Merge branch 'B4dM4n-supplementary_group_access'
This commit is contained in:
commit
243a8135a6
|
@ -39,6 +39,7 @@
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
#include <sys/time.h>
|
#include <sys/time.h>
|
||||||
#include <sys/resource.h>
|
#include <sys/resource.h>
|
||||||
|
#include <grp.h>
|
||||||
|
|
||||||
#include <limits>
|
#include <limits>
|
||||||
#include <cstdlib>
|
#include <cstdlib>
|
||||||
|
@ -256,6 +257,12 @@ std::unique_ptr<AcceptHandler> create_acceptor(ConnectionHandler *handler,
|
||||||
namespace {
|
namespace {
|
||||||
void drop_privileges() {
|
void drop_privileges() {
|
||||||
if (getuid() == 0 && get_config()->uid != 0) {
|
if (getuid() == 0 && get_config()->uid != 0) {
|
||||||
|
if (initgroups(get_config()->user.get(), get_config()->gid) != 0) {
|
||||||
|
auto error = errno;
|
||||||
|
LOG(FATAL) << "Could not change supplementary groups: "
|
||||||
|
<< strerror(error);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
if (setgid(get_config()->gid) != 0) {
|
if (setgid(get_config()->gid) != 0) {
|
||||||
auto error = errno;
|
auto error = errno;
|
||||||
LOG(FATAL) << "Could not change gid: " << strerror(error);
|
LOG(FATAL) << "Could not change gid: " << strerror(error);
|
||||||
|
@ -714,6 +721,7 @@ void fill_default_config() {
|
||||||
mod_config()->insecure = false;
|
mod_config()->insecure = false;
|
||||||
mod_config()->cacert = nullptr;
|
mod_config()->cacert = nullptr;
|
||||||
mod_config()->pid_file = nullptr;
|
mod_config()->pid_file = nullptr;
|
||||||
|
mod_config()->user = nullptr;
|
||||||
mod_config()->uid = 0;
|
mod_config()->uid = 0;
|
||||||
mod_config()->gid = 0;
|
mod_config()->gid = 0;
|
||||||
mod_config()->pid = getpid();
|
mod_config()->pid = getpid();
|
||||||
|
|
|
@ -758,6 +758,7 @@ int parse_config(const char *opt, const char *optarg) {
|
||||||
<< strerror(errno);
|
<< strerror(errno);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
mod_config()->user = strcopy(pwd->pw_name);
|
||||||
mod_config()->uid = pwd->pw_uid;
|
mod_config()->uid = pwd->pw_uid;
|
||||||
mod_config()->gid = pwd->pw_gid;
|
mod_config()->gid = pwd->pw_gid;
|
||||||
|
|
||||||
|
|
|
@ -272,6 +272,7 @@ struct Config {
|
||||||
int syslog_facility;
|
int syslog_facility;
|
||||||
int backlog;
|
int backlog;
|
||||||
int argc;
|
int argc;
|
||||||
|
std::unique_ptr<char[]> user;
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
pid_t pid;
|
pid_t pid;
|
||||||
|
|
Loading…
Reference in New Issue