summaryrefslogtreecommitdiffabout
authorMichael Krelin <hacker@klever.net>2004-07-15 04:13:35 (UTC)
committer Michael Krelin <hacker@klever.net>2004-07-15 04:13:35 (UTC)
commit5e437102c59f4544e3803598eabcb643d403272d (patch) (unidiff)
tree7703657f2dac2fd9fb2b2a1f453ca2f30227efa1
parent4f8a6f291a231410a03c438bc9d63a7beb861e7b (diff)
downloaddudki-5e437102c59f4544e3803598eabcb643d403272d.zip
dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.gz
dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.bz2
initgroups() call added when changing uid
Diffstat (more/less context) (show whitespace changes)
-rw-r--r--src/process.cc17
1 files changed, 10 insertions, 7 deletions
diff --git a/src/process.cc b/src/process.cc
index fda35e8..bfab311 100644
--- a/src/process.cc
+++ b/src/process.cc
@@ -58,11 +58,13 @@ void process::check(const string& id,configuration& config) {
58} 58}
59 59
60void process::launch(const string& id,configuration& config) { 60void process::launch(const string& id,configuration& config) {
61 uid_t uid = 0; 61 uid_t uid = (uid_t)-1;
62 gid_t gid = (gid_t)-1;
62 if(!user.empty()) { 63 if(!user.empty()) {
63 struct passwd *ptmp = getpwnam(user.c_str()); 64 struct passwd *ptmp = getpwnam(user.c_str());
64 if(ptmp) { 65 if(ptmp) {
65 uid = ptmp->pw_uid; 66 uid = ptmp->pw_uid;
67 gid = ptmp->pw_gid;
66 }else{ 68 }else{
67 errno=0; 69 errno=0;
68 uid = strtol(user.c_str(),NULL,0); 70 uid = strtol(user.c_str(),NULL,0);
@@ -70,7 +72,6 @@ void process::launch(const string& id,configuration& config) {
70 throw runtime_error("Failed to resolve User value to uid"); 72 throw runtime_error("Failed to resolve User value to uid");
71 } 73 }
72 } 74 }
73 gid_t gid = 0;
74 if(!group.empty()) { 75 if(!group.empty()) {
75 struct group *gtmp = getgrnam(group.c_str()); 76 struct group *gtmp = getgrnam(group.c_str());
76 if(gtmp) { 77 if(gtmp) {
@@ -89,15 +90,17 @@ void process::launch(const string& id,configuration& config) {
89 // child 90 // child
90 try { 91 try {
91 setsid(); 92 setsid();
93 if(user.empty()) {
94 if((getgid()!=gid) && setgid(gid))
95 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
96 }else{
97 if(initgroups(user.c_str(),gid))
98 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to initgroups()");
99 }
92 if(!chroot.empty()) { 100 if(!chroot.empty()) {
93 if(::chroot(chroot.c_str())) 101 if(::chroot(chroot.c_str()))
94 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()"); 102 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()");
95 } 103 }
96 if(!group.empty()) {
97 // TODO: initgroups()?
98 if((getgid()!=gid) && setgid(gid))
99 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()");
100 }
101 if(!user.empty()) { 104 if(!user.empty()) {
102 if((getuid()!=uid) && setuid(uid)) 105 if((getuid()!=uid) && setuid(uid))
103 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setuid()"); 106 throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setuid()");