Set group ID and group list.

author Richard Kettlewell <rjk@terraraq.org.uk>

Sat, 10 Dec 2011 17:17:14 +0000 (17:17 +0000)

committer Richard Kettlewell <rjk@terraraq.org.uk>

Sat, 10 Dec 2011 21:59:32 +0000 (21:59 +0000)
author Richard Kettlewell <rjk@terraraq.org.uk>
Sat, 10 Dec 2011 17:17:14 +0000 (17:17 +0000)
committer Richard Kettlewell <rjk@terraraq.org.uk>
Sat, 10 Dec 2011 21:59:32 +0000 (21:59 +0000)
diff --git a/secnet.c b/secnet.c

index efe52b356048bc2e44ca0ac93939bd6edae90bf0..e09c296bfef14bcb6a8e04cfeee58fe7bd964a73 100644 (file)
--- a/secnet.c
+++ b/secnet.c
@@ -2,6 +2,7 @@ extern char version[];
  
  #include "secnet.h"
  #include <stdio.h>
  
  #include "secnet.h"
  #include <stdio.h>
+#include <assert.h>
  #include <string.h>
  #include <getopt.h>
  #include <errno.h>
  #include <string.h>
  #include <getopt.h>
  #include <errno.h>
@@ -9,6 +10,7 @@ extern char version[];
  #include <sys/socket.h>
  #include <arpa/inet.h>
  #include <pwd.h>
  #include <sys/socket.h>
  #include <arpa/inet.h>
  #include <pwd.h>
+#include <grp.h>
  
  #include "util.h"
  #include "conffile.h"
  
  #include "util.h"
  #include "conffile.h"
@@ -20,6 +22,7 @@ static const char *sites_key="sites";
  bool_t just_check_config=False;
  static char *userid=NULL;
  static uid_t uid=0;
  bool_t just_check_config=False;
  static char *userid=NULL;
  static uid_t uid=0;
+static gid_t gid;
  bool_t background=True;
  static char *pidfile=NULL;
  bool_t require_root_privileges=False;
  bool_t background=True;
  static char *pidfile=NULL;
  bool_t require_root_privileges=False;
@@ -184,17 +187,10 @@ static void setup(dict_t *config)
      /* Who are we supposed to run as? */
      userid=dict_read_string(system,"userid",False,"system",loc);
      if (userid) {
      /* Who are we supposed to run as? */
      userid=dict_read_string(system,"userid",False,"system",loc);
      if (userid) {
-       do {
-           pw=getpwent();
-           if (pw && strcmp(pw->pw_name,userid)==0) {
-               uid=pw->pw_uid;
-               break;
-           }
-       } while(pw);
-       endpwent();
-       if (uid==0) {
+       if(!(pw=getpwnam(userid)))
             fatal("userid \"%s\" not found",userid);
             fatal("userid \"%s\" not found",userid);
-       }
+       uid=pw->pw_uid;
+       gid=pw->pw_gid;
      }
  
      /* Pidfile name */
      }
  
      /* Pidfile name */
@@ -331,10 +327,18 @@ static void droppriv(void)
      }
  
      /* Now drop privileges */
      }
  
      /* Now drop privileges */
-    if (uid!=0) {
+    if (userid) {
+       if (setgid(gid)!=0)
+           fatal_perror("can't set gid to %ld",(long)gid);
+       if(initgroups(userid, gid) < 0)
+           fatal_perror("initgroups"); 
         if (setuid(uid)!=0) {
             fatal_perror("can't set uid to \"%s\"",userid);
         }
         if (setuid(uid)!=0) {
             fatal_perror("can't set uid to \"%s\"",userid);
         }
+       assert(getuid() == uid);
+       assert(geteuid() == uid);
+       assert(getgid() == gid);
+       assert(getegid() == gid);
      }
      if (background) {
         p=fork();
      }
      if (background) {
         p=fork();
author	Richard Kettlewell <rjk@terraraq.org.uk>
	Sat, 10 Dec 2011 17:17:14 +0000 (17:17 +0000)
committer	Richard Kettlewell <rjk@terraraq.org.uk>
	Sat, 10 Dec 2011 21:59:32 +0000 (21:59 +0000)