1*a1e26a70SApple OSS Distributions #include <darwintest.h>
2*a1e26a70SApple OSS Distributions
3*a1e26a70SApple OSS Distributions #include <TargetConditionals.h>
4*a1e26a70SApple OSS Distributions #include <limits.h>
5*a1e26a70SApple OSS Distributions #include <stdio.h>
6*a1e26a70SApple OSS Distributions #include <stdlib.h>
7*a1e26a70SApple OSS Distributions #include <string.h>
8*a1e26a70SApple OSS Distributions #include <sys/errno.h>
9*a1e26a70SApple OSS Distributions #include <unistd.h>
10*a1e26a70SApple OSS Distributions
11*a1e26a70SApple OSS Distributions #if !TARGET_OS_OSX
12*a1e26a70SApple OSS Distributions #include <pwd.h>
13*a1e26a70SApple OSS Distributions #include <sys/types.h>
14*a1e26a70SApple OSS Distributions #include <uuid/uuid.h>
15*a1e26a70SApple OSS Distributions #endif
16*a1e26a70SApple OSS Distributions
17*a1e26a70SApple OSS Distributions #include "drop_priv.h"
18*a1e26a70SApple OSS Distributions
19*a1e26a70SApple OSS Distributions #if TARGET_OS_OSX
20*a1e26a70SApple OSS Distributions #define INVOKER_UID "SUDO_UID"
21*a1e26a70SApple OSS Distributions #define INVOKER_GID "SUDO_GID"
22*a1e26a70SApple OSS Distributions #define ID_MAX (unsigned long)UINT_MAX
23*a1e26a70SApple OSS Distributions static unsigned
_get_sudo_invoker(const char * var)24*a1e26a70SApple OSS Distributions _get_sudo_invoker(const char *var)
25*a1e26a70SApple OSS Distributions {
26*a1e26a70SApple OSS Distributions char *value_str = getenv(var);
27*a1e26a70SApple OSS Distributions T_QUIET; T_WITH_ERRNO; T_ASSERT_NOTNULL(value_str,
28*a1e26a70SApple OSS Distributions "Not running under sudo, getenv(\"%s\") failed", var);
29*a1e26a70SApple OSS Distributions T_QUIET; T_ASSERT_NE_CHAR(*value_str, '\0',
30*a1e26a70SApple OSS Distributions "getenv(\"%s\") returned an empty string", var);
31*a1e26a70SApple OSS Distributions
32*a1e26a70SApple OSS Distributions char *endp;
33*a1e26a70SApple OSS Distributions unsigned long value = strtoul(value_str, &endp, 10);
34*a1e26a70SApple OSS Distributions T_QUIET; T_WITH_ERRNO; T_ASSERT_EQ_CHAR(*endp, '\0',
35*a1e26a70SApple OSS Distributions "strtoul(\"%s\") not called on a valid number", value_str);
36*a1e26a70SApple OSS Distributions T_QUIET; T_WITH_ERRNO; T_ASSERT_NE_ULONG(value, ULONG_MAX,
37*a1e26a70SApple OSS Distributions "strtoul(\"%s\") overflow", value_str);
38*a1e26a70SApple OSS Distributions
39*a1e26a70SApple OSS Distributions T_QUIET; T_ASSERT_NE_ULONG(value, 0ul, "%s invalid", var);
40*a1e26a70SApple OSS Distributions T_QUIET; T_ASSERT_LT_ULONG(value, ID_MAX, "%s invalid", var);
41*a1e26a70SApple OSS Distributions return (unsigned)value;
42*a1e26a70SApple OSS Distributions }
43*a1e26a70SApple OSS Distributions #endif /* TARGET_OS_OSX */
44*a1e26a70SApple OSS Distributions
45*a1e26a70SApple OSS Distributions void
drop_priv(void)46*a1e26a70SApple OSS Distributions drop_priv(void)
47*a1e26a70SApple OSS Distributions {
48*a1e26a70SApple OSS Distributions #if TARGET_OS_OSX
49*a1e26a70SApple OSS Distributions uid_t lower_uid = _get_sudo_invoker(INVOKER_UID);
50*a1e26a70SApple OSS Distributions gid_t lower_gid = _get_sudo_invoker(INVOKER_GID);
51*a1e26a70SApple OSS Distributions #else
52*a1e26a70SApple OSS Distributions struct passwd *pw = getpwnam("mobile");
53*a1e26a70SApple OSS Distributions T_QUIET; T_WITH_ERRNO; T_ASSERT_NOTNULL(pw, "getpwnam(\"mobile\")");
54*a1e26a70SApple OSS Distributions uid_t lower_uid = pw->pw_uid;
55*a1e26a70SApple OSS Distributions gid_t lower_gid = pw->pw_gid;
56*a1e26a70SApple OSS Distributions #endif
57*a1e26a70SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setgid(lower_gid), "Change group to %u", lower_gid);
58*a1e26a70SApple OSS Distributions T_ASSERT_POSIX_SUCCESS(setuid(lower_uid), "Change user to %u", lower_uid);
59*a1e26a70SApple OSS Distributions }
60*a1e26a70SApple OSS Distributions
61*a1e26a70SApple OSS Distributions bool
running_as_root(void)62*a1e26a70SApple OSS Distributions running_as_root(void)
63*a1e26a70SApple OSS Distributions {
64*a1e26a70SApple OSS Distributions return geteuid() == 0;
65*a1e26a70SApple OSS Distributions }
66