diff options
author | Sergey Poznyakoff <gray@gnu.org.ua> | 2007-08-24 17:05:05 +0000 |
---|---|---|
committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2007-08-24 17:05:05 +0000 |
commit | cffdcb50463ecec212945ac0fa6913f62a7b6384 (patch) | |
tree | aed01905679f6a51a8eb85d97f347fad01afcf5f /jabberd/main.c | |
parent | b1f5417ca959a1fbc3c7d3ead3f66d51670d5383 (diff) | |
download | gsc-cffdcb50463ecec212945ac0fa6913f62a7b6384.tar.gz gsc-cffdcb50463ecec212945ac0fa6913f62a7b6384.tar.bz2 |
Update
git-svn-id: file:///svnroot/gsc/trunk@287 d2de0444-eb31-0410-8365-af798a554d48
Diffstat (limited to 'jabberd/main.c')
-rw-r--r-- | jabberd/main.c | 100 |
1 files changed, 4 insertions, 96 deletions
diff --git a/jabberd/main.c b/jabberd/main.c index f8c3833..43f33ee 100644 --- a/jabberd/main.c +++ b/jabberd/main.c @@ -466,7 +466,7 @@ switch_to_privs (uid_t uid, gid_t gid) if (uid == 0) { - logmsg(LOG_EMERG, "refusing to run as root"); + logmsg (LOG_EMERG, "refusing to run as root"); return 1; } @@ -479,103 +479,11 @@ switch_to_privs (uid_t uid, gid_t gid) for (gp = group_list; gp; gp = gp->next) emptygidset[j++] = gp->gid; - /* Reset group permissions */ - if (geteuid () == 0 && setgroups (j, emptygidset)) - { - logmsg (LOG_ERR, "setgroups(1, %lu) failed: %s", - (unsigned long) emptygidset[0], - strerror (errno)); - rc = 1; - } + rc = gsc_userprivs (uid, emptygidset, j); free (emptygidset); - - /* Switch to the user's gid. On some OSes the effective gid must - be reset first */ - -#if defined(HAVE_SETEGID) - if ((rc = setegid (gid)) < 0) - logmsg (LOG_ERR, "setegid(%lu) failed: %s", - (unsigned long) gid, strerror (errno)); -#elif defined(HAVE_SETREGID) - if ((rc = setregid (gid, gid)) < 0) - logmsg (LOG_ERR, "setregid(%lu,%lu) failed: %s", - (unsigned long) gid, (unsigned long) gid, - strerror (errno)); -#elif defined(HAVE_SETRESGID) - if ((rc = setresgid (gid, gid, gid)) < 0) - logmsg (LOG_ERR, "setresgid(%lu,%lu,%lu) failed: %s", - (unsigned long) gid, - (unsigned long) gid, - (unsigned long) gid, - strerror (errno)); -#endif - - if (rc == 0 && gid != 0) - { - if ((rc = setgid (gid)) < 0 && getegid () != gid) - logmsg (LOG_ERR, "setgid(%lu) failed: %s", - (unsigned long) gid, strerror (errno)); - if (rc == 0 && getegid () != gid) - { - logmsg (LOG_ERR, "Cannot set effective gid to %lu", - (unsigned long) gid); - rc = 1; - } - } - - /* Now reset uid */ - if (rc == 0 && uid != 0) - { - uid_t euid; - - if (setuid (uid) - || geteuid () != uid - || (getuid () != uid - && (geteuid () == 0 || getuid () == 0))) - { - -#if defined(HAVE_SETREUID) - if (geteuid () != uid) - { - if (setreuid (uid, -1) < 0) - { - logmsg (LOG_ERR, "setreuid(%lu,-1) failed", - (unsigned long) uid, - strerror (errno)); - rc = 1; - } - if (setuid (uid) < 0) - { - logmsg (LOG_ERR, "second setuid(%lu) failed", - (unsigned long) uid, - strerror (errno)); - rc = 1; - } - } - else -#endif - { - logmsg (LOG_ERR, "setuid(%lu) failed", - (unsigned long) uid, - strerror (errno)); - rc = 1; - } - } - - euid = geteuid (); - if (uid != 0 && setuid (0) == 0) - { - logmsg (LOG_ERR, "seteuid(0) succeeded when it should not"); - rc = 1; - } - else if (uid != euid && setuid (euid) == 0) - { - logmsg (LOG_ERR, "Cannot drop non-root setuid privileges"); - rc = 1; - } + if (rc) + logmsg (LOG_ERR, "%s", gsc_userprivs_errstring ()); - } - return rc; } |