aboutsummaryrefslogtreecommitdiff
path: root/src/wydawca.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/wydawca.c')
-rw-r--r--src/wydawca.c90
1 files changed, 22 insertions, 68 deletions
diff --git a/src/wydawca.c b/src/wydawca.c
index 48c27e9..f02ac99 100644
--- a/src/wydawca.c
+++ b/src/wydawca.c
@@ -16,12 +16,16 @@
#include "wydawca.h"
#include "mail.h"
#include "argmatch.h"
#include "version-etc.h"
+uid_t wydawca_uid;
+gid_t wydawca_gid;
+size_t wydawca_supp_groupc;
+gid_t *wydawca_supp_groups;
char *conffile = SYSCONFDIR "/wydawca.rc" ;
int debug_level;
int dry_run_mode;
int log_to_stderr = -1; /* -1 means autodetect */
int log_facility = LOG_LOCAL1;
char *syslog_tag = "wydawca";
@@ -262,79 +266,12 @@ collect_uids (int argc, char **argv)
else
uidv[i] = pw->pw_uid;
}
}
-static int
-wydawca_set_uid (uid_t uid)
-{
- int rc;
-
- if (getuid () != 0)
- return 0;
-#if defined(HAVE_SETREUID)
- rc = setreuid (0, uid);
-#elif defined(HAVE_SETRESUID)
- rc = setresuid (-1, uid, -1);
-#elif defined(HAVE_SETEUID)
- rc = seteuid (uid);
-#else
-# error "No way to reset user privileges?"
-#endif
- if (rc < 0)
- logmsg (LOG_ERR, _("cannot switch to UID %d: %s (r=%d, e=%d)"),
- uid, strerror (errno), getuid (), geteuid ());
- return rc;
-}
-
-static int
-wydawca_set_gid (gid_t gid)
-{
- int rc;
-
- if (getuid () != 0)
- return 0;
-#if defined(HAVE_SETREGID)
- rc = setregid (0, gid);
-#elif defined(HAVE_SETRESGID)
- rc = setresgid (-1, gid, -1);
-#elif defined(HAVE_SETEGID)
- rc = setegid (gid);
-#else
-# error "No way to reset user privileges?"
-#endif
- if (rc < 0)
- logmsg (LOG_ERR, _("cannot switch to GID %d: %s (r=%d, e=%d)"),
- gid, strerror (errno), getgid (), getegid ());
- return rc;
-}
-
-int
-wydawca_set_privs (uid_t uid, gid_t gid)
-{
- if (wydawca_set_gid (gid))
- return -1;
- if (wydawca_set_uid (uid))
- return -1;
- return 0;
-}
-
-int
-wydawca_set_triplet_privs (struct file_triplet *trp)
-{
- return wydawca_set_privs (TRIPLET_UID (trp), TRIPLET_GID (trp));
-}
-
-int
-wydawca_set_root_privs ()
-{
- return wydawca_set_privs (0, 0);
-}
-
-
char **x_argv;
extern int reconfigure;
void
wydawca_daemon ()
{
@@ -374,12 +311,14 @@ main (int argc, char **argv)
if (gconf_parse (conffile))
exit (EX_CONFIG);
if (lint_mode)
exit (0);
+ if (dry_run_mode)
+ cron_option = 1;
if (cron_option)
daemon_mode = 0;
if (foreground_option >= 0)
foreground = foreground_option;
if (single_process_option >= 0)
single_process = single_process_option;
@@ -391,12 +330,28 @@ main (int argc, char **argv)
if (!log_to_stderr)
{
openlog (syslog_tag, LOG_PID, log_facility);
log_printer = syslog_printer;
}
+ if (getgid () == 0)
+ {
+ if (wydawca_uid == 0)
+ {
+ if (!force_startup)
+ {
+ logmsg (LOG_CRIT, _("won't run with root privileges"));
+ exit (EX_UNAVAILABLE);
+ }
+ }
+ else if (wydawca_userprivs (wydawca_uid, wydawca_gid,
+ wydawca_supp_groups,
+ wydawca_supp_groupc))
+ exit (EX_UNAVAILABLE);
+ }
+
mail_init ();
wydawca_lock_init ();
logmsg (LOG_NOTICE, _("wydawca (%s) started"), PACKAGE_STRING);
if (!daemon_mode)
@@ -411,13 +366,12 @@ main (int argc, char **argv)
mail_finish ();
if (reconfigure)
{
int i;
- wydawca_set_uid (0);
for (i = getdtablesize (); i > 2; i--)
close (i);
remove_pidfile ();
execv (x_argv[0], x_argv);
}

Return to:

Send suggestions and report system problems to the System administrator.