E-MailRelay
groot.h
Go to the documentation of this file.
1//
2// Copyright (C) 2001-2021 Graeme Walker <graeme_walker@users.sourceforge.net>
3//
4// This program is free software: you can redistribute it and/or modify
5// it under the terms of the GNU General Public License as published by
6// the Free Software Foundation, either version 3 of the License, or
7// (at your option) any later version.
8//
9// This program is distributed in the hope that it will be useful,
10// but WITHOUT ANY WARRANTY; without even the implied warranty of
11// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12// GNU General Public License for more details.
13//
14// You should have received a copy of the GNU General Public License
15// along with this program. If not, see <http://www.gnu.org/licenses/>.
16// ===
17///
18/// \file groot.h
19///
20
21#ifndef G_ROOT_H
22#define G_ROOT_H
23
24#include "gdef.h"
25#include "gidentity.h"
26
27namespace G
28{
29 class Root ;
30}
31
32//| \class G::Root
33/// A class which acquires the process's special privileges on construction
34/// and releases them on destruction. Despite the name of the class the special
35/// privileges are not necessarily root privileges; they can be suid privileges.
36///
37/// The class must be initialised by calling a static init() method. If instances
38/// are nested then the inner instances have no effect.
39///
40/// The effect of this class depends on whether the process's real-id is root
41/// or not. If the real-id is root then the effective-id is switched to
42/// some named 'ordinary' user's id at startup, and then back to what it
43/// was (ie. root or the suid-id) for the critical sections. Otherwise,
44/// in the case of a suid binary not run by root, the privileged effective-id
45/// is switched to the real-id at startup and switched back for the critical
46/// sections (although the switching back does rely on the saved-suid-id
47/// mechanism, POSIX_SAVED_IDS).
48///
49/// The implementation uses G::Process and G::Identity.
50///
52{
53public:
54 Root() ;
55 ///< Default constructor. Acquires special privileges by switching the user-id
56 ///< and possibly the group-id (see init()).
57 ///<
58 ///< Does nothing if the class has not been initialised by a call to init().
59 ///< Does nothing if there is another instance at an outer scope.
60 ///<
61 ///< The implementation uses G::Process::beSpecial().
62
63 explicit Root( bool change_group ) ;
64 ///< Constructor overload with explicit control over whether to change the
65 ///< group-id or not.
66
67 ~Root() ; // NOLINT
68 ///< Desctructor. Releases special privileges if this instance acquired them.
69 ///< The implementation uses G::Process::beOrdinary(). Errors from seteuid()
70 ///< will call Process::terminate().
71
72 static void init( const std::string & nobody , bool fixed_group = false ) ;
73 ///< Initialises this class on process start-up by releasing root (or suid)
74 ///< privileges. Throws on error.
75 ///<
76 ///< The string parameter gives a non-privileged username which is used if the
77 ///< real user-id is root.
78
79 static Identity nobody() ;
80 ///< Returns the 'nobody' identity corresponding to the init() user name.
81 ///< Precondition: init() called
82
83 static void atExit() noexcept ;
84 ///< Re-acquires special privileges just before process exit.
85
86 static void atExit( SignalSafe ) noexcept ;
87 ///< Re-acquires special privileges just before process exit.
88
89public:
90 Root( const Root & ) = delete ;
91 Root( Root && ) = delete ;
92 void operator=( const Root & ) = delete ;
93 void operator=( Root && ) = delete ;
94
95private:
96 void check() ;
97
98private:
99 static Root * m_this ;
100 static bool m_initialised ;
101 static bool m_fixed_group ;
102 static Identity m_nobody ;
103 static Identity m_startup ;
104 bool m_change_group ;
105} ;
106
107#endif
A combination of user-id and group-id, with a very low-level interface to the get/set/e/uid/gid funct...
Definition: gidentity.h:43
A class which acquires the process's special privileges on construction and releases them on destruct...
Definition: groot.h:52
static Identity nobody()
Returns the 'nobody' identity corresponding to the init() user name.
Definition: groot.cpp:88
Root()
Default constructor.
Definition: groot.cpp:35
static void init(const std::string &nobody, bool fixed_group=false)
< Desctructor.
Definition: groot.cpp:80
static void atExit() noexcept
Re-acquires special privileges just before process exit.
Definition: groot.cpp:68
An empty structure that is used to indicate a signal-safe, reentrant implementation.
Definition: gsignalsafe.h:37
Low-level classes.
Definition: galign.h:28