Commit e1d7ee56 authored by Daniel Salzman's avatar Daniel Salzman

knotd: improve privileges dropping return check

parent cefee540
......@@ -1370,16 +1370,14 @@ size_t conf_bg_threads(
return workers;
}
void conf_user(
int conf_user(
conf_t *conf,
int *uid,
int *gid)
{
assert(uid != NULL);
assert(gid != NULL);
int new_uid = getuid();
int new_gid = getgid();
if (conf == NULL || uid == NULL || gid == NULL) {
return KNOT_EINVAL;
}
conf_val_t val = conf_get(conf, C_SRV, C_USER);
if (val.code == KNOT_EOK) {
......@@ -1391,28 +1389,38 @@ void conf_user(
// Process group name.
struct group *grp = getgrnam(sep_pos + 1);
if (grp != NULL) {
new_gid = grp->gr_gid;
*gid = grp->gr_gid;
} else {
log_error("invalid group name '%s'", sep_pos + 1);
free(user);
return KNOT_EINVAL;
}
// Cut off group part.
*sep_pos = '\0';
} else {
*gid = getgid();
}
// Process user name.
struct passwd *pwd = getpwnam(user);
if (pwd != NULL) {
new_uid = pwd->pw_uid;
*uid = pwd->pw_uid;
} else {
log_error("invalid user name '%s'", user);
free(user);
return KNOT_EINVAL;
}
free(user);
return KNOT_EOK;
} else if (val.code == KNOT_ENOENT) {
*uid = getuid();
*gid = getgid();
return KNOT_EOK;
} else {
return val.code;
}
*uid = new_uid;
*gid = new_gid;
}
conf_remote_t conf_remote(
......
......@@ -282,7 +282,7 @@ size_t conf_bg_threads(
conf_t *conf
);
void conf_user(
int conf_user(
conf_t *conf,
int *uid,
int *gid
......
......@@ -398,9 +398,10 @@ int main(int argc, char **argv)
/* Alter privileges. */
int uid, gid;
conf_user(conf(), &uid, &gid);
log_update_privileges(uid, gid);
if (proc_update_privileges(uid, gid) != KNOT_EOK) {
if (conf_user(conf(), &uid, &gid) != KNOT_EOK ||
log_update_privileges(uid, gid) != KNOT_EOK ||
proc_update_privileges(uid, gid) != KNOT_EOK) {
log_fatal("failed to drop privileges");
server_deinit(&server);
conf_free(conf(), false);
log_close();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment