in src/native/unix/native/jsvc-unix.c [419:470]
static bool checkuser(char *user, uid_t * uid, gid_t * gid)
{
struct passwd *pwds = NULL;
int status = 0;
pid_t pid = 0;
/* Do we actually _have_ to switch user? */
if (user == NULL)
return true;
pwds = getpwnam(user);
if (pwds == NULL) {
log_error("Invalid user name '%s' specified", user);
return false;
}
*uid = pwds->pw_uid;
*gid = pwds->pw_gid;
/* Validate the user name in another process */
pid = fork();
if (pid == -1) {
log_error("Cannot validate user name");
return false;
}
/* If we're in the child process, let's validate */
if (pid == 0) {
if (set_user_group(user, *uid, *gid) != 0)
exit(1);
/* If we got here we switched user/group */
exit(0);
}
while (waitpid(pid, &status, 0) != pid) {
/* Just wait */
}
/* The child must have exited cleanly */
if (WIFEXITED(status)) {
status = WEXITSTATUS(status);
/* If the child got out with 0 the user is ok */
if (status == 0) {
log_debug("User '%s' validated", user);
return true;
}
}
log_error("Error validating user '%s'", user);
return false;
}