static void CheckAgentAccess(Rlist *list, const Rlist *input_files) { struct stat sb; uid_t uid; int access = false; uid = getuid(); for (const Rlist *rp = list; rp != NULL; rp = rp->next) { if (Str2Uid(rp->item, NULL, NULL) == uid) { return; } } for (const Rlist *rp = input_files; rp != NULL; rp = rp->next) { cfstat(rp->item, &sb); if (ACCESSLIST) { for (const Rlist *rp2 = ACCESSLIST; rp2 != NULL; rp2 = rp2->next) { if (Str2Uid(rp2->item, NULL, NULL) == sb.st_uid) { access = true; break; } } if (!access) { CfOut(cf_error, "", "File %s is not owned by an authorized user (security exception)", ScalarValue(rp)); exit(1); } } else if (CFPARANOID && IsPrivileged()) { if (sb.st_uid != getuid()) { CfOut(cf_error, "", "File %s is not owned by uid %ju (security exception)", ScalarValue(rp), (uintmax_t)getuid()); exit(1); } } } FatalError("You are denied access to run this policy"); }
UidList *Rlist2UidList(Rlist *uidnames, const Promise *pp) { UidList *uidlist = NULL; Rlist *rp; char username[CF_MAXVARSIZE]; uid_t uid; for (rp = uidnames; rp != NULL; rp = rp->next) { username[0] = '\0'; uid = Str2Uid(rp->item, username, pp); AddSimpleUidItem(&uidlist, uid, username); } if (uidlist == NULL) { AddSimpleUidItem(&uidlist, CF_SAME_OWNER, NULL); } return (uidlist); }