diff options
Diffstat (limited to 'src/wydawca.c')
-rw-r--r-- | src/wydawca.c | 90 |
1 files changed, 22 insertions, 68 deletions
diff --git a/src/wydawca.c b/src/wydawca.c index 48c27e9..f02ac99 100644 --- a/src/wydawca.c +++ b/src/wydawca.c | |||
@@ -19,6 +19,10 @@ | |||
19 | #include "argmatch.h" | 19 | #include "argmatch.h" |
20 | #include "version-etc.h" | 20 | #include "version-etc.h" |
21 | 21 | ||
22 | uid_t wydawca_uid; | ||
23 | gid_t wydawca_gid; | ||
24 | size_t wydawca_supp_groupc; | ||
25 | gid_t *wydawca_supp_groups; | ||
22 | char *conffile = SYSCONFDIR "/wydawca.rc" ; | 26 | char *conffile = SYSCONFDIR "/wydawca.rc" ; |
23 | int debug_level; | 27 | int debug_level; |
24 | int dry_run_mode; | 28 | int dry_run_mode; |
@@ -265,73 +269,6 @@ collect_uids (int argc, char **argv) | |||
265 | } | 269 | } |
266 | 270 | ||
267 | 271 | ||
268 | static int | ||
269 | wydawca_set_uid (uid_t uid) | ||
270 | { | ||
271 | int rc; | ||
272 | |||
273 | if (getuid () != 0) | ||
274 | return 0; | ||
275 | #if defined(HAVE_SETREUID) | ||
276 | rc = setreuid (0, uid); | ||
277 | #elif defined(HAVE_SETRESUID) | ||
278 | rc = setresuid (-1, uid, -1); | ||
279 | #elif defined(HAVE_SETEUID) | ||
280 | rc = seteuid (uid); | ||
281 | #else | ||
282 | # error "No way to reset user privileges?" | ||
283 | #endif | ||
284 | if (rc < 0) | ||
285 | logmsg (LOG_ERR, _("cannot switch to UID %d: %s (r=%d, e=%d)"), | ||
286 | uid, strerror (errno), getuid (), geteuid ()); | ||
287 | return rc; | ||
288 | } | ||
289 | |||
290 | static int | ||
291 | wydawca_set_gid (gid_t gid) | ||
292 | { | ||
293 | int rc; | ||
294 | |||
295 | if (getuid () != 0) | ||
296 | return 0; | ||
297 | #if defined(HAVE_SETREGID) | ||
298 | rc = setregid (0, gid); | ||
299 | #elif defined(HAVE_SETRESGID) | ||
300 | rc = setresgid (-1, gid, -1); | ||
301 | #elif defined(HAVE_SETEGID) | ||
302 | rc = setegid (gid); | ||
303 | #else | ||
304 | # error "No way to reset user privileges?" | ||
305 | #endif | ||
306 | if (rc < 0) | ||
307 | logmsg (LOG_ERR, _("cannot switch to GID %d: %s (r=%d, e=%d)"), | ||
308 | gid, strerror (errno), getgid (), getegid ()); | ||
309 | return rc; | ||
310 | } | ||
311 | |||
312 | int | ||
313 | wydawca_set_privs (uid_t uid, gid_t gid) | ||
314 | { | ||
315 | if (wydawca_set_gid (gid)) | ||
316 | return -1; | ||
317 | if (wydawca_set_uid (uid)) | ||
318 | return -1; | ||
319 | return 0; | ||
320 | } | ||
321 | |||
322 | int | ||
323 | wydawca_set_triplet_privs (struct file_triplet *trp) | ||
324 | { | ||
325 | return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp)); | ||
326 | } | ||
327 | |||
328 | int | ||
329 | wydawca_set_root_privs () | ||
330 | { | ||
331 | return wydawca_set_privs (0, 0); | ||
332 | } | ||
333 | |||
334 | |||
335 | char **x_argv; | 272 | char **x_argv; |
336 | extern int reconfigure; | 273 | extern int reconfigure; |
337 | 274 | ||
@@ -377,6 +314,8 @@ main (int argc, char **argv) | |||
377 | if (lint_mode) | 314 | if (lint_mode) |
378 | exit (0); | 315 | exit (0); |
379 | 316 | ||
317 | if (dry_run_mode) | ||
318 | cron_option = 1; | ||
380 | if (cron_option) | 319 | if (cron_option) |
381 | daemon_mode = 0; | 320 | daemon_mode = 0; |
382 | if (foreground_option >= 0) | 321 | if (foreground_option >= 0) |
@@ -394,6 +333,22 @@ main (int argc, char **argv) | |||
394 | log_printer = syslog_printer; | 333 | log_printer = syslog_printer; |
395 | } | 334 | } |
396 | 335 | ||
336 | if (getgid () == 0) | ||
337 | { | ||
338 | if (wydawca_uid == 0) | ||
339 | { | ||
340 | if (!force_startup) | ||
341 | { | ||
342 | logmsg (LOG_CRIT, _("won't run with root privileges")); | ||
343 | exit (EX_UNAVAILABLE); | ||
344 | } | ||
345 | } | ||
346 | else if (wydawca_userprivs (wydawca_uid, wydawca_gid, | ||
347 | wydawca_supp_groups, | ||
348 | wydawca_supp_groupc)) | ||
349 | exit (EX_UNAVAILABLE); | ||
350 | } | ||
351 | |||
397 | mail_init (); | 352 | mail_init (); |
398 | wydawca_lock_init (); | 353 | wydawca_lock_init (); |
399 | 354 | ||
@@ -414,7 +369,6 @@ main (int argc, char **argv) | |||
414 | if (reconfigure) | 369 | if (reconfigure) |
415 | { | 370 | { |
416 | int i; | 371 | int i; |
417 | wydawca_set_uid (0); | ||
418 | for (i = getdtablesize (); i > 2; i--) | 372 | for (i = getdtablesize (); i > 2; i--) |
419 | close (i); | 373 | close (i); |
420 | remove_pidfile (); | 374 | remove_pidfile (); |