From 0af6253edff589587fa54ff266ef2c6de1f1a60a Mon Sep 17 00:00:00 2001 From: Richard Kettlewell Date: Sat, 10 Dec 2011 17:17:14 +0000 Subject: [PATCH] Set group ID and group list. More sensible username lookup. Signed-off-by: Richard Kettlewell --- secnet.c | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/secnet.c b/secnet.c index efe52b3..e09c296 100644 --- a/secnet.c +++ b/secnet.c @@ -2,6 +2,7 @@ extern char version[]; #include "secnet.h" #include +#include #include #include #include @@ -9,6 +10,7 @@ extern char version[]; #include #include #include +#include #include "util.h" #include "conffile.h" @@ -20,6 +22,7 @@ static const char *sites_key="sites"; bool_t just_check_config=False; static char *userid=NULL; static uid_t uid=0; +static gid_t gid; bool_t background=True; static char *pidfile=NULL; bool_t require_root_privileges=False; @@ -184,17 +187,10 @@ static void setup(dict_t *config) /* Who are we supposed to run as? */ userid=dict_read_string(system,"userid",False,"system",loc); if (userid) { - do { - pw=getpwent(); - if (pw && strcmp(pw->pw_name,userid)==0) { - uid=pw->pw_uid; - break; - } - } while(pw); - endpwent(); - if (uid==0) { + if(!(pw=getpwnam(userid))) fatal("userid \"%s\" not found",userid); - } + uid=pw->pw_uid; + gid=pw->pw_gid; } /* Pidfile name */ @@ -331,10 +327,18 @@ static void droppriv(void) } /* Now drop privileges */ - if (uid!=0) { + if (userid) { + if (setgid(gid)!=0) + fatal_perror("can't set gid to %ld",(long)gid); + if(initgroups(userid, gid) < 0) + fatal_perror("initgroups"); if (setuid(uid)!=0) { fatal_perror("can't set uid to \"%s\"",userid); } + assert(getuid() == uid); + assert(geteuid() == uid); + assert(getgid() == gid); + assert(getegid() == gid); } if (background) { p=fork(); -- 2.30.2