chiark
/
gitweb
/
~mdw
/
secnet
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Set group ID and group list.
[secnet]
/
secnet.c
diff --git
a/secnet.c
b/secnet.c
index efe52b356048bc2e44ca0ac93939bd6edae90bf0..e09c296bfef14bcb6a8e04cfeee58fe7bd964a73 100644
(file)
--- a/
secnet.c
+++ b/
secnet.c
@@
-2,6
+2,7
@@
extern char version[];
#include "secnet.h"
#include <stdio.h>
#include "secnet.h"
#include <stdio.h>
+#include <assert.h>
#include <string.h>
#include <getopt.h>
#include <errno.h>
#include <string.h>
#include <getopt.h>
#include <errno.h>
@@
-9,6
+10,7
@@
extern char version[];
#include <sys/socket.h>
#include <arpa/inet.h>
#include <pwd.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <pwd.h>
+#include <grp.h>
#include "util.h"
#include "conffile.h"
#include "util.h"
#include "conffile.h"
@@
-20,6
+22,7
@@
static const char *sites_key="sites";
bool_t just_check_config=False;
static char *userid=NULL;
static uid_t uid=0;
bool_t just_check_config=False;
static char *userid=NULL;
static uid_t uid=0;
+static gid_t gid;
bool_t background=True;
static char *pidfile=NULL;
bool_t require_root_privileges=False;
bool_t background=True;
static char *pidfile=NULL;
bool_t require_root_privileges=False;
@@
-184,17
+187,10
@@
static void setup(dict_t *config)
/* Who are we supposed to run as? */
userid=dict_read_string(system,"userid",False,"system",loc);
if (userid) {
/* Who are we supposed to run as? */
userid=dict_read_string(system,"userid",False,"system",loc);
if (userid) {
- do {
- pw=getpwent();
- if (pw && strcmp(pw->pw_name,userid)==0) {
- uid=pw->pw_uid;
- break;
- }
- } while(pw);
- endpwent();
- if (uid==0) {
+ if(!(pw=getpwnam(userid)))
fatal("userid \"%s\" not found",userid);
fatal("userid \"%s\" not found",userid);
- }
+ uid=pw->pw_uid;
+ gid=pw->pw_gid;
}
/* Pidfile name */
}
/* Pidfile name */
@@
-331,10
+327,18
@@
static void droppriv(void)
}
/* Now drop privileges */
}
/* Now drop privileges */
- if (uid!=0) {
+ if (userid) {
+ if (setgid(gid)!=0)
+ fatal_perror("can't set gid to %ld",(long)gid);
+ if(initgroups(userid, gid) < 0)
+ fatal_perror("initgroups");
if (setuid(uid)!=0) {
fatal_perror("can't set uid to \"%s\"",userid);
}
if (setuid(uid)!=0) {
fatal_perror("can't set uid to \"%s\"",userid);
}
+ assert(getuid() == uid);
+ assert(geteuid() == uid);
+ assert(getgid() == gid);
+ assert(getegid() == gid);
}
if (background) {
p=fork();
}
if (background) {
p=fork();
~mdw / secnet / blobdiff