != 0) {
  499. log_fn(LOG_WARN,"Filename %s contains illegal characters.",filename);
  500. return NULL;
  501. }
  502. if(stat(filename, &statbuf) < 0) {
  503. log_fn(LOG_INFO,"Could not stat %s.",filename);
  504. return NULL;
  505. }
  506. fd = open(filename,O_RDONLY,0);
  507. if (fd<0) {
  508. log_fn(LOG_WARN,"Could not open %s.",filename);
  509. return NULL;
  510. }
  511. string = tor_malloc(statbuf.st_size+1);
  512. if(read_all(fd,string,statbuf.st_size) != statbuf.st_size) {
  513. log_fn(LOG_WARN,"Couldn't read all %ld bytes of file '%s'.",
  514. (long)statbuf.st_size,filename);
  515. free(string);
  516. close(fd);
  517. return NULL;
  518. }
  519. close(fd);
  520. string[statbuf.st_size] = 0; /* null terminate it */
  521. return string;
  522. }
  523. /* read lines from f (no more than maxlen-1 bytes each) until we
  524. * get one with a well-formed "key value".
  525. * point *key to the first word in line, point *value to the second.
  526. * Put a \0 at the end of key, remove everything at the end of value
  527. * that is whitespace or comment.
  528. * Return 1 if success, 0 if no more lines, -1 if error.
  529. */
  530. int parse_line_from_file(char *line, int maxlen, FILE *f, char **key_out, char **value_out) {
  531. char *s, *key, *end, *value;
  532. try_next_line:
  533. if(!fgets(line, maxlen, f)) {
  534. if(feof(f))
  535. return 0;
  536. return -1; /* real error */
  537. }
  538. if((s = strchr(line,'#'))) /* strip comments */
  539. *s = 0; /* stop the line there */
  540. /* remove end whitespace */
  541. s = strchr(line, 0); /* now we're at the null */
  542. do {
  543. *s = 0;
  544. s--;
  545. } while (s >= line && isspace(*s));
  546. key = line;
  547. while(isspace(*key))
  548. key++;
  549. if(*key == 0)
  550. goto try_next_line; /* this line has nothing on it */
  551. end = key;
  552. while(*end && !isspace(*end))
  553. end++;
  554. value = end;
  555. while(*value && isspace(*value))
  556. value++;
  557. if(!*end || !*value) { /* only a key on this line. no value. */
  558. *end = 0;
  559. log_fn(LOG_WARN,"Line has keyword '%s' but no value. Skipping.",key);
  560. goto try_next_line;
  561. }
  562. *end = 0; /* null it out */
  563. log_fn(LOG_DEBUG,"got keyword '%s', value '%s'", key, value);
  564. *key_out = key, *value_out = value;
  565. return 1;
  566. }
  567. static char uname_result[256];
  568. static int uname_result_is_set = 0;
  569. const char *
  570. get_uname(void)
  571. {
  572. #ifdef HAVE_UNAME
  573. struct utsname u;
  574. #endif
  575. if (!uname_result_is_set) {
  576. #ifdef HAVE_UNAME
  577. if (!uname((&u))) {
  578. snprintf(uname_result, 255, "%s %s %s %s %s",
  579. u.sysname, u.nodename, u.release, u.version, u.machine);
  580. uname_result[255] = '\0';
  581. } else
  582. #endif
  583. {
  584. strcpy(uname_result, "Unknown platform");
  585. }
  586. uname_result_is_set = 1;
  587. }
  588. return uname_result;
  589. }
  590. void daemonize(void) {
  591. #ifdef HAVE_DAEMON
  592. if (daemon(0 /* chdir to / */,
  593. 0 /* Redirect std* to /dev/null */)) {
  594. log_fn(LOG_ERR, "Daemon returned an error: %s", strerror(errno));
  595. exit(1);
  596. }
  597. #elif ! defined(MS_WINDOWS)
  598. /* Fork; parent exits. */
  599. if (fork())
  600. exit(0);
  601. /* Create new session; make sure we never get a terminal */
  602. setsid();
  603. if (fork())
  604. exit(0);
  605. chdir("/");
  606. umask(000);
  607. fclose(stdin);
  608. fclose(stdout);
  609. fclose(stderr);
  610. #endif
  611. }
  612. void write_pidfile(char *filename) {
  613. #ifndef MS_WINDOWS
  614. FILE *pidfile;
  615. if ((pidfile = fopen(filename, "w")) == NULL) {
  616. log_fn(LOG_WARN, "unable to open %s for writing: %s", filename,
  617. strerror(errno));
  618. } else {
  619. fprintf(pidfile, "%d", getpid());
  620. fclose(pidfile);
  621. }
  622. #endif
  623. }
  624. int switch_id(char *user, char *group) {
  625. #ifndef MS_WINDOWS
  626. struct passwd *pw = NULL;
  627. struct group *gr = NULL;
  628. if (user) {
  629. pw = getpwnam(user);
  630. if (pw == NULL) {
  631. log_fn(LOG_ERR,"User '%s' not found.", user);
  632. return -1;
  633. }
  634. }
  635. /* switch the group first, while we still have the privileges to do so */
  636. if (group) {
  637. gr = getgrnam(group);
  638. if (gr == NULL) {
  639. log_fn(LOG_ERR,"Group '%s' not found.", group);
  640. return -1;
  641. }
  642. if (setgid(gr->gr_gid) != 0) {
  643. log_fn(LOG_ERR,"Error setting GID: %s", strerror(errno));
  644. return -1;
  645. }
  646. } else if (user) {
  647. if (setgid(pw->pw_gid) != 0) {
  648. log_fn(LOG_ERR,"Error setting GID: %s", strerror(errno));
  649. return -1;
  650. }
  651. }
  652. /* now that the group is switched, we can switch users and lose
  653. privileges */
  654. if (user) {
  655. if (setuid(pw->pw_uid) != 0) {
  656. log_fn(LOG_ERR,"Error setting UID: %s", strerror(errno));
  657. return -1;
  658. }
  659. }
  660. return 0;
  661. #endif
  662. log_fn(LOG_ERR,
  663. "User or group specified, but switching users is not supported.");
  664. return -1;
  665. }