1 files changed, 22 insertions, 68 deletions
diff --git a/src/wydawca.c b/src/wydawca.c
index 48c27e9..f02ac99 100644
--- a/src/wydawca.c
+++ b/src/wydawca.c
@@ -19,6 +19,10 @@
 #include "argmatch.h"
 #include "version-etc.h"
+uid_t wydawca_uid;
+gid_t wydawca_gid;
+size_t wydawca_supp_groupc;
+gid_t *wydawca_supp_groups;
 char *conffile = SYSCONFDIR "/wydawca.rc" ;
 int debug_level;
 int dry_run_mode;
@@ -265,73 +269,6 @@ collect_uids (int argc, char **argv)
 }
-static int
-wydawca_set_uid (uid_t uid)
-{
-  int rc;
-  if (getuid () != 0)
-    return 0;
-#if defined(HAVE_SETREUID)
-  rc = setreuid (0, uid);
-#elif defined(HAVE_SETRESUID)
-  rc = setresuid (-1, uid, -1);
-#elif defined(HAVE_SETEUID)
-  rc = seteuid (uid);
-#else
-# error "No way to reset user privileges?"
-#endif
-  if (rc < 0)
-    logmsg (LOG_ERR, _("cannot switch to UID %d: %s (r=%d, e=%d)"),
-            uid, strerror (errno), getuid (), geteuid ());
-  return rc;
-}
-static int
-wydawca_set_gid (gid_t gid)
-{
-  int rc;
-  if (getuid () != 0)
-    return 0;
-#if defined(HAVE_SETREGID)
-  rc = setregid (0, gid);
-#elif defined(HAVE_SETRESGID)
-  rc = setresgid (-1, gid, -1);
-#elif defined(HAVE_SETEGID)
-  rc = setegid (gid);
-#else
-# error "No way to reset user privileges?"
-#endif
-  if (rc < 0)
-    logmsg (LOG_ERR, _("cannot switch to GID %d: %s (r=%d, e=%d)"),
-            gid, strerror (errno), getgid (), getegid ());
-  return rc;
-}
-int
-wydawca_set_privs (uid_t uid, gid_t gid)
-{
-        if (wydawca_set_gid (gid))
-                return -1;
-        if (wydawca_set_uid (uid))
-                return -1;
-        return 0;
-}
-int
-wydawca_set_triplet_privs (struct file_triplet *trp)
-{
-        return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp));
-}
-int
-wydawca_set_root_privs ()
-{
-        return wydawca_set_privs (0, 0);
-}
 char **x_argv;
 extern int reconfigure;
@@ -377,6 +314,8 @@ main (int argc, char **argv)
  if (lint_mode)
    exit (0);
+  if (dry_run_mode)
+    cron_option = 1;
  if (cron_option)
    daemon_mode = 0;
  if (foreground_option >= 0)
@@ -394,6 +333,22 @@ main (int argc, char **argv)
      log_printer = syslog_printer;
    }
+  if (getgid () == 0)
+    {
+      if (wydawca_uid == 0)
+        {
+          if (!force_startup)
+            {
+              logmsg (LOG_CRIT, _("won't run with root privileges"));
+              exit (EX_UNAVAILABLE);
+            }
+        }
+      else if (wydawca_userprivs (wydawca_uid, wydawca_gid,
+                                  wydawca_supp_groups,
+                                  wydawca_supp_groupc))
+        exit (EX_UNAVAILABLE);
+    }
+        
  mail_init ();
  wydawca_lock_init ();
   
@@ -414,7 +369,6 @@ main (int argc, char **argv)
  if (reconfigure)
    {
      int i;
-      wydawca_set_uid (0);
      for (i = getdtablesize (); i > 2; i--)
        close (i);
      remove_pidfile ();

diff --git a/src/wydawca.c b/src/wydawca.c index 48c27e9..f02ac99 100644 --- a/src/wydawca.c +++ b/src/wydawca.c
@@ -19,6 +19,10 @@
19	#include "argmatch.h"	19	#include "argmatch.h"
20	#include "version-etc.h"	20	#include "version-etc.h"
21		21
		22	uid_t wydawca_uid;
		23	gid_t wydawca_gid;
		24	size_t wydawca_supp_groupc;
		25	gid_t *wydawca_supp_groups;
22	char *conffile = SYSCONFDIR "/wydawca.rc" ;	26	char *conffile = SYSCONFDIR "/wydawca.rc" ;
23	int debug_level;	27	int debug_level;
24	int dry_run_mode;	28	int dry_run_mode;
@@ -265,73 +269,6 @@ collect_uids (int argc, char **argv)
265	}	269	}
266		270
267		271
268	static int
269	wydawca_set_uid (uid_t uid)
270	{
271	int rc;
272
273	if (getuid () != 0)
274	return 0;
275	#if defined(HAVE_SETREUID)
276	rc = setreuid (0, uid);
277	#elif defined(HAVE_SETRESUID)
278	rc = setresuid (-1, uid, -1);
279	#elif defined(HAVE_SETEUID)
280	rc = seteuid (uid);
281	#else
282	# error "No way to reset user privileges?"
283	#endif
284	if (rc < 0)
285	logmsg (LOG_ERR, _("cannot switch to UID %d: %s (r=%d, e=%d)"),
286	uid, strerror (errno), getuid (), geteuid ());
287	return rc;
288	}
289
290	static int
291	wydawca_set_gid (gid_t gid)
292	{
293	int rc;
294
295	if (getuid () != 0)
296	return 0;
297	#if defined(HAVE_SETREGID)
298	rc = setregid (0, gid);
299	#elif defined(HAVE_SETRESGID)
300	rc = setresgid (-1, gid, -1);
301	#elif defined(HAVE_SETEGID)
302	rc = setegid (gid);
303	#else
304	# error "No way to reset user privileges?"
305	#endif
306	if (rc < 0)
307	logmsg (LOG_ERR, _("cannot switch to GID %d: %s (r=%d, e=%d)"),
308	gid, strerror (errno), getgid (), getegid ());
309	return rc;
310	}
311
312	int
313	wydawca_set_privs (uid_t uid, gid_t gid)
314	{
315	if (wydawca_set_gid (gid))
316	return -1;
317	if (wydawca_set_uid (uid))
318	return -1;
319	return 0;
320	}
321
322	int
323	wydawca_set_triplet_privs (struct file_triplet *trp)
324	{
325	return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp));
326	}
327
328	int
329	wydawca_set_root_privs ()
330	{
331	return wydawca_set_privs (0, 0);
332	}
333
334
335	char **x_argv;	272	char **x_argv;
336	extern int reconfigure;	273	extern int reconfigure;
337		274
@@ -377,6 +314,8 @@ main (int argc, char **argv)
377	if (lint_mode)	314	if (lint_mode)
378	exit (0);	315	exit (0);
379		316
		317	if (dry_run_mode)
		318	cron_option = 1;
380	if (cron_option)	319	if (cron_option)
381	daemon_mode = 0;	320	daemon_mode = 0;
382	if (foreground_option >= 0)	321	if (foreground_option >= 0)
@@ -394,6 +333,22 @@ main (int argc, char **argv)
394	log_printer = syslog_printer;	333	log_printer = syslog_printer;
395	}	334	}
396		335
		336	if (getgid () == 0)
		337	{
		338	if (wydawca_uid == 0)
		339	{
		340	if (!force_startup)
		341	{
		342	logmsg (LOG_CRIT, _("won't run with root privileges"));
		343	exit (EX_UNAVAILABLE);
		344	}
		345	}
		346	else if (wydawca_userprivs (wydawca_uid, wydawca_gid,
		347	wydawca_supp_groups,
		348	wydawca_supp_groupc))
		349	exit (EX_UNAVAILABLE);
		350	}
		351
397	mail_init ();	352	mail_init ();
398	wydawca_lock_init ();	353	wydawca_lock_init ();
399		354
@@ -414,7 +369,6 @@ main (int argc, char **argv)
414	if (reconfigure)	369	if (reconfigure)
415	{	370	{
416	int i;	371	int i;
417	wydawca_set_uid (0);
418	for (i = getdtablesize (); i > 2; i--)	372	for (i = getdtablesize (); i > 2; i--)
419	close (i);	373	close (i);
420	remove_pidfile ();	374	remove_pidfile ();