static nomask int check_access(string tmp) {
int i;
string *parts;
debug("Passed to check_access: " + tmp);
init_access();
debug("past init_access()");
// okay, first check for a direct match. This will be a lot of
// cases for variables, less for files.
if (perms[tmp]) return perms[tmp];
// there was no match, so let's split this string up into segments.
// If there is only one element in the resulting array, then we
// know it's been passed already.
parts = explode(tmp, "/");
// question, what to do here? For file security, it probably
// means they are trying to write to /, but for variables it sounds
// like they are adding a new one.... one is harmless, the other isn't.
// for now, I'll assume that there is another way to lock the root
// directory... it may be necessary to add a "/" entry.
// This is my solution, but I suspect there's a better way where
// I won't have to do this for all objects.
if (sizeof(parts) == 1) {
debug("Only one level depth to resolve");
if (file_name(this_object()) == "adm/newaccess")
return MASTER_ONLY;
else return PUBLIC;
}
// okay, let's look for the closest match we can find for this,
// starting with things most similar and working towards root.
for (i=sizeof(parts)-1; i>=0; i--) {
tmp = implode(parts[0..i], "/");
debug("debug: checking for an entry for " + tmp);
if(perms[tmp]) {
debug("Matched " + implode(parts, "/") + " with " + tmp);
return perms[tmp];
}
}
debug("No match, returning PUBLIC status.");
return PUBLIC;
}
/* Give the process appropriate permissions for access to
make data (i.e., the load average). */
void
make_access (void)
{
#ifdef GETLOADAVG_PRIVILEGED
if (!access_inited)
init_access ();
if (current_access == make)
return;
/* See comments in user_access, above. */
#ifdef HAVE_SETEUID
if (seteuid (make_uid) < 0)
pfatal_with_name ("make_access: seteuid");
#else
#ifndef HAVE_SETREUID
if (setuid (make_uid) < 0)
pfatal_with_name ("make_access: setuid");
#else
if (setreuid (user_uid, make_uid) < 0)
pfatal_with_name ("make_access: setreuid");
#endif
#endif
#ifdef HAVE_SETEGID
if (setegid (make_gid) < 0)
pfatal_with_name ("make_access: setegid");
#else
#ifndef HAVE_SETREGID
if (setgid (make_gid) < 0)
pfatal_with_name ("make_access: setgid");
#else
if (setregid (user_gid, make_gid) < 0)
pfatal_with_name ("make_access: setregid");
#endif
#endif
current_access = make;
log_access (_("Make access"));
#endif /* GETLOADAVG_PRIVILEGED */
}
//there has to be a better way to do this :/
void Run(void)
{
char *ce;
SetSig ();
Banner ();
if ((ce = (char *)get_config_entry("?omega", "version")))
{
if (CONFIG_VERSION != atoi(ce))
{
fprintf(stderr, "\033[1;31mCRITICAL\033[0m: Invalid configuration file version. [Given: %s][Required: %d]", ce, CONFIG_VERSION);
Exit(0);
}
} else {
fprintf(stderr, "\033[1;31mERROR\033[0m: Unable to determine the configuration file version. Please make sure you have all <?omega> intact\n");
fprintf(stderr, "Assuming configuration version \033[1;31m%d\033[0m\n\n", CONFIG_VERSION);
}
#ifdef HAVE_SETPROCTITLE
setproctitle("%s", CfgSettings.servername);
#endif
open_log ();
init_uid ();
AddEventEx ("House Keeping", 900, EVENT_UNLIMITED, ev_housekeeping);
AddEvent ("BURST", burst_local_users);
AddEvent ("BURST", burst_local_servers);
AddEvent ("CONNECT", introduce_users);
if ((Omega->me = new_serv(NULL, CfgSettings.servername)))
{
strlcpy (Omega->me->sid, CfgSettings.sid, sizeof(Omega->me->sid));
Omega->me->eos = 1; //mark us as already EOS'ed
}
else
{
fprintf (stderr, "Unable to create our server entry\n");
exit (0);
}
/*
* Initialize our core for running
*/
database_init ();
protocol_init ();
servsock = add_new_socket ((void*) psr_HandleEvent, NULL);
servsock->flags |= SOCK_UPLINK;
strlcpy (servsock->name, "Uplink", sizeof(servsock->name));
#ifdef HAVE_GNUTLS
servsock->tls_enabled = get_config_bool("link", "gnutls", 0);
#endif
psr_init ();
init_access();
init_modules();
introduce_users (0, NULL);
/*
* Connect to the IRCd if we don't connect Add an event to connect...
*/
printf ("\r\n");
printf ("Connecting to \033[1;32m%s\033[0m port \033[1;32m%d\033[0m\033[0m\n", CfgSettings.uplink, CfgSettings.port);
if (Connect (servsock, CfgSettings.uplink, CfgSettings.local_ip, CfgSettings.port))
ircd_connect ();
else
AddEventEx ("Connect Uplink", 60, 3, ev_connectuplink);
/*
* Okay begin
*/
OneTimeAround ();
return;
}
/* Give the process appropriate permissions for access to
user data (i.e., to stat files, or to spawn a child process). */
void
user_access (void)
{
#ifdef GETLOADAVG_PRIVILEGED
if (!access_inited)
init_access ();
if (current_access == user)
return;
/* We are in "make access" mode. This means that the effective user and
group IDs are those of make (if it was installed setuid or setgid).
We now want to set the effective user and group IDs to the real IDs,
which are the IDs of the process that exec'd make. */
#ifdef HAVE_SETEUID
/* Modern systems have the seteuid/setegid calls which set only the
effective IDs, which is ideal. */
if (seteuid (user_uid) < 0)
pfatal_with_name ("user_access: seteuid");
#else /* Not HAVE_SETEUID. */
#ifndef HAVE_SETREUID
/* System V has only the setuid/setgid calls to set user/group IDs.
There is an effective ID, which can be set by setuid/setgid.
It can be set (unless you are root) only to either what it already is
(returned by geteuid/getegid, now in make_uid/make_gid),
the real ID (return by getuid/getgid, now in user_uid/user_gid),
or the saved set ID (what the effective ID was before this set-ID
executable (make) was exec'd). */
if (setuid (user_uid) < 0)
pfatal_with_name ("user_access: setuid");
#else /* HAVE_SETREUID. */
/* In 4BSD, the setreuid/setregid calls set both the real and effective IDs.
They may be set to themselves or each other. So you have two alternatives
at any one time. If you use setuid/setgid, the effective will be set to
the real, leaving only one alternative. Using setreuid/setregid, however,
you can toggle between your two alternatives by swapping the values in a
single setreuid or setregid call. */
if (setreuid (make_uid, user_uid) < 0)
pfatal_with_name ("user_access: setreuid");
#endif /* Not HAVE_SETREUID. */
#endif /* HAVE_SETEUID. */
#ifdef HAVE_SETEGID
if (setegid (user_gid) < 0)
pfatal_with_name ("user_access: setegid");
#else
#ifndef HAVE_SETREGID
if (setgid (user_gid) < 0)
pfatal_with_name ("user_access: setgid");
#else
if (setregid (make_gid, user_gid) < 0)
pfatal_with_name ("user_access: setregid");
#endif
#endif
current_access = user;
log_access (_("User access"));
#endif /* GETLOADAVG_PRIVILEGED */
}
