diff options
Diffstat (limited to 'src/wydawca.c')
-rw-r--r-- | src/wydawca.c | 90 |
1 files changed, 22 insertions, 68 deletions
diff --git a/src/wydawca.c b/src/wydawca.c index 48c27e9..f02ac99 100644 --- a/src/wydawca.c +++ b/src/wydawca.c @@ -16,12 +16,16 @@ #include "wydawca.h" #include "mail.h" #include "argmatch.h" #include "version-etc.h" +uid_t wydawca_uid; +gid_t wydawca_gid; +size_t wydawca_supp_groupc; +gid_t *wydawca_supp_groups; char *conffile = SYSCONFDIR "/wydawca.rc" ; int debug_level; int dry_run_mode; int log_to_stderr = -1; /* -1 means autodetect */ int log_facility = LOG_LOCAL1; char *syslog_tag = "wydawca"; @@ -262,79 +266,12 @@ collect_uids (int argc, char **argv) else uidv[i] = pw->pw_uid; } } -static int -wydawca_set_uid (uid_t uid) -{ - int rc; - - if (getuid () != 0) - return 0; -#if defined(HAVE_SETREUID) - rc = setreuid (0, uid); -#elif defined(HAVE_SETRESUID) - rc = setresuid (-1, uid, -1); -#elif defined(HAVE_SETEUID) - rc = seteuid (uid); -#else -# error "No way to reset user privileges?" -#endif - if (rc < 0) - logmsg (LOG_ERR, _("cannot switch to UID %d: %s (r=%d, e=%d)"), - uid, strerror (errno), getuid (), geteuid ()); - return rc; -} - -static int -wydawca_set_gid (gid_t gid) -{ - int rc; - - if (getuid () != 0) - return 0; -#if defined(HAVE_SETREGID) - rc = setregid (0, gid); -#elif defined(HAVE_SETRESGID) - rc = setresgid (-1, gid, -1); -#elif defined(HAVE_SETEGID) - rc = setegid (gid); -#else -# error "No way to reset user privileges?" -#endif - if (rc < 0) - logmsg (LOG_ERR, _("cannot switch to GID %d: %s (r=%d, e=%d)"), - gid, strerror (errno), getgid (), getegid ()); - return rc; -} - -int -wydawca_set_privs (uid_t uid, gid_t gid) -{ - if (wydawca_set_gid (gid)) - return -1; - if (wydawca_set_uid (uid)) - return -1; - return 0; -} - -int -wydawca_set_triplet_privs (struct file_triplet *trp) -{ - return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp)); -} - -int -wydawca_set_root_privs () -{ - return wydawca_set_privs (0, 0); -} - - char **x_argv; extern int reconfigure; void wydawca_daemon () { @@ -374,12 +311,14 @@ main (int argc, char **argv) if (gconf_parse (conffile)) exit (EX_CONFIG); if (lint_mode) exit (0); + if (dry_run_mode) + cron_option = 1; if (cron_option) daemon_mode = 0; if (foreground_option >= 0) foreground = foreground_option; if (single_process_option >= 0) single_process = single_process_option; @@ -391,12 +330,28 @@ main (int argc, char **argv) if (!log_to_stderr) { openlog (syslog_tag, LOG_PID, log_facility); log_printer = syslog_printer; } + if (getgid () == 0) + { + if (wydawca_uid == 0) + { + if (!force_startup) + { + logmsg (LOG_CRIT, _("won't run with root privileges")); + exit (EX_UNAVAILABLE); + } + } + else if (wydawca_userprivs (wydawca_uid, wydawca_gid, + wydawca_supp_groups, + wydawca_supp_groupc)) + exit (EX_UNAVAILABLE); + } + mail_init (); wydawca_lock_init (); logmsg (LOG_NOTICE, _("wydawca (%s) started"), PACKAGE_STRING); if (!daemon_mode) @@ -411,13 +366,12 @@ main (int argc, char **argv) mail_finish (); if (reconfigure) { int i; - wydawca_set_uid (0); for (i = getdtablesize (); i > 2; i--) close (i); remove_pidfile (); execv (x_argv[0], x_argv); } |