Mirror/frr
0
0
Fork 1
mirror of https://github.com/FRRouting/frr.git synced 2025-04-30 13:37:17 +02:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

lib: privs: make uid/gid accessible before setuid

Browse source 
This splits off privs_preinit(), which does the lookups for user and
group IDs.  This is so the init code can create state directories while
still running as root.

Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
This commit is contained in:
David Lamparter 2017-06-01 18:33:08 +02:00
parent 154b9e8f9f
commit 37a1f2fbb6
7 changed files with 20 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
ldpd/lde.c
View file

@ -164,6 +164,7 @@ lde_init(struct ldpd_init *init)
/* drop privileges */
lde_privs.user = init->user;
lde_privs.group = init->group;
zprivs_preinit(&lde_privs);
zprivs_init(&lde_privs);
/* start the LIB garbage collector */

1
ldpd/ldpe.c
View file

@ -142,6 +142,7 @@ ldpe_init(struct ldpd_init *init)
/* drop privileges */
ldpe_privs.user = init->user;
ldpe_privs.group = init->group;
zprivs_preinit(&ldpe_privs);
zprivs_init(&ldpe_privs);
/* listen on ldpd control socket */

2
lib/libfrr.c
View file

@ -347,6 +347,8 @@ struct thread_master *frr_init(void)
snprintf(frr_protonameinst, sizeof(frr_protonameinst), "%s[%u]",
di->logname, di->instance);
zprivs_preinit(di->privs);
openzlog(di->progname, di->logname, di->instance,
LOG_CONS | LOG_NDELAY | LOG_PID, LOG_DAEMON);
#if defined(HAVE_CUMULUS)

17
lib/privs.c
View file

@ -696,13 +696,10 @@ static int getgrouplist(const char *user, gid_t group, gid_t *groups,
}
#endif /* HAVE_GETGROUPLIST */
void zprivs_init(struct zebra_privs_t *zprivs)
void zprivs_preinit(struct zebra_privs_t *zprivs)
{
struct passwd *pwentry = NULL;
struct group *grentry = NULL;
gid_t groups[NGROUPS_MAX];
int i, ngroups = 0;
int found = 0;
if (!zprivs) {
fprintf(stderr, "zprivs_init: called with NULL arg!\n");
@ -751,6 +748,18 @@ void zprivs_init(struct zebra_privs_t *zprivs)
zprivs_state.zgid = grentry->gr_gid;
}
}
void zprivs_init(struct zebra_privs_t *zprivs)
{
gid_t groups[NGROUPS_MAX];
int i, ngroups = 0;
int found = 0;
/* NULL privs */
if (!(zprivs->user || zprivs->group || zprivs->cap_num_p
|| zprivs->cap_num_i))
return;
if (zprivs->user) {
ngroups = sizeof(groups);

1
lib/privs.h
View file

@ -74,6 +74,7 @@ struct zprivs_ids_t {
};
/* initialise zebra privileges */
extern void zprivs_preinit(struct zebra_privs_t *zprivs);
extern void zprivs_init(struct zebra_privs_t *zprivs);
/* drop all and terminate privileges */
extern void zprivs_terminate(struct zebra_privs_t *);

1
ospfclient/ospfclient.c
View file

@ -307,6 +307,7 @@ int main(int argc, char *argv[])
}
/* Initialization */
zprivs_preinit(&ospfd_privs);
zprivs_init(&ospfd_privs);
master = thread_master_create(NULL);

1
tests/lib/test_privs.c
View file

@ -108,6 +108,7 @@ int main(int argc, char **argv)
/* Library inits. */
memory_init();
zprivs_preinit(&test_privs);
zprivs_init(&test_privs);
#define PRIV_STATE() \