aboutsummaryrefslogtreecommitdiff
path: root/pies/pies.c
diff options
context:
space:
mode:
Diffstat (limited to 'pies/pies.c')
-rw-r--r--pies/pies.c30
1 files changed, 30 insertions, 0 deletions
diff --git a/pies/pies.c b/pies/pies.c
index b1d4940..9fc7a81 100644
--- a/pies/pies.c
+++ b/pies/pies.c
@@ -629,6 +629,9 @@ struct mu_cfg_param component_cfg_param[] = {
{ "group", mu_cfg_callback, NULL,
mu_offsetof (struct component, privs.groups), _cb_group,
N_("Retain supplementary group.") },
+ { "allgroups", mu_cfg_bool, NULL,
+ mu_offsetof (struct component, privs.allgroups), NULL,
+ N_("Retain all supplementary groups of which user is a member.") },
{ "umask", mu_cfg_callback, NULL,
mu_offsetof (struct component, umask), _cb_umask,
N_("Force this umask."),
@@ -780,6 +783,8 @@ struct mu_cfg_param pies_cfg_param[] = {
N_("Run with this user privileges.") },
{ "group", mu_cfg_callback, &pies_user.groups, 0, _cb_group,
N_("Retain supplementary group.") },
+ { "allgroups", mu_cfg_bool, &pies_user.allgroups, 0, NULL,
+ N_("Retain all supplementary groups of which user is a member.") },
{ "umask", mu_cfg_callback, &pies_umask, 0, _cb_umask,
N_("Force this umask."),
N_("arg: number") },
@@ -910,6 +915,29 @@ version (FILE *stream, struct argp_state *state)
}
+static void
+pies_add_allgroups (mu_list_t *pgrouplist, const char *user)
+{
+ struct group *gr;
+ mu_list_t list;
+ if (!*pgrouplist)
+ mu_list_create (pgrouplist);
+ list = *pgrouplist;
+ setgrent ();
+ while (gr = getgrent ())
+ {
+ char **p;
+ for (p = gr->gr_mem; *p; p++)
+ if (strcmp (*p, user) == 0)
+ {
+ /* FIXME: Avoid duplicating gids */
+ mu_list_append (list, (void*)gr->gr_gid);
+ break;
+ }
+ }
+ endgrent ();
+}
+
void
priv_setup (struct pies_privs_data *pr)
{
@@ -921,6 +949,8 @@ priv_setup (struct pies_privs_data *pr)
mu_error (_("No such user: %s"), pr->user);
exit (EX_CONFIG);
}
+ if (pr->allgroups)
+ pies_add_allgroups (&pr->groups, pr->user);
if (pw && switch_to_privs (pw->pw_uid, pw->pw_gid, pr->groups))
exit (EX_SOFTWARE);
}

Return to:

Send suggestions and report system problems to the System administrator.