diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-07-26 14:06:58 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-09-09 11:19:40 -0700 |
commit | 3e4a8149efbf7d6515ec6ac542ee8882320763d0 (patch) | |
tree | 47ea0ced2be5ce4f2a5ab246d5e10a686a98694c /src/connection/setuid.lisp | |
parent | 009634f28b0443cc6a5dc37f733e281819c9947b (diff) | |
download | consfigurator-3e4a8149efbf7d6515ec6ac542ee8882320763d0.tar.gz |
use CFFI, mostly via Osicat, for all syscalls/libc except fork(2)
Also replace some calls to chmod(1) with calls to chmod(2).
Using CFFI rather than implementation-specific wrappers should be better for
portability. Also with this commit we stop hard coding types like uid_t as
:UNSIGNED-INT, which was less portable.
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
Diffstat (limited to 'src/connection/setuid.lisp')
-rw-r--r-- | src/connection/setuid.lisp | 21 |
1 files changed, 2 insertions, 19 deletions
diff --git a/src/connection/setuid.lisp b/src/connection/setuid.lisp index 3e835e0..f0e17d8 100644 --- a/src/connection/setuid.lisp +++ b/src/connection/setuid.lisp @@ -18,22 +18,10 @@ (in-package :consfigurator.connection.setuid) (named-readtables:in-readtable :consfigurator) -(defun setuid (uid) - #+sbcl (sb-posix:setuid uid) - #-(or sbcl) (foreign-funcall "setuid" :unsigned-int uid :int)) - -(defun setgid (gid) - #+sbcl (sb-posix:setgid gid) - #-(or sbcl) (foreign-funcall "setgid" :unsigned-int uid :int)) - -(defun initgroups (user gid) - (foreign-funcall "initgroups" :string user :unsigned-int gid :int)) - (defclass setuid-connection (rehome-connection fork-connection) ()) (defmethod establish-connection ((type (eql :setuid)) remaining &key to) - (unless (and (lisp-connection-p) - (zerop (foreign-funcall "geteuid" :unsigned-int))) + (unless (and (lisp-connection-p) (zerop (nix:geteuid))) (error "~&SETUIDing requires a Lisp image running as root")) (informat 1 "~&SETUIDing to ~A" to) (multiple-value-bind (match groups) @@ -72,9 +60,4 @@ (posix-login-environment user (connection-connattr connection :remote-home)) ;; We are privileged, so this sets the real, effective and saved IDs. - (unless (zerop (setgid gid)) - (error "setgid(2) failed!")) - (unless (zerop (initgroups user gid)) - (error "initgroups(3) failed!")) - (unless (zerop (setuid uid)) - (error "setuid(2) failed!")))) + (nix:setgid gid) (nix:initgroups user gid) (nix:setuid uid))) |